Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Credential

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726003000 - Network

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
726007000 Usage 759
726006000 Management 532
726009000 Tokens (e.g., smartcards or dongles, etc.) 342
726008000 Global (e.g., Single Sign On (SSO), etc.) 145
726010000 Tickets (e.g., Kerberos or certificates, etc.) 94
Entries
DocumentTitleDate
20110179471PAIRING COMPUTATION DEVICE, PAIRING COMPUTATION METHOD, AND PAIRING COMPUTATION PROGRAM - Provided are a pairing computation device, a pairing computation method, and a pairing computation program all of which enable fast pairing computation. The pairing computation device includes, where: 07-21-2011
20090217361POLLING AUTHENTICATION SYSTEM - An exemplary authentication method includes sending a polling inquiry to an authentication module, identifying a passive notification sent from the authentication module in response to the inquiry, accepting authentication credentials in response to the passive notification, and transmitting authentication information based on the authentication credentials to the authentication module. An exemplary authentication system includes a remote server in communication with a client computer and hosting an access control module. An authentication server is in communication with the remote server and hosts an authentication module. A polling module is in communication with the authentication and access control modules, and is configured to send a polling inquiry to the authentication module, identify a passive notification sent from the authentication module in response to the inquiry, accept authentication credentials in response to the passive notification, and transmit authentication information based on the authentication credentials to the authentication module.08-27-2009
20110209205Method and System for automated emergency access to medical records - This invention is a method and a system for accessing medical records of an injured party by an emergency responder through a secure website, utilizing a portable emergency access card provided with at least one item of information of the victim, while offering safeguards for the confidentiality of the victim's information and records.08-25-2011
20090089863Secure tunnel performance using a multi-session secure tunnel - A method of communicating data over a network is provided. A secure tunnel may be implemented through the network between two computers. Performance limitations of the secure tunnel with a single session can be alleviated by establishing multiple sessions for the tunnel.04-02-2009
20130031616Methods and Systems for Enabling Multiple Accounts Support - Embodiments allow communication for a first and second account on one device to be sent and received over a single socket connection. A unique identifier may be associated with each account on the device. Communications sent from each account on the device may be encapsulated with the unique identifier for the account. Similarly, communications received for each account on the device may be encapsulated with the unique identifier for the account by a mobile endpoint.01-31-2013
20110191833MATCHING AUTHENTICATION METHOD, DEVICE AND SYSTEM FOR WIRELESS COMMUNICATION - A matching authentication method for wireless communication equipment comprises that: a device at the transmitting end sends a matching request (S08-04-2011
20080301784Native Use Of Web Service Protocols And Claims In Server Authentication - Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.12-04-2008
20130086651RE-AUTHENTICATION IN SECURE WEB SERVICE CONVERSATIONS - Techniques are disclosed for sharing communication session information, such as encryption keys for data protection, among multiple communication operations and/or multiple users. Multiple users can share the same communication session concurrently, with each message being individually authenticated. The provided techniques include receiving, at a client application, a first request to send a first web service message to a web service application or group of web services, retrieving existing communication session information having the same sharing characteristics as the first request, where the sharing characteristics include web service environment information and/or request information, including the user credentials associated with the user in the message and in each subsequent message communicated using the existing communication session information, and communicating the web service message to the web service application or group of web services using the existing communication session information.04-04-2013
20130086653MOBILE NETWORK OPERATOR AND DATA SERVICE PROVIDER INTEROPERATION - Embodiments of computer-implemented methods, systems, computing devices, and computer-readable media are described herein for allowing a mobile network operator to perform services on behalf of a non-internet protocol multimedia subsystem (non-IMS) data provider. In various embodiments, an application server (“AS”) front end of the data provider is communicatively connected to a user data repository (“UDR”) and a home subscription server (“HSS”). The HSS is also connected to the UDR. Neither the non-IMS AS nor the HSS store user data, but instead communicate with the UDR across various reference points. The communication across the reference points facilitates the HSS performing various user services on behalf of the non-IMS AS. Other embodiments include user access and authentication procedures in such a network architecture, as well as corresponding policy and charging architecture.04-04-2013
20130086652SESSION SHARING IN SECURE WEB SERVICE CONVERSATIONS - Techniques are disclosed for sharing communication session information sharing in web service applications. The techniques include management of concurrent sessions by dynamically determining the session association of web service requests at runtime. These sessions can be shared by a group of web services on the server side, and across multiple web services clients with many users, independently of where these applications reside. Session identifiers are determined for these concurrent web service invocations based on an algorithm that uses information from configuration and runtime data. Different information is used in the session identifier depending on configuration parameters to provide different types of sharing that correspond to different use cases. This mechanism can be used with SOAP-based web services, REST-based web services, and the like.04-04-2013
20130086650Communication system including optical recognition and method of using same - A system and method for communication are disclosed. The system and method can be used for a variety of applications, including administrative provisioning of information to particular users, handing off calls to or from another phone, for other application deployment, for pass of control, and similar applications. The system includes a server, a first device having an image displayed thereon, and a second device having a camera and client application software thereon. The image provides a medium for sending encrypted data between the devices and/or between a device and a server.04-04-2013
20080256614NETWORK TERMINAL MANAGEMENT APPARATUS, METHOD AND PROGRAM - A network terminal management apparatus is able to manage terminals using a simple method, without the user feeling that convenience in terms of operability has been compromised. This network terminal management apparatus generates a list table of target tasks in which user terminal information is included, and sends the information of the list table to the user terminal. This enables the user to select desired target tasks from the displayed list table and enjoy services even with a multi-function processor having low operability.10-16-2008
20080256613Voice print identification portal - Systems and methods providing for secure voice print authentication over a network are disclosed herein. During an enrollment stage, a client's voice is recorded and characteristics of the recording are used to create and store a voice print. When an enrolled client seeks access to secure information over a network, a sample voice recording is created. The sample voice recording is compared to at least one voice print. If a match is found, the client is authenticated and granted access to secure information.10-16-2008
20080256612Method and system for stateless validation - A method of validating parameters of a request from a Web client to a Web application. The validation rules are sent to a Web client, together with a response to a Web client. The parameters in a response are updated by the Web client. The updated parameters are sent in a subsequent request to the Web client, along with the validation rules. The updated parameters are validated using the validation rules in the request, thus achieving stateless validation. The validation rules are preferably digitally signed.10-16-2008
20100115593USER AUTHENTICATION CONTROL DEVICE, USER AUTHENTICATION DEVICE, DATA PROCESSING DEVICE, USER AUTHENTICATION CONTROL METHOD AND THE LIKE - This invention provides a use authentication control device, a user authentication device, a data processing device, and a user authentication control method and the like that control an authentication interval and an authentication effective period in accordance with a communication speed so as to make it possible to keep a balance between user convenience and safety. The user authentication device, which controls an authentication effective period for a user authentication device of a data processing device connected with a server device through a network, is provided with bandwidth acquiring means for acquiring a communication speed of the network and effective period determining means for determining an authentication effective period in accordance with the communication speed.05-06-2010
20130081117PERSONAL CRITERIA VERIFICATION USING FRACTIONAL INFORMATION - A method for verifying the identity of users connected to a computer network comprises providing fractional information queries to users, wherein responses to these individual queries are not sufficient to identify the user. This method further comprises receiving responses to these fractional information queries and comparing these responses to data available from within a computer network. A set of potential matches to the user is generated according to these responses and is used in determining whether the set of potential matches is sufficient to identify the user.03-28-2013
20130081116TRUSTED INTERNET IDENTITY - A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.03-28-2013
20130081115SERVER AND METHOD FOR PROVIDING SURVEY OF BROADCASTING PROGRAM - A survey providing apparatus includes a reception unit configured to receive a survey participation signal, from a user device, related to the broadcasting program that is being reproduced in a broadcasting device, a user authentication unit configured to authenticate a user based on identification information of the user device included in the received survey participation signal and user information that is previously stored in a database, a transmission unit configured to transmit a survey list for the broadcasting program to the user device and a survey result generation unit configured to generate a survey result based on a survey response to the survey list and the user information, wherein the transmission unit is further configured to transmit the generated survey result to the broadcasting device.03-28-2013
20130081114SYSTEM AND METHOD FOR USER AUTHENTICATION - A system and method for providing authentication of a user is disclosed. The use of a non-confidential and unique user identification number and a temporary access code separates authentication of the user from transmission of any user passwords or user-identifiable data, as well as provides a ubiquitous means to authenticate the user with unrelated organizations, without any information passing between those organizations.03-28-2013
20130086654COMPUTER IMPLEMENTED SYSTEM AND METHOD FOR AUTHENTICATING A SENDER OF ELECTRONIC DATA TO A RECIPIENT - A sever receives data from a sender to be dispatched to a recipient. Before dispatching the data to the recipient the server sends a message to the sender's email address requesting a response which will confirm the sender's authorship of the data. Upon receiving the confirmation about sender's authorship of the data, the server transmits the data together with an identification of the sender to the recipient.04-04-2013
20130042309USER AUTHENTICATION MANAGEMENT - End users of a multi-factor authentication service can utilize an account management service, and third-party website can register to utilize the multi-factor authentication service. Registering a third-party website can comprise the multi-factor authentication service receiving a valid digital identity certificate for the third-party website, and receiving an agreement to terms of use of the multi-factor authentication service for the third-party website. Once received, the multi-factor authentication service can enable the third-party website to utilize the service (e.g., switch the service on, or send an authorization key to the third-party website). Further, registering a user to the multi-factor authentication service can comprise determining availability of service, and providing a location-specific access code. Additionally, registering the user can comprise registering the user's mobile device, for example, to provide multi-factor authentication. Also, an Internet-based user account management user interface can be provided that allows a user to view transactions on their account, and an ability to shut off a designated mobile device's ability to authenticate.02-14-2013
20130042308SUBSCRIPTION INTERFACE FOR PROVIDING ACCESS TO DIGITAL PUBLICATIONS - The present application provides a subscription interface positioned between client devices and third-party digital subscription providers. The subscription interface allows multiple different publication-related applications (e.g., Sports Illustrated, Time magazine, etc.) running on different client devices (e.g., tablets, desktop computers, laptop computers, smart phones, etc.) to obtain a list of digital issues available from an associated third-party digital subscription provider based on entitlements of the user of the client device. The subscription interface ensures that the application receives the list and associated metadata in a desired format for that particular application on a particular client device.02-14-2013
20100100946Transparent Client Authentication - A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key. If they correspond, then the client is authenticated.04-22-2010
20090165098 METHOD OF AND SYSTEM FOR CONDUCTING A TRUSTED TRANSACTION AND/OR COMMUNICATION - A method of conducting a communication over a communication network. It comprises registering a user as a member user of a securing entity, the securing entity authenticating personal data of the member user via a trusted third party entity; sorting the personal data of the member user according to categories comprising identifying, non-identifying and semi-identifying data, non-identifying and semi-identifying data being correlated to identifying data by a sworn person, only non-identifying and/or semi-identifying data being requestable by any client entity during a transaction and/or a communication; archiving identifying data in a trusted third party entity; and electronically storing at least a part of semi-identifying data in a trusted third party entity database, and non-identifying data in a securing entity database. A system for conducting a communication over a communication network and a medium for storing processor instructions for controlling a system for communicating over a communication network are also disclosed.06-25-2009
20090158405SYSTEM AND METHODS FOR CREDENTIALING ON-LINE INFORMATION PROVIDERS - A method of credentialing network-based sources of information, commentary, and opinion is provided. The method includes receiving a request for recognition, the request received by a credential clearinghouse (CCH) from at least one credential-granting organization (CGO), and, in response to the request for recognition, granting recognition to the CGO if the CGO is determined by the CCH to satisfy a predetermined standard of credibility. The method further includes, after the CGO is granted recognition, receiving from a user entity a request for a credential granted by the CGO, and granting the credential if the user entity is determined to satisfy a predetermined set of credentialing benchmarks. Additionally, the method includes posting on a publicly-accessible data communications network site an object comprising at least one among information content, commentary, and opinion, the object being associated with the user entity and including an indicator indicating the grant of the credential.06-18-2009
20090158404APPARATUS, SYSTEM, AND METHOD FOR USER AUTHENTICATION BASED ON AUTHENTICATION CREDENTIALS AND LOCATION INFORMATION - A computer program product, apparatus, and system, are disclosed for user authentication based on authentication credentials and location information. A computer program product performs operations for such authentication. These operations of the computer program product include referencing past user location information in response to an authentication validation request and referencing current user location information. These operations also include determining a maximum allowable distance between an authentication attempt location associated with the authentication attempt location identifier and a past location associated with the past user interaction location identifier, and managing the authentication attempt, in response to determining that the physical authentication attempt location is outside the maximum allowable distance. The computer program product, apparatus, and system thereby reduce the possibility of identity theft by adding an element of location awareness to the authentication process.06-18-2009
20100107228IP ADDRESS SECURE MULTI-CHANNEL AUTHENTICATION FOR ONLINE TRANSACTIONS - A method for multi-factor authenticating of a user using an application server and an authentication server is disclosed. The method includes receiving from the application server a first source IP address associated with a request for authenticating from the user browser program to the application server. The method also includes receiving from the user browser program a request to perform additional authentication between the user browser program and the authentication server using a separate communication channel. The method additionally includes comparing the first source IP address with a second source IP address associated with the request to perform the additional authentication and failing, if the first source IP address does not match the second source IP address, authentication of the user.04-29-2010
20100107227SEGREGATING ANONYMOUS ACCESS TO DYNAMIC CONTENT ON A WEB SERVER, WITH CACHED LOGONS - A system and method are provided for segregating access to dynamic content on multiple websites hosted by a web server. When a request is received for dynamic content from a website, a UserRetriever module identifies a path to the content and retrieves a username and password corresponding to the website, from a database that is separate from the web server and used for other purposes (e.g., billing). A UserImpersonator module requests a logon handle for that username from a logon cache manager. The logon handle is used to associate the request with the impersonated user account instead of the default anonymous user account with which the request was initially associated. The dynamic content is retrieved and served under the context of the restricted impersonated user account session, after which the applied logon handle is stripped off and the request is re-associated with the default anonymous user account.04-29-2010
20090119758Transmitting Device, Transmitting and Receiving Device, Mobile Terminal Device, Transmitting Method, Transmission Program, Transmission and Reception Program, and Computer-Readable Recording Medium - The mail transmitting and receiving device (05-07-2009
20100031327SAFETY JUDGMENT METHOD, SAFETY JUDGMENT SYSTEM, SAFETY JUDGMENT APPARATUS, FIRST AUTHENTICATION APPARATUS, AND COMPUTER PROGRAM PRODUCT - Security of an information processing apparatus is ensured by performing biological information authentication and collecting the environment information about the information processing apparatus. The information processing apparatus transmits the collected environment information to a first authentication apparatus. An electronic certificate issued by a second authentication apparatus and information encrypted with a secret key issued by the second authentication apparatus are transmitted to the first authentication apparatus. The first authentication apparatus acquires the public key of the second authentication apparatus and the public key of the information processing apparatus so as to decrypt the encrypted information, and judges whether or not the decrypted information is proper. The first authentication apparatus refers to an environment information database and the transmitted information, and judges whether or not the transmitted environment information is proper. When all the authentications by the biological information authentication, environment information authentication and electronic certificate authentication are successful, the information processing apparatus is judged to be safe.02-04-2010
20120167184ALLOCATION OF APPLICATION IDENTIFIERS - An apparatus, a method, and a computer program product of a wireless device are provided in which a first device identifier of a wireless device is provided. An allocation record is received that includes an expression used for discovery, a second device identifier, and at least one of a digital signature of a first server that delegates the expression or a digital signature of a second server that manages the expression. The allocation record is verified. An apparatus, a method, and a computer program product of a first server are provided in which a device identifier is received from a wireless device. An allocation record is generated that includes an expression used for discovery, the device identifier, and at least one of a digital signature of the first server or a digital signature of a second server that manages the expression. The allocation record is sent.06-28-2012
20130047223Methods for the Secure Use of One-Time Passwords - Methods for authentication over unsecure networks using one-time passwords methods are provided. The methods establish a connection over a first channel between an authentication system and a user's computing system, then the authentication system determines information based on the connection over the first channel, such as the IP address and other information that can be readily found once the IP address is known. The information derived from the connection is then provided to the user over a second channel, and the user is given an opportunity to review the information before deciding whether to continue the login. If the information returned to the user over the second channel is suspicious, this can indicate to the user that the connection over the first channel has been compromised.02-21-2013
20100071039IMAGE SHARING SERVER, SYSTEM, METHOD, AND RECORDING MEDIUM - The present invention provides a mechanism for efficiently using the resources of a server for an image sharing service. According to an aspect, an image information management server includes an image information storage device for storing original image storage information for identifying an original image (original image data) stored in each terminal. The original image itself is accumulated in respective terminals instead of a server and the image is distributed and shared between the terminals via the server.03-18-2010
20130139230Trusted Service Management Process - Techniques for providing trusted management services (TSM) are described. According to one aspect of the techniques, a secure element (SE) is personalized via the TSM. A process is provided to personalize an SE with multiple parties involved and orchestrated by a party or a business running the TSM, hence as a trusted service manager (TSM). The TSM brings the parties together to recognize the SE being personalized so that subsequent transactions can be authorized and carried out with a device embedded with the SE. In operation, each of the parties may load a piece of data into the SE, including registration information, various services or application data, and various keys so that subsequent transactions can be carried out with or via an authorized party and in a secured and acknowledgeable manner.05-30-2013
20090320106SYSTEMS, APPARATUS, AND METHODS FOR CURRENCY PROCESSING CONTROL AND REDEMPTION - A coin processing and redemption system includes a coin processing machine configured to receive a batch of coins in an input region and process the batch of coins to determine a value thereof. A dispensing device is provided and is configured to output a redemption ticket bearing a code. The coin processing machine is configured to associate the redemption ticket code with a coin processing transaction prior to the determination of a value of a batch of coins.12-24-2009
20090307763Automated Test Management System and Method - A test management application on a test management server includes a user interface on a Web-based portal by which a user can define one or more tests, selecting any desired configuration of operating system, connection type, and/or application, which are then saved in a test management database in the central server. Multiple tests involving the same configuration can be defined and saved for later selection, either individually or as a group of tests. A client agent engine on a test device can query the test management server for tests that can be conducted using the device's current configuration. If no such tests are found, the device can then query the test management server for the next available test. Upon allocation of the next available test to the device, the necessary system configuration for that test can be automatically retrieved, installed, and verified by the device. The device under test is automatically rebuilt to have the proper configuration for the test to be run.12-10-2009
20120222097SYSTEM AND METHOD FOR USER CLASSIFICATION AND STATISTICS IN TELECOMMUNICATION NETWORK - The embodiments herein relate to user data management in a telecommunications network and, more particularly, to classifying users in a telecommunications network and subsequently leveraging the classification and augmented statistical information. The system uses intelligent modeling techniques & machine learning algorithms to classify users. It also groups users by statistical analysis of this classification. The system is able to provide secure, authenticated and authorized access to this classification, statistical grouping and other augmented information about users to an external agent in real-time. This enables service personalization and personalized service recommendations. System allows external agents to define certain classification criteria for users in the form of models, which are pluggable in nature, to derive multiple user classification schemes. The system is also able to handle extremely large volumes of user data in the order of terabytes by scaling horizontally on inexpensive commodity hardware.08-30-2012
20090094686METHOD FOR BYPASSING PASSKEY EXCHANGE AND AUTHENTICATION PROCEDURES - A method and system thereof for establishing a wireless connection to a device while bypassing passkey exchange and authentication procedures. Passkeys are authenticated and exchanged with another device. At the user's discretion, the passkey for the other device can be stored in memory. In the case in which the passkey is stored, the other device is considered a “trusted device.” Subsequently, when a trusted device is discovered and selected, and a wireless connection to the trusted device is made, the passkey for the trusted device is automatically retrieved from memory. As such, it is not necessary for the user to manually input a passkey or for the devices to perform a passkey exchange and authentication procedure.04-09-2009
20130074165Trusted Content Distribution System - A trusted content distribution system is described comprising a trustworthy enduser device and a network management infrastructure, the enduser device being adapted for communications between the enduser device and the networked infrastructure via a secure tunnel; the end user device comprising a host processor and memory; secure non-volatile memory for storing an operating system, a trusted boot process executed by the host processor to boot the end user device into a known state, means for communicating with a visualisation device.03-21-2013
20130074164METHOD AND SYSTEM OF SECURING ACCOUNTS - A method and system of securing account is provided. When a client computer requests access to an account accessible via a server, the server determines a MAC address associated with the client computer and compares it to a MAC address associated with the account. If the MAC address of the client computer is not the same as the MAC address associated with the account, the server initially denies access to the client computer, but may allow access after verification of the client computer by the user associated with the account.03-21-2013
20130061297HOME NETWORKING WEB-BASED SERVICE PORTAL - A web-based service portal provides a user interface to configure and/or access device(s) of a home network. The service portal can communicate with device(s) through application program interfaces (APIs). The service portal can provide a standardized user interface for specific feature(s) of a device.03-07-2013
20130061295Providing Status of Site Access Requests - Concepts and technologies are described herein for providing status of site access requests. In accordance with the concepts and technologies disclosed herein, a user attempts to access functionality of a server application that is limited to authorized users. In response to the access attempt, the server application determines if the user is authorized to access the functionality and if the user has previously requested access to the functionality. If the user has not previously requested access to the application, the server application can present a user interface to the user for requesting access to the server application. If the user has previously requested access to the application, the server application can present an indication that an access request already exists, history and status information associated with the access request, and/or an interface for submitting messages to the site owner or other entity.03-07-2013
20130061296SOCIAL DISCOVERY OF USER ACTIVITY FOR MEDIA CONTENT - Aspects of the present disclosure provide techniques that may enable user activity information to be automatically generated and shared with other users of a social network. In one example, a method of automatically publishing, to one or more social network services, information about user activities regarding media content items includes receiving user activity information regarding a media content item, wherein a user is a member of one or more social network services, and the user activity information is generated in response to one or more activities taken by the user with respect to the media content item. The method may also include receiving an indication of one or more users of the one or more social network services to whom the user activity information is to be made accessible, and automatically publishing the user activity information to the one or more social network services.03-07-2013
20080301783Computer system - A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. Telemetry data is communicated between a data producing device and a data receiving device. The telemetry data sent from the data producing device is identified using the identity identifier of the data producing device.12-04-2008
20120227095SYSTEMS AND METHODS FOR GENERATING MODULAR SECURITY DELEGATES FOR APPLICATIONS - Embodiments of the present teachings relate to systems and methods for generating modular security delegates for applications. According to embodiments, in a multiple network environment, multiple machines (or clients) can be configured. Each machine can include a plurality of application instances and an authentication delegate. In addition, each network environment can include a communication interface to security services. The applications can include logic that indicates what security delegate to use for a given set of user authentication credentials. The logic can be configured to determine the appropriate authentication delegate using various methods. The authentication delegates can receive a set of user authentication credentials from application instances and determine whether the set of user authentication credentials are valid. Each authentication delegate corresponds to one and only one type of authentication mechanism.09-06-2012
20130167208Smart Phone Login Using QR Code - Systems and methods are disclosed for a user to use a mobile device such as a smart phone to scan a QR (Quick Response) code displayed on a login webpage of a website. The QR code may encode a server URL of the website. The mobile device decodes the QR code and transmits a device ID and other decoded information to a service provider. The service provider locates login credentials of the user linked to the device ID and communicates the login credentials to a website server for user authentication. Alternatively, the mobile device may transmit its device ID to the website server for the website server to locate a user account linked to the device ID for user login. Alternatively, the mobile device may transmit stored login credentials to the website server. Advantageously, a user may access a website without the need to provide any login credentials.06-27-2013
20130167207Network Acquired Behavioral Fingerprint for Authentication - A computationally-implemented method, for certain example embodiments, may include, but is not limited to: identifying a network connection coupling a computer server to a computing device; and transmitting, via the network connection, a behavioral fingerprint associated with an authorized user of the computing device, the behavioral fingerprint providing at least one status of the authorized user with respect to the computing device. In addition to the foregoing, other example aspects are presented in the claims, drawings, and written description forming a part of the present disclosure.06-27-2013
20110023099USER TERMINAL WITH IDENTITY SELECTOR AND METHOD FOR IDENTITY AUTHENTICATION USING IDENTITY SELECTOR OF THE SAME - The present invention relates to a user terminal (01-27-2011
20110023098METHOD AND SYSTEM FOR MAINTAINING LOGIN PREFERENCE INFORMATION OF USERS IN A NETWORK-BASED TRANSACTION FACILITY - The present invention relates to various aspects for maintaining and utilizing login preference information of users of a network-based transaction facility. In one embodiment, user interface information is communicated to a client via a communications network. The user interface information includes information concerning a plurality of features within the network-based transaction facility. The user interface information also specifies a login interface that facilitates user input of login preference information pertaining to each of the plurality of features. Further, the login preference information is received from the client via the communications network and utilized to control user access to any of the plurality of features within the network-based transaction facility via the communications network.01-27-2011
20110023097AUTHENTICATION METHOD AND FRAMEWORK - Authentication in an ad-hoc network is established between a first device (for example a service-requesting device) and a second device (for example a service-providing device) using a third device (a peer device). An authentication request is transmitted from the first device to the second device. The second device transmits a query message to at least one third device (i.e. peer device). If the peer device has previously been authenticated with the first device, the peer device sends an authentication credential, for example an authentication key, to the first and second devices. Upon receiving the authentication credential, the first device sends the authentication credential to the second device. The second device then compares the authentication credential received from the first device with the authentication credential received from the third device, and authenticates the first device with the second device if the authentication credentials match. Preferably the authentication credential from the third (peer) device to the first device is encrypted.01-27-2011
20110023096TOKEN-BASED CONTROL OF PERMITTED SUB-SESSIONS FOR ONLINE COLLABORATIVE COMPUTING SESSIONS - In one embodiment, a client device may send one or more sub-session requests to one or more corresponding session controllers through a computer network to obtain one or more corresponding sub-session tokens that indicate in which sub-sessions of an online collaborative computing session the client device is permitted to participate. The client device may then receive particular sub-session tokens (e.g., based on certain permissions), which may then be sent to a collaboration server to establish one or more permitted sub-sessions of the online collaborative computing session with the client device as indicated by the received sub-session tokens.01-27-2011
20090235341NETWORK INTERFACE APPARATUS, PRINT CONTROL METHOD, PRINT CONTROL PROGRAM, AND IMAGE FORMING APPARATUS - A network interface apparatus is connected to an image forming apparatus, and communicates with an information processing apparatus for transmitting a print data and an authentication server for performing an authentication of a user. The network interface apparatus receives the print data from the information processing apparatus, stores the print data, transmits an authentication request including user identification information to the authentication server according to a reception of the user identification information for identifying the user, and determines whether a communication with the authentication server is available. In a case where it is determined that the communication with the authentication server is available, the network interface apparatus obtains the print data according to the user identification information from the stored print data. In a case where it is determined that the communication with the authentication server is not available, the network interface apparatus turns off a setting of storing the received print data. The network interface apparatus transmits the print data to the image forming apparatus to print the obtained print data or to print the received print data in a case where the setting is turned off.09-17-2009
20090235340IDENTIFICATION MANAGEMENT SYSTEM FOR ELECTRONIC DEVICE AUTHENTICATION - In the conventional vertical integration system management form, it is impossible or difficult to limit the electronic device function or format when providing a service to an electronic device which is judged by a judgment server of an administrator of the service providing system with whom a service provider has not concluded a contract. To cope with this, a following system is suggested. That is, according to a use request from a first electronic device to a second judgment server, an identification management server which has received a guarantee request outputted from a first judgment server searches an identification management unit for managing information including the electronic device identifiers. According to the search result, a guarantee is outputted. According to the guarantee, the first judgment server outputs a guaranteed service request to the second judgment server. Thus, it is possible to provide a more flexible service provision environment by cooperating the user identification management with other vertical integration type system management form.09-17-2009
20090235339STRONG AUTHENTICATION TOKEN GENERATING ONE-TIME PASSWORDS AND SIGNATURES UPON SERVER CREDENTIAL VERIFICATION - The invention defines a strong authentication token that remedies a vulnerability to a certain type of social engineering attacks, by authenticating the server or messages purporting to come from the server prior to generating a one-time password or transaction signature; and, in the case of the generation of a transaction signature, signing not only transaction values but also transaction context information and, prior to generating said transaction signature, presenting said transaction values and transaction context information to the user for the user to review and approve using trustworthy output and input means. It furthermore offers this authentication and review functionality without sacrificing user convenience or cost efficiency, by judiciously coding the transaction data to be signed, thus reducing the transmission size of information that has to be exchanged over the token's trustworthy interfaces09-17-2009
20090235338RESOURCE BASED NON-INTERACTIVE ENTITY APPLICATION PROXY METHOD AND SYSTEM - A security method and system. The method includes retrieving configuration data associated with a non interactive entity (NIE) software application. The configuration data comprises refresh counts, refresh periods, and session IDs. A master refresh period is calculated from the refresh periods. Credentials data associated with a requestor are retrieved. The credentials data are transmitted to a resource server. A session key generated by the resource server is received by the NIE software application. The NIE software application calculates a stale time associated with the session key. The NIE software application generates a first updated refresh count. The NIE software application stores the session key, the first updated refresh count, the first refresh period, and the first specified stale time.09-17-2009
20090019533METHOD AND SYSTEM FOR ENFORCING PASSWORD POLICY FOR AN EXTERNAL BIND OPERATION IN A DISTRIBUTED DIRECTORY - The invention describes techniques for enforcing password policy within a distributed directory environment that includes one or more distributed directory servers and a proxy server that acts as an intermediate agent between a client and the distributed directory environment. In one aspect, the proxy server is enhanced to support the passing (from the backend server to the client) of password policy controls. In particular, controls returned from a backend server are parsed and cached (for re-use) for the life of a given client connection. According to another aspect, the proxy server ensures that all compare operations for a single user's password are directed to the same backend server in the distributed directory environment. This insures that a user's most current password is used, and that failed operation counts, resets and operational attributes are up-to-date. According to still another aspect, the proxy server enforces password policy on bind plug-ins and, in particular, through a pair of pre-bind and post-bind extended operations. In particular, pre-bind processing includes checking if an account is locked. Post-bind processing includes checking for expired passwords, grace logins and updating failed/successful bind counters.01-15-2009
20090013389SWIFTTRAC JOB TRACKING SERVICE WITH GEOSPATIAL CAPABILITY - Many web sites often serve dynamic web pages based on dynamic data automatically fetched from a database. A service provider can provide authoring tools that enable customers to easily craft pages that include dynamic data. Job tracking and project management are examples of tasks that use dynamic data. A customer using the service provider's tools can easily create web pages for tracking jobs or managing projects. The tools provide for accessing geospatial information systems which are databases that attach data to specific locations. SwiftTrac is an Internet service providing customers with capabilities including job tracking and project management capabilities wherein elements of the project are tied to specific locations. Customers can easily and conveniently create trackers for projects and provide for personnel at remote locations to manipulate tracking data in conformance with each person's permission level.01-08-2009
20090013388Method and system for protecting information on a computer system - A system and method for protecting sensitive information, for example, a user's personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced.01-08-2009
20090013387SYSTEM AND METHOD FOR MANAGING DELIVERY OF INTERNET CONTENT - Disclosed are a system and method for managing delivery of pushed web content to communication devices. In an embodiment, the method comprises: uniquely identifying a communication device to which the pushed web content is to be delivered; establishing a pushed web content service linking the pushed web content to the communication device; receiving a pushed web content service request; and permitting delivery of content to the communication device via the pushed web content service based on verification of the identity of a trusted pushed web content provider. The method may further comprise uniquely identifying the pushed web content provider with an assignable unique pushed web content identification.01-08-2009
20090007245SYSTEM AND METHOD FOR CONTROLLED CONTENT ACCESS ON MOBILE DEVICES - A new approach enables a carrier, a validated user or a parent/guardian of the user to effectively moderate content displayed one a mobile device and navigates the web without the need to input URL addresses through the use of an integrated instant messenger/web browser operating on the mobile device. First, the identity of the user is validated when he/she is initiating access to instant messaging and/or web browsing. In the case where the user is an under-aged child, the identity of the user can be validated by his/her parent or legal guardian or principal of the school the child is attending. Once validated, the user can access and select from a set of websites that have been pre-selected or pre-approved for the user by the carrier, user, and in some cases parent or guardian of the user for easy and secure web browsing by the user on the mobile device.01-01-2009
20080301786Times 2 security system - A security system for determining whether a person is authorized to have access to a person, place or thing. The system has issued devices to authorized users that allow the user to answer multiple questions and that the correct answers may be time sensitive. The questions will ascertain whether the person has possession of an issued identification device. The system has a plurality of identification devices and each issued device has a plurality of addressable positions and each addressable position has an image and the image at one of the addressable positions on one of the assigned devices being different from the images at the same one of the addressable position on another one of the assigned devices.12-04-2008
20080295158SYSTEM AND METHOD TO ACCESS AND USE LAYER 2 AND LAYER 3 INFORMATION USED IN COMMUNICATIONS11-27-2008
20080295157Authentication Server With Link State Monitor and Credential Cache11-27-2008
20100192205PREVENTING INADVERTENT LOCK-OUT DURING PASSWORD ENTRY DIALOG - One embodiment provides a computer-implemented method for providing controlled access to electronic content. A password is associated with electronic content, such as by password-protecting an electronic file that contains the electronic content. At least one password attempt is received in an effort to access the electronic content. Each password attempt is compared to the password at a selected subset of “trap” character positions. Up to a threshold number of password entries is allowed that have incorrect characters at any of the trap character positions. A greater number or even an unlimited number of incorrect password entries are allowed having incorrect characters at non-trap character positions. Access to the electronic content is allowed only if one of the password entries exactly matches the password.07-29-2010
20100205657PROTECTED ACCESS CONTROL METHOD FOR SHARED COMPUTER RESOURCES - In embodiments of the present invention improved capabilities are described for providing protected computer communications. The present invention may provide for computer communications where in response to a receipt of a communication at a first computing facility from a second computing facility, the first computing facility may be caused to send a request to a compliance center for security compliance information relating to the second computing facility. In response to the request for security compliance information, the first computing facility may receive compliance information related to the second computing facility, which may cause the first computing facility to perform an action regulating further communications from the second computing facility if the second computing facility security compliance information indicates that the second client computing facility is not compliant with a current security policy.08-12-2010
20090106825SYSTEM AND METHOD FOR USER PASSWORD PROTECTION - A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.04-23-2009
20100122324OVER THE AIR SERVICES FOR MOBILE DEVICES - A client device may be managed in the event of, for example, device loss or mislocation. In such a case, a user can effectively cause a restriction command to be generated, where the restriction command is wirelessly transmitted to the client device. The restriction command can be specified to either lock user data on the client device or erase user data on the client device.05-13-2010
20110283345MATERIAL OUTPUT SYSTEM FOR OUTPUTTING MEETING MATERIAL FOR PROSPECTIVE PARTICIPANT IN MEETING - In a material output system, if it is determined that a meeting management server has stored therein meeting information in which an authenticated person is included in prospective participants in a meeting, in which an installation place of MFP that has performed authentication agrees with a meeting room where the meeting is held, and in which the present date and time is included in a meeting room reservation time, MFP is instructed to output a material saved in a location associated with the meeting information. If it is determined that such meeting information is not stored in the meeting management server, the material output system displays a screen to allow output of the material saved in the associated location, for at least one piece of meeting information in which the authenticated user is included in prospective participants in a meeting. Accordingly, the material can be promptly distributed to the participant in the meeting.11-17-2011
20110283344SYSTEMS AND METHODS FOR HOST AUTHENTICATION - Systems and methods provide for authenticating a device. A method for authenticating a device can include receiving, at communications node, a first message, wherein the first message includes a first Extensible Authentication Protocol (EAP) packet which includes an EAP (Identify) ID response and a first destination address; generating, by the communications node, a second message, wherein the second message includes the first EAP ID response and a second destination address which is different from the first destination address; and transmitting, by the communications node, the second message toward the second destination address.11-17-2011
20110302637SOFTWARE DISTRIBUTION METHOD, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING SYSTEM - A distribution server receives authentication information acquired from an IC card reader of a client PC and authenticated by an authentication server. The distribution server adds setting information on the basis of the received authentication information in an installer of a device driver for an image formation section of an MFP to thereby generate a custom installer of the device driver. The distribution server distributes the generated custom installer to an address of a user to be authenticated based on the authentication information.12-08-2011
20120005730SECURE DETECTION NETWORK SYSTEM - A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.01-05-2012
20110289565RETRIEVING ACCESS INFORMATION IN A DISPERSED STORAGE NETWORK - A method begins by a processing module obtaining a set of recovered random numbers, decoding encrypted share slices to produce a set of encrypted shares, and obtaining a set of personalized authenticating values regarding user access to data. The method continues with the processing module generating a set of hidden passwords based on the set of personalized authenticating values, generating a set of blinded passwords based on the set of hidden passwords and a set of blinded random numbers, and generating a set of passkeys based on the set of blinded passwords and the set of recovered random numbers. The method continues with the processing module generating a set of decryption keys based on the set of blinded random numbers and the set of passkeys, decrypting the set of encrypted shares to produce a set of shares, and decoding the set of shares to reproduce the data.11-24-2011
20110289564SYSTEM AND METHOD FOR PROVIDING AUTHENTICATION CONTINUITY - A computer-implemented method may include receiving first monitored information relating to a user at a time of initial user authentication with a particular application or resource. It may be determined that a second authentication is required at a second time subsequent to the time of initial user authentication. Second monitored information may be captured at the second time. The second monitored information may be compared to the first monitored information to determine whether continued authentication is maintained. Access to the particular application or resource when it is determined that continued authentication is not maintained.11-24-2011
20110296503DOMAIN BASED AUTHENTICATION SCHEME - In one example, a system for authenticating domains operates by authenticating a first domain and the extensions that make up the URI of an initial or primary Internet network call. Thereafter, the system can enable the owner of the first domain to make assertions or statements about additional domains and URIs that make up the rest of the web page, session or application.12-01-2011
20090133106Authentication Frequency And Challenge Type Based On Environmental And Physiological Properties - An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).05-21-2009
20090158403METHOD AND SYSTEM FOR PERMITTING OR DENYING SERVICE - Aspects of the invention relate to a computer-implemented method and system of permitting or denying service for a user device of a user of a service in relation to a recipient, who is the counterparty, is proposed. The method is executed in a system configured for connecting to the user device. The system is configured for accessing a recipient requirement list of the recipient and a user profile of the user. The recipient requirement list comprises at least one criterion regarding an item of said user profile. A service request is received from the user device. The service request contains an identifier of the recipient. The recipient requirement list is traced on the basis of this identifier. Subsequently, it is checked whether an item of the user profile satisfies the at least one criterion of the traced recipient requirement list. Service is permitted if the item of the user profile satisfies said at least one criterion of said recipient requirement list. Service initiation or service establishment is denied if said item of said user profile does not satisfy said at least one criterion of said recipient requirement list.06-18-2009
20100077462SECURE DOMAIN NAME SYSTEM - A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer.03-25-2010
20130219477TRANSPARENT CLIENT AUTHENTICATION - A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key. If they correspond, then the client is authenticated.08-22-2013
20100269161METHOD AND SYSTEM FOR PREVENTING FRAUDULENT ACTIVITIES - A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.10-21-2010
20110219436COMMUNICATION APPARATUS, ELECTRONIC MAIL TRANSMITTING METHOD, AND ELECTRONIC MAIL TRANSMITTING PROGRAM - A communication apparatus enhances security in transmitting electronic mail to a destination mail address without degrading operability. An MFP is connected to an authentication server and a mail server via a network. A user name and a password are entered in a user name entry screen. The MFP requests the authentication server to authenticate the entered user name and password. When the user name and the password are authenticated, the MFP is operable to acquire an e-mail address, a SMTP authentication user name, and a SMTP authentication password according to SMTP associated with the authenticated user name and password from the authentication server. The MFP requests the mail server to authenticate the acquired SMTP authentication user name and SMTP authentication password according to SMTP. When the SMTP authentication user name and the SMTP authentication password are authenticated, the MFP is operable to transmit an e-mail to the mail server.09-08-2011
20090249453METHOD AND SYSTEM FOR HUB-AND-SPOKE WEBSITE BROWSING AND NAVIGATION ON A MULTIPANED PLATFORM FOR THE COMMUNICATION, DISTRIBUTION, AND COLLABORATION OF INFORMATION AND DATA - The invention is a method and system for hub-and-spoke website browsing and navigation on a multipaned platform for the communication, distribution and collaboration of information and data. The invention allows multiple non-collocated users to collaborate on an interface created by a server-based application by utilizing a plurality of application spokes and a plurality of application fasteners to facilitate data exchange between a hub and at least one viewing pane on a display device.10-01-2009
20100115591METHOD AND SYSTEM FOR AUTHENTICATING USERS WITH OPTICAL CODE TOKENS - A method and apparatus are provided for authenticating users using cell phones or other mobile devices. The system finds particular application in authenticating users seeking to retrieve sensitive (e.g. personal, medical, safety, . . . etc.) information.05-06-2010
20090150980Management Control of Assets - Methods and systems for managing the issue or return of secure assets are disclosed. The methods and systems use biometric identification for assured security.06-11-2009
20090150981MANAGING USER ACCESS ENTITLEMENTS TO INFORMATION TECHNOLOGY RESOURCES - A computer implemented method, data processing system, and computer program product for logical management and provisioning of business applications within the framework of an identity management system. The illustrative embodiments providing an interface layer to map respective attributes, permissions, and resource accounts in a data repository needed to represent access to business applications via a managed service in the identity management system. The illustrative embodiments define user entitlements on a user account associated with the managed service. The illustrative embodiments provision user access to the business applications via the managed service in the identity management system upon user request.06-11-2009
20080276305Systems, Methods and Computer-Readable Media for Regulating Remote Access to a Data Network - A system, which comprises an authorization controller operable for regulating establishment of user sessions over a data network; a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens; and a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden. The authorization controller is further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user.11-06-2008
20080244715Method and apparatus for detecting and reporting phishing attempts - One embodiment of the present invention provides a system that facilitates detecting phishing, wherein phishing is an attempt to fraudulently acquire sensitive information by masquerading as a legitimate entity. The system operates by receiving data from a server at a client. Next, the system determines if an attribute (such as a visual appearance of a presentation) encoded in the data matches an attribute encoded in data provided by a known entity. If so, the system determines if other attributes in the data match attributes in the data provided by the known entity. If not, the system determines that the data comprises a phishing attempt.10-02-2008
20080244714Secure RFID authentication system using non-trusted communications agents - The electronic Secure Authentication For Exchange Global Purchasing System (GPurs) facilitates interactions between customers and service/retail commercial enterprise whereby a Global Positioning System (GPS) like system is used to search, locate, reserve, schedule, order or purchase numerous products and services through a secure system that employs product encryption safeguards against counterfeit, diverted or pirated products, and to reserve, order or purchase services that meet quality standards. The GPurs system presents a digital graphical user interface to accept customer input, an audio interaction system speech recognition engine linked microphone or cellular telephone, a digital device interface that accepts textual input from a cellular telephone, PC, PDA, IPod, DVD controller, game controller, or an on-board automotive integrated computer or a wireless input system, to search, locate, reserve, schedule, order or purchase products and services. All GPurs data is stored and retrievable for later usage.10-02-2008
20080244717System and method for confirming identity and authority by a patient medical device - A system and method for confirming identity and authority by a patient medical device is provided. Master credentials are issued to a requesting device and a receiving device from an authorizing agent. The master credentials include the authorizing agent's public key and a digital signature of a root certification authority. Device credentials are issued to the requesting device from the authorizing agent. The device credentials include the requesting device's public key and the authorizing agent's digital, signature. Identification credentials are provided to the receiving device and include the device credentials and the requesting device's digital signature. The requesting device is authenticated. The authorizing agent's digital signature in the device credentials is checked using the authorizing agent's public key in the master credentials of the receiving device. The requesting device's digital signature in the identification credentials is checked using the requesting device's public key in the device credentials.10-02-2008
20080244713METHOD FOR CONTROLLING ACCESS TO DIGITAL CONTENT - Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, wherein the throughput rate is associated with information related to the digital content stored as a file.10-02-2008
20100122323STORAGE DEVICE MANAGEMENT SYSTEMS AND METHODS - Storage device management systems and methods are provided. The system includes a storage device and an electronic device. The storage device has a UID, a public area comprising a URL (Uniform Resource Locator) and a security module, and a hidden area comprising at least one key. The electronic device reads the security module from the storage device, and executes the security module to encrypt the UID. The electronic device links to a host according to the URL, and transmits the encrypted UID of the storage device to the host for management.05-13-2010
20120036565PERSONAL DATA PROTECTION SUITE - An online protection suite that provides subscribers to organizations a highly integrated desktop application with a dashboard set of services combining single-click access to user accounts and a bulletin-board of constantly refreshed posters offering a variety of related products and services.02-09-2012
20120036563SYSTEMS, DEVICES, METHODS AND COMPUTER PROGRAM PRODUCTS FOR ESTABLISHING NETWORK CONNECTIONS BETWEEN SERVICE PROVIDERS AND APPLICATIONS THAT RUN NATIVELY ON DEVICES - A login session server is configured to establish a communications session between an application that runs natively on a device and a service that is secured by a web services gateway by supporting a temporary login session socket between the device and the login session server and by passing a login session token to the device over the temporary login session socket. The temporary login session socket can be used to verify that the application that runs natively on the device is authorized to use the services of the service provider. Related systems, devices, methods and computer program products are disclosed.02-09-2012
20090307762SYSTEM AND METHOD TO CREATE, SAVE, AND DISPLAY WEB ANNOTATIONS THAT ARE SELECTIVELY SHARED WITHIN SPECIFIED ONLINE COMMUNITIES - A system and method for the creation and display of web annotations that are selectively shared within specified online communities is disclosed. An embodiment of the system and method include the use of a web browser plug-in that enables a computer user to create content and have that content associated with an Internet address in the form of a web note that is displayed to the user in a presentation layer over the Internet website. That web note is transmitted to a web server that stores the content and attributes of the web note in a database. When that user or another other user of the browser plug-in subsequently navigates to the aforementioned Internet address, that web note is retrieved from the database and displayed through the browser to the user in a presentation layer over the Internet website, independent of that Internet website based on user determined content sharing filters.12-10-2009
20090276837CREDENTIAL EQUIVALENCY AND CONTROL - A number of equivalent credentials may be associated with at least one entity. Each of the equivalent credentials may be of one of a number of types, such as, for example, a cryptographic key pair, a password, a biometric, or other types or combinations thereof. When one of the equivalent credentials is authenticated by an authentication control system, the at least one entity may be permitted access to a hardware device, software, or a service associated with the authentication control system. The authentication control system may include a number of authentication endpoints and blocking controls, each of which may be associated with a respective equivalent credential. After the authentication control system authenticates one of the equivalent credentials, a parameter of a blocking control and/or configurable credential-related attributes of an authentication endpoint associated with another of the equivalent credentials may be changed or reset.11-05-2009
20100146600SYSTEM AND METHOD FOR AUTOMATIC DATA PROTECTION IN A COMPUTER NETWORK - A method of protecting data items in an organizational computer network, including, defining multiple information profiles for classifying the data item, defining rules for protecting the data item belonging to a specific information profile, classifying the data item according to the defined information profiles, applying a protection method to the data item responsive to the classification and the defined rules, automatically updating the classification of the data item responsive to a change in the content or location of the data item; and automatically transforming the applied protection method, throughout the lifecycle of the data item, responsive to a change in classification or location of the data item, according to the defined rules.06-10-2010
20100083356SYSTEM AND METHOD FOR INTELLIGENT AUTOMATED REMOTE MANAGEMENT OF ELECTROMECHANICAL DEVICES - Monitoring and control of electromechanical devices from a central data center. The data center may be located at a separate geographic location, using broadband communication channels, such as Internet or telecom channels, and wireless HAN (home area network) communications. Such electromechanical devices may comprise, for example, an HVAC system at a small-business or residential site, a grounds-maintenance sprinkler system, or a small wind or solar energy generation and storage station.04-01-2010
20100083355DISCOVERY PROFILE BASED UNIFIED CREDENTIAL PROCESSING FOR DISPARATE SECURITY DOMAINS - A method for discovery profile based unified credential processing for disparate security domains can include loading a discovery profile specifying types of manageable resources to be discovered during discovery of manageable resources and authentication protocols for use in accessing each type of the resources. The method also can include discovering the resources across disparate security domains and selecting a discovered one of the resources in a particular one of the security domains for a systems management task. The method further can include transforming an authentication credential not specific to the particular one of the security domains to a mapped authentication credential specific to the particular one of the security domains and authenticating into the particular one of the security domains with the mapped authentication credential utilizing an authentication protocol specified by the profile in order to perform the systems management task on the selected discovered one of the resources.04-01-2010
20110197267SECURE AUTHENTICATION SYSTEM AND METHOD - There is disclosed a system and method for authenticating the identity of a user of a client device as part of a transaction between the client device and a server of a service provider over a communications network, the client device comprising a unique identifier. The system and method comprise one or more personal identification elements issued to the user based upon an initial authentication of the identity of the user, a credential issued to the client device by the service provider based upon the personal identification elements and the unique identifiers, and a trigger event for launching an authentication application installed on the client device. When the authentication application is launched by the trigger event, the authentication application transmits the one or more personal identification elements and the unique identifier in a combination with the credential to the server for authentication by the service provider.08-11-2011
20110197266METHODS AND SYSTEMS FOR SECURE USER AUTHENTICATION - Methods and systems for secure user authentication using a OTP involve, for example, pre-storing a OTP application on a first computing device for generating a valid OTP value for the user responsive to receiving entry of a valid PIN value of the user, no part of the valid PIN value is stored on the first computing device and pre-storing on a back-end server the valid PIN value and a valid shared secret for the user. Upon receiving entry of a purported PIN value of the user, a purported shared secret is dynamically synthesized on the first computing device by the OTP application based on the purported PIN value of the user and a purported OTP value is generated on the first computing device. When entry of the purported OTP value is received by the back-end server in an attempt to log on the back-end server from a second computing device, the back-end server cryptographically calculates a window of OTP values, and log on to the back-end server from the second computing device is allowed if the calculated window of OTP values corresponds to the received OTP value.08-11-2011
20100088751COMMUNICATION SYSTEM, TERMINAL CONTROL UNIT AND COMMUNICATION METHOD - A terminal control unit and method are provided. The terminal control unit which manages information about a mobile unit which transmits data to a relay unit of transferring data to another relay unit depending on source IP address, includes a terminal communication information storing unit which stores a destination IP address and a terminal identifier for identifying the mobile unit for every relay unit; and a terminal identifier transmitting unit which transmits a combination of the destination IP address and the terminal identifier stored in the terminal communication information storing unit to the mobile unit, upon receipt of a terminal identifier assignment request from the mobile unit, requesting assignment of the terminal identifier to the mobile unit.04-08-2010
20100083354THIRD PARTY VALIDATION OF INTERNET PROTOCOL ADDRESSES - A device can connect to a network over a first interface to configure and obtain an IP address. To communicate with nodes in a second network, over a second interface, the IP address can be validated by a trusted third party. The validation can include conducting a return routability test to validate a Prefix of the IP address. Cryptographically Generated Address verification can be utilized to verify the validity of an Interface Identifier included in the IP address. If the IP address is validated, the trusted third party can include the address in a verification ticket, which can also include a signature of the trusted third party. The device can provide the verification ticket to nodes in the second network as authentication of the device.04-01-2010
20100083353PERSONALIZED USER AUTHENTICATION PROCESS - A system and method for authenticating a user seeking access to a resource via a computer is described herein. In accordance with one embodiment, a person authorized to control access to the resource selects a personalized combination of non-text elements, a collection of non-text elements from which the combination must be selected, and an arrangement in which the collection of non-text elements is presented to the user. When the user attempts to access the resource, the system presents the collection of non-text elements to the user and requires the user to select a combination of non-text elements from among the collection of non-text elements that matches the personalized combination previously selected by the person authorized to control access to the resource.04-01-2010
20090037987Application Programming Interface for Implementing Directory Service Access Using Directory Service Markup Language - A set of DSML application programming interface (DSML API) functions is provided to facilitate the implementation of DSML-based directory service access. The DSML API includes a DSML document API class for building or accessing a DSML payload, and a DSML connection API class that handles connection and transport to a DSML server. To access a directory service, the client calls functions of the DSML document API class to generate a DSML request payload, and calls functions of the DSML connection API to transport a packet with the DSML request payload according to a pre-selected connection protocol, such as SOAP, to the DSML server for forwarding to the directory service.02-05-2009
20090288151Conditional Access System Switcher - A system is configured to provide access between a plurality of terminals and a plurality of different conditional access systems (CASs) associated with the terminals. The system includes a CAS switcher configured to receive requests from the plurality of terminals and, for each of the requests, identifies and sends the requests to a corresponding CAS. The CAS switcher also receives messages from the CASs responsive to the requests and, for each of the messages, identifies and sends the message to a corresponding terminal.11-19-2009
20100100945USER AUTHENTICATION MANAGEMENT - End users of a multi-factor authentication service can utilize an account management service, and third-party website can register to utilize the multi-factor authentication service. Registering a third-party website can comprise the multi-factor authentication service receiving a valid digital identity certificate for the third-party website, and receiving an agreement to terms of use of the multi-factor authentication service for the third-party website. Once received, the multi-factor authentication service can enable the third-party website to utilize the service (e.g., switch the service on, or send an authorization key to the third-party website). Further, registering a user to the multi-factor authentication service can comprise determining availability of service, and providing a location-specific access code. Additionally, registering the user can comprise registering the user's mobile device, for example, to provide multi-factor authentication. Also, an Internet-based user account management user interface can be provided that allows a user to view transactions on their account, and an ability to shut off a designated mobile device's ability to authenticate.04-22-2010
20120291107SYSTEMS AND METHODS FOR UNIVERSAL ENHANCED LOG-IN, IDENTITY DOCUMENT VERIFICATION AND DEDICATED SURVEY PARTICIPATION - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data. A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server.11-15-2012
20090187978SECURITY AND AUTHENTICATIONS IN PEER-TO-PEER NETWORKS - A system and method for providing access to a secured data resource to a client on a peer-to-peer network. The system includes a content management server which receives and verifies a first request for access to a secured data resource from the client. If the first request is valid, the content management server generates a second request for access to the secured data resource which comprises peer-to-peer control information and information identifying the secured data resource, and which can additionally include a signature generated using a shared key. The content management transmits the second request to the client, which then retransmits the second request to a peer-to-peer control server. The control server receives the second request and validates it. Such validations can include validating the request with the shared key. If the second request is valid, the control server transmits instructions for accessing the secured data resource back to the client.07-23-2009
20080209526System and method for personalized security signature - Embodiments of the present invention provide techniques for authenticating users based on personalized (i.e., user-provided) authentication data. In one set of embodiments, the personalized authentication data includes acoustic, image, and/or video data, but is exclusive of biometric data of the user. In this manner, existing acoustic, image, and video-based authentication interfaces/mechanisms may be leveraged, without the problems associated with verifying biometric data. In some embodiments, a user may enroll or register multiple pieces of personalized authentication data into an authentication system. The user may then select one piece of personalized authentication data for use by the system at a time of authentication.08-28-2008
20080209527METHOD FOR PORTABILITY OF INFORMATION BETWEEN MULTIPLE SERVERS - A method for verifying the authenticity of content created by one host for verification and portability to other hosts includes the steps of creating a data set containing data objects, establishing an authentication code system, authorizing the first host to modify the data set; establishing a valid authentication code for the first host in accordance with the authentication code system, modifying the data set by the first host, signing the data set using the authentication code for the first host, transferring the data set to a second host, determining whether the data set was modified by a host having authority to modify the data set by verifying the authentication code used to sign the data set, and then allowing transfer to and use of the modified data set by the second host so long as the data set was modified by a host having a valid authentication code.08-28-2008
20090113529Method and system for restricted biometric access to content of packaged media - A system, method, and user device for restricting access to the content of media over a network. Biometric information is collected and compared against pre-stored biometric information of a user to authenticate the identity of the user. The user then requests access to the content of a medium. Access is permitted to the requested content if the content is identified as content, or indicia identifying the content, that the user previously uploaded to the server. Access is denied to the requested content if the content is not identified as content, or indicia identifying the content, that the user previously uploaded to the server.04-30-2009
20100229223USING SOCIAL INFORMATION FOR AUTHENTICATING A USER SESSION - A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user's activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member's connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion.09-09-2010
20120144457METHOD AND SYSTEM FOR PROVIDING REGISTRATION OF AN APPLICATION INSTANCE - An approach for registration an application instance is provided. A registration request including credential information related to a user, a device and an instance of an application resident on the device is generated. The registration request is transmitted over a network to a registration platform. A unique identifier that is encrypted, in response to registration of the application instance is received from the registration platform. This unique identifier is used to securely authenticate communication with the application instance.06-07-2012
20120144459REVOKING DELEGATABLE ANONYMOUS CREDENTIALS - The claimed subject matter provides a method for revoking delegatable anonymous credentials. The method includes receiving a request to revoke an anonymous credential. The anonymous credential may be representative of an ability to prove non-membership in an accumulator for a first entity. The method also includes revoking the anonymous credential from the first entity in response to the request to revoke the anonymous credential. Additionally, the method includes revoking the anonymous credential from a second entity in response to the request to revoke the anonymous credential. The first entity delegates the anonymous credential to the second entity.06-07-2012
20090288150ACCESS CONTROL BY TESTING FOR SHARED KNOWLEDGE - Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks.11-19-2009
20110271330SOLUTIONS FOR IDENTIFYING LEGAL USER EQUIPMENTS IN A COMMUNICATION NETWORK - A method for identifying legal user equipments in a communication network is provided. The method comprises: sending to a user equipment a request for an identity of the user equipment; receiving from the user equipment a response to the request, the response comprising the identity of the user equipment and an associated credential; and determining whether the user equipment is a legal one, according to a result of authentication based at least in part on the received identity and the credential.11-03-2011
20100287602CONTENT DELIVERY DEVICE AND SYSTEM, CONTENT-ON-DEMAND METHOD AND NETWORK ARCHITECTURE - The present invention discloses a content delivery device and system, content-on-demand method and network architecture, wherein, the content delivery device is used to realize content delivery function in next generation network, wherein, the next generation network includes a transmission stratum which includes a transmission function entity and a service stratum which includes a service control function entity. The content delivery device is located in the service stratum on top of the transmission stratum, is connected between the service control function entity and the transmission function entity, and is used to deliver the content from application functions module of next generation network to a terminal user. In virtue of the technical scheme of the present invention, various service systems such as IPTV can be merged in next generation network, various multimedia services of next generation network are developed expediently and the vacancy of the related technology is filled up.11-11-2010
20090119756Credential Verification using Credential Repository - A credential repository securely stores user credentials. The credential repository may be accessed by multiple entities. Instead of having a user carry his credentials with him (e.g., on a credit card or driver's license, which can be lost or stolen), the user's credentials are retrieved from the credential repository for use in a transaction. A merchant or other entity requesting the transaction receives these retrieved credentials and uses them to verify the identity of the user who seeks to participate in the transaction. A time-to-live value may be associated with the retrieved credentials. Successful verification of the user's identity enables private or personal data of the user to be released to the merchant or other entity. Optionally, the user explicitly authorizes the release of the data.05-07-2009
20090119757Credential Verification using Credential Repository - A credential repository securely stores user credentials. The credential repository may be accessed by multiple entities. Instead of having a user carry his credentials with him (e.g., on a credit card or driver's license, which can be lost or stolen), the user's credentials are retrieved from the credential repository for use in a transaction. A merchant or other entity requesting the transaction receives these retrieved credentials and uses them to verify the identity of the user who seeks to participate in the transaction. A time-to-live value may be associated with the retrieved credentials. Successful verification of the user's identity enables private or personal data of the user to be released to the merchant or other entity. Optionally, the user explicitly authorizes the release of the data.05-07-2009
20120297464AUTHENTICATED TRANSMISSION OF DATA - A method for transmitting data confirmed by at least one person (KND), wherein data (TOR) to be transmitted are received and/or generated by an input device (BSW), wherein the input device (BSW) can be operated by the person (KND). A configuration for performing the method and a computer program for implementing the steps are also provided.11-22-2012
20080276306Implicit Authentication to Computer Resources and Error Recovery - A method for implicit authorization to a computer resource includes defining a behavioral signature including a plurality of defined computer actions known to an authorized user of the computer resource. A first performed computer action of a user is registered. The first performed computer action is compared with a first defined computer action of the plurality of defined computer actions, wherein, if the first performed computer action and the first defined computer action match, an authentication state is changed from a first authentication state to a second authentication state.11-06-2008
20100293604INTERACTIVE AUTHENTICATION CHALLENGE - A system and method for authenticating a request for a resource. A requester sends the request for a resource to a server in a first protocol. The server may send a challenge message to the requester. In response, the requester employs a challenge handler that performs an interactive challenge with a challenge server in a second protocol. Upon successful conclusion of the interactive challenge, the challenge handler synchronizes with a request handler, which sends a challenge response message to the server. The server may then enable access to the requested resource.11-18-2010
20090007243METHOD FOR RENDERING PASSWORD THEFT INEFFECTIVE - A method for rendering a login theft ineffective includes detecting a submission of a first login request from the user's client to a Web site; redirecting the first login request to the traffic processor for copying at least one of the user supplied login fields; forwarding the first login request from the traffic processor to the site; requesting replacements of at least one of the user supplied login fields from the site; and replacing the at least one of user supplied login fields with at least one new corresponding login field(s) in the site.01-01-2009
20120144458SYSTEM AND METHOD FOR IDENTITY VERIFICATION ON A COMPUTER - A system to verify user identity on a computer uses a server with a set of stored or created images. An image is selected and transmitted over a computer network to the computer whose user identity is to be verified. The user captures the image on a mobile communication device using, by way of example, a built-in camera. The captured image is transmitted via a public mobile network back to the server where the captured image is compared with the stored image. If the images match, the user identity is verified. In another embodiment, multiple images may be displayed and user-selectable options are selected by capturing one of the multiple images.06-07-2012
20100169957WEAK PASSWORD SUPPORT IN A MULTI-USER ENVIRONMENT - Embodiments of the present invention provide a method, system and computer program product for supporting weak password authentication in a multi-user application environment. In an embodiment of the invention, a method for supporting weak password authentication in a multi-user application environment can be provided. The method can include acquiring log in data for a log in attempt by an end user amongst end users in a multi-user application. The method also can include messaging the log in data to others of the end users for subjective analysis by the others of the end users in detecting an unauthorized log in attempt.07-01-2010
20120144461MOBILE PIN PAD - A system is configured to: receive an authentication request for a transaction from a web server; identify a phone number of the mobile device based on identifying information of the user in the authentication request and the user information, transmit a message to the mobile device based on the phone number, receive a message response from the mobile device, determine whether the mobile device provided a mobile pin pad authentication for the user based on the message response, and transmit a success authentication response to the web server when the mobile device provided the mobile pin pad authentication for the user.06-07-2012
20090265768METHOD AND APPARATUS FOR THE SECURE IDENTIFICATION OF THE OWNER OF A PORTABLE DEVICE - An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device.10-22-2009
20090265767METHODS AND ARRANGEMENTS FOR PREFIX MANAGEMENT IN MOVING NETWORKS - The present invention relates to prefix management in a moving network comprising a first mobile router which is assigned a first prefix for use when passing traffic to and from a home agent with which the first mobile router is associated, and a second mobile router. The present invention relates to methods and arrangements in the first mobile router, the second mobile router and the home agent for delegating the right to use said first prefix to said second mobile router in a secure manner by means of first and second authentication information that may be compared to verify that the second mobile router has the right to use the first prefix.10-22-2009
20120042363COMMUNICATION SYSTEM PROVIDING WIRELESS AUTHENTICATION FOR PRIVATE DATA ACCESS AND RELATED METHODS - A communication system may include a server configured to provide data access based upon an authenticated logon, and a computer configured to access the server to receive a temporary authenticated logon identification (ID) for the server. The communication system may further include a mobile wireless communications device including a housing, a wireless transceiver carried by the housing, a sensor carried by the housing, and a controller carried by the housing, the controller being coupled to the wireless transceiver and the sensor. The controller may be configured to cause the sensor to wirelessly retrieve the temporary authenticated logon ID from the computer, and cause the wireless transceiver to wirelessly communicate logon data to the server for providing data access via the computer based upon the temporary authenticated logon ID.02-16-2012
20080282330BLUETOOTH DEVICE CONNECTION METHOD AND RELATED BLUETOOTH DEVICE - The present invention provides a bluetooth device connection method. The bluetooth device connection method includes: acquiring a device list, the device list at least records a bluetooth device; assigning a bluetooth device belonging to a target class in the device list as a target device; determining whether the target device authorizes a match password; and utilizing the match password to build a connection with the target device if the target device authorizes the match password.11-13-2008
20080235772Iterated password hash systems and methods for preserving password entropy - Methods and systems consistent with the invention provide a hash process for use in password authentication. For instance, in one embodiment, a method may include receiving password data and combining the password data with a salt value. The salt value may, for example, be a random number. The method may also include calculating a first hash value based on the combined password data and salt value. The method may further include calculating, in a second iteration, a second hash value based on the first hash value and the password. In exemplary implementations, the method may also iteratively calculate a new hash value by applying the output hash value of a previous iteration, in combination with the password data, to the hash function. The number of iterations may be determined by an iteration count.09-25-2008
20080289013TECHNIQUES FOR LOCAL PERSONALIZATION OF CONTENT - Techniques for the local personalization of content are presented. A content personalization service is dynamically pushed from a server environment to a client processing environment associated with a principal on demand. The content personalization service interjects itself between content that the principal attempts to view and access within the client processing environment and modifies and personalizes that content on behalf of the principal before the principal can view or access the content.11-20-2008
20080209528Network identity management system and method - Users of Internet services (e.g., SKYPE messaging service, GOOGLETALK messaging service, AOL INSTANT MESSENGER messaging service, and MICROSOFT MESSENGER messaging service) that are initially identified using separate identifiers that may be associated with respective service providers (e.g., email addresses) can manage network identities using a single unified set of account information managed by a registry service. The registry authenticates the user's request(s) to bind a service provider identity to his or her personal registry user record by presenting a random challenge to the user which the registry must then receive back from the service provider corresponding to the identity being added. Later, the registry may authenticate itself to service providers using information received from a service provider application as the service provider application authenticates itself to the service provider.08-28-2008
20080271126Pre-authenticated calling for voice applications - Architecture for providing pre-authenticated information from an endpoint for subsequently authenticating a device and/or user associated with the previously-authenticated information. A pre-authentication module of the architecture can be a trust component as part of an application that facilitates the utilization of user information and/or endpoint information in a media session protocol message to replace information that would otherwise be gathered via a dialog. In the context of IP-based voice communications, a call can be made from a client that is pre-authenticable, and no longer requires that an IP-based telephone interact with the phone user to facilitate sign-on.10-30-2008
20100146599CLIENT-BASED GUEST VLAN - A network device connected to a network includes a physical port and multiple logical ports configured to provide guest access or authenticated access to the network via the physical port, to a supplicant device. An authorization engine determines whether the supplicant device is authorized to access the network. An authentication engine determines whether the supplicant device is compatible with an authentication protocol associated with the network based on a receipt or a non-receipt of a response from the supplicant device to one or more authentication requests. A guest table stores the source address of the supplicant device if the supplicant device is authorized to access the network and is incompatible with the authentication protocol, wherein the logical ports are configured to provide the guest access to the supplicant device corresponding to the source address stored in the guest table.06-10-2010
20090165097SINGLE SIGN-ON FOR OS BOOT IMAGE PROVISIONING AND OS LOGIN BASED ON USER IDENTITY - A method for single sign-one for operating system (OS) boot image provisioning and OS login based on user identity includes receiving authentication information from an information handling system (IHS) over a network. The authentication information is associated with a user. The authentication information is sent to network services. Boot image information is received from the network services. The boot image information is associated with a boot image and the authentication information. The boot image is provisioned to the IHS over the network, wherein the boot image includes an OS that is configured to read the authentication information from a shared memory region of the IHS and use the authentication information to auto-login the user to the OS.06-25-2009
20090183243USER AUTHORIZATION SYSTEM AND METHODS - A slot management system including a download and configuration server-based sub-system and method is disclosed for use with game devices, systems, and methods is provided to enable users to monitor, control, and modify game devices and other related activities. A computerized authorization system authorizes users access to the slot management system.07-16-2009
20090165099PROVISIONING ACTIVE MANAGEMENT TECHNOLOGY (AMT) IN COMPUTER SYSTEMS - Active management technology (AMT) may be provisioned in a client device automatically, which may provide a secure connection between the provisioning server and the client device. The client device comprising the active management technology may support zero-touch provisioning and one-touch provisioning.06-25-2009
20090165096DYNAMIC RADIUS - A system includes a remote authentication dial in user service (RADIUS) server in communication with a network access server. The network access server provides an authentication request to the RADIUS server. The authentication request includes at least a user identifier and a device identifier. The RADIUS server determines an authentication format utilized by the network access server based on the received authentication request. The system may also determine an authorization level to provide with an authentication response.06-25-2009
20090144813METHOD TO CONTROL ACCESS BETWEEN NETWORK ENDPOINTS BASED ON TRUST SCORES CALCULATED FROM INFORMATION SYSTEM COMPONENT ANALYSIS - Signatures are generated for modules in a computer system. The signatures can be assembled into an integrity log. The signatures are compared with signatures in a database in an integrity validator. Once signatures are either validated or invalidated, a trust score can be generated. The trust score can then be used to determine whether the computer system should be granted access to a resource using a policy.06-04-2009
20090144812ENTRY AUXILIARY APPARATUS, ENTRY AUXILIARY SYSTEM, ENTRY AUXILIARY METHOD AND ENTRY AUXILIARY PROGRAM - An entry auxiliary apparatus includes: an authentication entry detection unit, an adequacy determination unit and an entry auxiliary unit. The authentication entry detection unit detects a first authentication server URL included in data of a web page displayed. The adequacy determination unit compares the first authentication server URL with a second authentication server URL included in login information indicating an input history of authentication information and a third authentication server URL included in a service group. The service group, which includes a group of authentication server URLs locating authentication servers that authenticate with an identical authentication information, is related to the login information. The adequacy determination unit relates the login information to an adequacy level depending on a result of the comparison. The entry auxiliary unit assists input of authentication information into the web page based on the login information and the adequacy level.06-04-2009
20090138947Provisioning a network appliance - A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and generating a provisionally unique identifier from the network appliance for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR, the provisionally unique identifier, and information about the user login to a service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.05-28-2009
20090138946Provisioning a network appliance - A method and system for generating identity certificates. The method may include receiving a user login at a network appliance, determining that the network appliance is not initialized, and requesting and receiving a unique identifier from a service provider, where the unique identifier is used for identifying the network appliance. The method may include generating a certificate signing request (CSR) and sending the CSR with the unique identifier to the service provider. Upon receiving a signed certificate from the service provider at the network appliance, the network appliance is initialized using the received signed certificate.05-28-2009
20090049532METHOD, DEVICE AND SYSTEM FOR USER AUTHENTICATION ON PASSIVE OPTICAL NETWORK - The present invention relates to a method, a device and a system for user authentication on a PON. The method includes the following steps: an OLT receives a user authentication request initiated by an ONU, which carries a password ID; the OLT authenticates according to the user password ID reported by the ONU, and opens or closes a channel from the ONU to the network side according to the authentication result. The invention further discloses a PON and an OLT. According to the method for user authentication in the invention, user management and maintenance of PON may be easier and simpler, and terminal interchangeability and user security may be improved; moreover, after a user changes the ONU, the new ONU may also access the network using the password ID.02-19-2009
20090019532COMMUNICATION SYSTEM - A communication system for providing instant messaging and presence services among users of a communications network. The system comprising a user subscribed to the service and arranged to send a plurality of requests, each request comprising a user identity corresponding to at least one user of a first set of users of the network. The system also comprising a server having an access point arranged to receive the requests from the user, and having a service element for providing the service and wherein a second set of users are subscribed to the service element. The system also having circuitry for checking which of the users in the second set match with the users in the first set.01-15-2009
20090178123TRUSTED INTERNET IDENTITY - A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requester by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.07-09-2009
20090178122ASSOCIATING COMPUTING DEVICES WITH COMMON CREDENTIALS - Method and computer storage media for sharing resources between a plurality of computing devices associated with a common non-enterprise network. A common set of credentials is stored on at least two or more of a plurality of computing devices that reside behind a routing device and are associated through a common non-enterprise network. Upon storing the common set of credentials, each of the two or more of a plurality of computing devices create a local account that contains, at least, the common set of credentials. The common set of credentials allow for the sharing, among the two or more of the plurality of computing devices, of resource that reside on or are associated with the computing devices.07-09-2009
20120198525SERVER RESERVATION METHOD, RESERVATION CONTROL APPARATUS AND PROGRAM STORAGE MEDIUM - An information processing device including a communication interface that exchanges data with a first device and a second device; and a processor that performs authentication of the first device; receives content data from the first device via the communication interface; and controls the communication interface to send the content data in real time to the second device based on an access control setting, which indicates a restriction on sending the content data.08-02-2012
20090064290Searching and replacing credentials in a disparate credential store environment - Apparatus and methods are described for searching and replacing user credentials in a multiple disparate credential store environment. Upon authentication of a user to change credentials, credential information of multiple disparate credential stores is searched. Upon population of search results, users indicate which of the credentials they desire to change and results are committed upon affirmative execution in a user interface dialog. In this manner, users locate their credential information, from whatever store, and change it in quantity or singularly from a single point of control. They can also fully understand how many passwords, secrets, keys, etc., they have over the many disparate stores available to them and affirmatively control their relationship to other credential information. Reversion of credential information to an earlier time is still another feature as is retrofitting existing SSO services. Computer program products and computing network interaction are also disclosed.03-05-2009
20090187979METHOD AND APPARATUS FOR GLOBAL UNIQUE IDENTIFIER, INCLUDING ID DATABASE - An entity can request the generation of a unique identifier to serve as a common identifier for the entity immune to changes in the entities contact information. A data base entry indexed at least in part by the unique identifier can be created for housing further contact information for the entity. The unique identifier can remain a constant focal point for contacting the entity or obtaining contact information about the entity. The entity can update contact information in the data base entry and as such, the unique identifier can be used to access current contact information.07-23-2009
20090025066SYSTEMS AND METHODS FOR FIRST AND SECOND PARTY AUTHENTICATION - First and second parties may be authenticated. After generating a challenge to the first party, two responses are received via the first party based on the challenge and two different keys. Two responses are also generated, and compared against the received responses. If the respective responses are verified, a confirmation is generated.01-22-2009
20090025070SYSTEM AND METHOD TO ENABLE SUBSCRIBER SELF-ACTIVATION OF WIRELESS DATA TERMINALS - A wireless telephone and messaging system provides Secure Immediate Wireless Access (SIWA) to wireless telephones onto existing wireless networks, such as GSM, CDMA, TDMA, and analog (AMPS). The SIWA protocol uses existing wireless network messaging to exchange information between wireless devices and a network server, referred to herein as an Intelligent service manger (ISM). The ISM acts as a gateway between wireless devices and wireless service provider, and provides the wireless devices with an immediate limited or unlimited access to the wireless network. The ISM can also deny access to the wireless network from unauthorized wireless devices.01-22-2009
20090025069MOBILE TERMINAL MAIL SYSTEM, MOBILE TERMINAL MAIL CONTROL METHOD, AND MOBILE TERMINAL MAIL CONTROL PROGRAM - The mobile terminal mail system includes a plurality of wireless communication networks having different communication speeds, a multi-access terminal including electronic mailer, and an electronic mailer activation server which is adapted to, when the multi-access terminal has connected to one of the wireless communication networks whose communication speed is equal to or greater than a fixed communication speed, activate an electronic mailer through the wireless communication network.01-22-2009
20090025068Authentication enforcement at resource level - The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.01-22-2009
20090025067GENERIC EXTENSIBLE PRE-OPERATING SYSTEM CRYPTOGRAPHIC INFRASTRUCTURE - A cryptographic device protocol provides a generic interface allowing pre-OS applications to employ any of a variety of cryptographic devices within the pre-OS environment. The generic interface can be used independent of the specific cryptographic devices and is independent of the cryptographic or hashing algorithms used by each device. Cryptographic functions may be performed in the pre-OS environment by pre-OS applications communicating with cryptographic device drivers using the cryptographic device protocol that is independent of the cryptographic devices. Each cryptographic device may be identified by a unique device identifier and may have a number of keys available to it, with each key being identified by a unique key identifier.01-22-2009
20090007244METHOD AND SYSTEM FOR NOTIFICATION AND REQUEST PROCESSING - Embodiments of a method and system for notification and request processing are disclosed. A service request for a second application may be received from a first application. Authorization of the first application to send the service request to the second application through a user communication client may be verified. A provider communication identifier of the second application may be identified. The service request may be provided from the user communication client to a provider communication client associated with the provider communication identifier.01-01-2009
20090199277CREDENTIAL ARRANGEMENT IN SINGLE-SIGN-ON ENVIRONMENT - Apparatus and methods arrange user credentials on physical or virtual computing devices utilizing a single-sign-on framework. During use, a plurality of target environments exist for a user to logon to one or more applications thereof, including at least a personal and workplace environment. One or more roles of the user are identified per each target environment, such as a shopper in the personal environment and an engineer or manager in the workplace environment. The user has credentials per each role and are used to logon using a single-sign-on session to access the one or more applications. The credentials are stored in a secret store corresponding to the defined roles of the user per either the personal or workplace environment. Workplace policies defining the roles or synching credentials are other features as are establishing default roles or retrofitting existing SSO services. Computer program products and computing interaction are also disclosed.08-06-2009
20090199276Proxy authentication - A first application that is hosted by a first machine receives a login request from a user. The first application requests authentication verification from a second application that is hosted by a second machine. The first application authenticates the user if the user was authenticated by the second application, wherein the user can be authenticated by both the first application and the second application after having provided authentication credentials to one of the first application or the second application.08-06-2009
20090049531Coordinating credentials across disparate credential stores - Apparatus and methods are described for coordinating user credentials across multiple disparate credential stores. A synchronizing engine requests and receives past and present credential information from the disparate credential stores. Users indicate which, if any, of the credential information they desire to synch together. Upon common formatting of the credential information, comparisons reveal whether differences exist between the past and present versions. If differences exist, the information is updated. In this manner, users link together various passwords, keys or other secrets to maintain convenience from a single point of control, such as in a single-sign-on (SSO) environment, regardless of the disparateness of the stores. The reverse is also possible such that linked credentials are accessible from the multiple stores. Retrofitting existing SSO services is another feature as are computer program products and computing network interaction. User or enterprise policies are also used in governing these credentials.02-19-2009
20090083838Method and System For Assuring Security of a Transaction in a Telecommunicaiton Network - The invention relates to a method for a beneficiary to acquire a right to use a digital content in a contents distribution system comprising a commercial server (03-26-2009
20090064292TRUSTED PLATFORM MODULE (TPM) ASSISTED DATA CENTER MANAGEMENT - Techniques for trusted platform module (TPM) assisted data center management are provided. A data center registers TPM remote attestations for physical processing environments of physical devices within a data center. Each time a physical processing environment is established; a new TPM remote attestation is generated and validated against the registered TPM remote attestation. Additionally, during registration other identifying information is supplied to the physical processing environments that permit each physical processing environment to be authenticated, validated, and controlled via unique identities. Inter-data center communication is established for sharing virtual processing environments and administrative operations are authenticated within each of the data centers perform any administrative operation is permitted to process within a particular data center.03-05-2009
20090064291System and method for relaying authentication at network attachment - An information processing system for remote access computing comprising a network access server and a local authentication server is augmented with the capability for relaying authentication requests by tunneling interactions between the requesting client and an identity provider.03-05-2009
20120079570METHOD AND APPARATUS FOR ACCELERATED AUTHENTICATION - Techniques for accelerated authentication include receiving first data that indicates a first portion of user credentials for a first user but not a second portion. It is verified whether the first portion of user credentials is valid. If the first portion of user credentials is valid, then second data that indicates a valid value for the second portion of user credentials for the first user is sent. Other techniques include receiving first data that indicates a first portion of user credentials for a first user but not a second portion of user credentials for the first user. A first message that indicates the first portion of user credentials is sent to a remote process that initiates authentication of the first user based on the first portion of user credentials before receiving second data that indicates the second portion of user credentials for the first user.03-29-2012
20090083839Fingerprint system and method for access control - A fingerprint method for access control includes the steps of: providing an application server (03-26-2009
20090070861WIRELESSLY ACCESSING BROADBAND SERVICES USING INTELLIGENT CARDS - The present disclosure is directed to a system and method for wirelessly accessing broadband services using intelligent cards. In some implementations, a broadband service card includes a physical interface, a communication module, secure memory, and service module. The physical interface connects to a port of a consumer host device. The communication module wirelessly receives RF signals from and transmits RF signals to a wireless broadband network. The secure memory stores user credentials used to securely authenticate the card and access a service foreign to the consumer host device through the wireless broadband network independent of the consumer host device. The user credentials are associated with a broadband service provider. The service module accesses the foreign service using the user credentials in response to at least an event and transmits a service request to the broadband service provider using the wireless broadband core network.03-12-2009
20080263640Translation Engine for Computer Authorizations Between Active Directory and Mainframe System - The invention provides a method and system of implementing a high performance “non-RACF external security-manager product,” which maintains and translates a merged single source of authorizations to both mainframe and Microsoft Windows Active Directory (AD) systems. In one embodiment, a method comprises generating at a server computer access information for a mainframe computer indicative of mainframe authorization for a set of users, receiving from the mainframe computer information indicative of an authorization request, the information indicative of the authorization request identifying a user trying to access the mainframe computer, and sending at least a portion of the access information from the server computer to the mainframe computer, the portion of the access information including mainframe access information for the user.10-23-2008
20090077640SYSTEM AND METHOD FOR VALIDATING USER IDENTIFICATION - A method for validating user identification includes the steps of: guiding a user to input a user ID through a login interface; comparing the user ID with original identifications stored in a database (03-19-2009
20110231909TERMINAL DEVICE AUTHENTICATION METHOD, TERMINAL DEVICE AND PROGRAM - Disclosed is an authentication method for a terminal device having an authentication function. The authentication method for a terminal device which performs authentication when a security lock is released so as to operate a security-locked function includes comparing a plurality of authentication information used for the authentication with a plurality of authentication keys corresponding to the plurality of authentication information input in accordance with a function operation request so as to perform authentication, and when the authentication is successful, releasing the security lock so as to operate the function. The plurality of authentication information and the plurality of authentication keys respectively include at least one image.09-22-2011
20090144811CONTENT DELIVERY SYSTEM - The selection of video content to be delivered to a video reproducing terminal is enabled from a communication terminal with WEB function without exposing a user ID. When a terminal makes a transfer request of content data, a web server requests a delivery management server for a transfer ID. The delivery management server issues the transfer ID each time the request is made and transmits it to the web server. The web server transmits the content data to a delivery server. The delivery server stores the content data from the web server correspondingly to the transfer ID. When receiving a delivery request including a transfer ID inputted to a video reproducing terminal from the video reproducing terminal, the delivery server reads the content data corresponding to the received transfer ID, and transmits it to the video reproducing terminal.06-04-2009
20090205026File transfer system for direct transfer between computers - A file authentication requesting device that stores a computer program for requesting authentication of files in digital systems, the device comprises a confirmation request system that generates a request for a confirmation receipt from a third party authenticator authenticating the attributes of a file; a transferring system that transfers attributes of at least one file to be authenticated to the third party authenticator from the device that requested the confirmation; and a receiving system that receives the confirmation receipt comprising authenticated file attributes, after authentication by the third party authenticator; wherein, at least one file authentication is received from the third party authenticator. Corresponding processing devices, media, systems and methods are also provided.08-13-2009
20090205025Wireless apparatus and method for configuring access point with wireless terminal - A wireless apparatus and a method for configuring an access point with a wireless terminal are disclosed. The wireless apparatus comprises at least one access point with a SSID and a security key. The SSID has a default value and the security key has a null value. The access point is enabled when the wireless apparatus is in an initial status. The SSID and the security key are respectively set with predetermined values through the wireless terminal when the access point is enabled. When the setting of the SSID and the security key is done, the access point then is disabled.08-13-2009
20090205024SYSTEM AND METHOD FOR DYNAMIC LAYER 2 WHOLESALE - Methods and systems consistent with the present invention provide a dynamic mechanism to support wholesale access for broadband subscribers. This mechanism involves dynamically discovering a retail ISP for a subscriber, and dynamically cross-connecting a subscriber's connection to a logical connection corresponding to a retail ISP, and is equally applicable to static, PPP and DHCP-based subscribers. Furthermore, dynamic steering of subscribers can be performed at layer 2 or layer 3 of the OSI model.08-13-2009
20090210932ASSOCIATING NETWORK DEVICES WITH USERS - Systems, devices, and methods for associating network devices with users are described, which can facilitate establishing a secure user to network device association. In various embodiments, the disclosed subject matter facilitates devices providing indication of location and device identity to a user and recognizing the user is in the proximity of the device. The disclosed subject matter provides efficient and secure device to user association and can facilitate performing customized actions based on the nature of the association.08-20-2009
20090222895Systems and Methods of Network Operation and Information Processing - Systems and methods are disclosed for network operation and information processing involving engaging users of a network. In one exemplary embodiment, there is provided a method of engaging users of a public-access network. Moreover, the method includes associating a processing component with the public-access network; transmitting a request for authorization to use the public-access network, including transmission of a specific identifier associated with the user; transmitting first data including data determined by processing software as a function of the specific identifier; and opening up a connection to the network for the user. In one or more further embodiments, the specific identifier may include or be a function of a processing component ID or the MAC address of a device associated with the user. Other exemplary embodiments may include building profiles of users who access the network based on information collected.09-03-2009
20090100508METHOD AND APPARATUS FOR THE SECURE IDENTIFICATION OF THE OWNER OF A PORTABLE DEVICE - An authentication system is provided that includes a portable device and a decryption node. An individual uses the portable device, such as a portable device like a cell phone to compute a challenge and a response. The challenge and response is sent to a decryption node. In response, the decryption node computes a presumed response and compares the presumed response to the response of the portable device, in order to authenticate the individual associated with the portable device.04-16-2009
20090249450SYSTEM AND METHOD FOR CONTROLLING A WEBSPHERE PORTAL WITHOUT THE REQUIREMENT OF HAVING THE ADMINISTRATOR CREDENTIAL ID AND PASSWORD - A system and method for securely controlling (e.g., “starting” and “stopping”) a WebSphere Portal (WP) in a production environment without the requirement of having knowledge of (and using) the administrator credentials (ID and password). The system and method, as implemented in a Java application, receives from requesting users and determines whether the requesting users are authorized to control (start/stop) the portal by comparing each requesting user's ID and PW against a list of authorized user IDs and PWs and, if there is a match, passing on the authorized user ID and PW to the portal for controlling (starting/stopping) the WebSphere Portal. The system and method further conveys portal control request authorized user acceptances or portal control request unauthorized user rejections—depending upon whether the requesting user's ID and PW matches any of the list of authorized user IDs and PWs.10-01-2009
20090254981Volatile Device Keys And Applications Thereof - A key is determined from a volatile response using circuitry on the device. The volatile response depend on process variation in fabrication of the device. Error control data that depends on the first volatile response can be computed, stored externally to the device, and then used to generate the key using a volatile response using the circuit. Applications of volatile keys include authentication and rights management for content and software.10-08-2009
20090249452Systems and Methods for Flexible Service Delivery Network Services - A system and method are described that use a subscriber-centric approach to scalably support the delivery of network services across numerous access protocols and across a multitude of access devices. By allowing the use of a service engine that can range in complexity from a simple macro to a rules engine, this approach is suitable for bundled services, as well as single services.10-01-2009
20090249451Access to Trusted User-Generated Content Using Social Networks - A method to access trusted user generated content (UGC) is provided. User registration information containing one or more identities is obtained. Each identity corresponds to an internet social network that is facilitated by one of a plurality of social network sites. The social relationships are collected using the provided user identities at the different social network sites and user extended social networks are created for each user by joining the social relationships collected. Then, UGC is collected from the plurality of social network sites and the collected UGC is correlated with the extended social networks. The correlated UGC is filtered according to the user configuration of a user making a request, and then the results are presented to the requesting user. A search function is provided to obtain information on demand, or alternatively, a user receives feeds of information according to configured information regarding the user's extended social network.10-01-2009
20090249455METHOD FOR IDENTIFICATION USING BLUETOOTH WIRELESS KEY - A Bluetooth host solves the aforementioned problems by evaluating a Bluetooth service provider server ID and by determining which of a plurality of access IDs map to the server ID and, correspondingly, providing a Bluetooth access ID that corresponds thereto. Accordingly, one Bluetooth host may readily gain access to any one of a plurality of different devices and different types of devices. Additionally, the Bluetooth host includes capacity to store and provide additional supporting information according to the type of device that is the Bluetooth service provider. Generally, the Bluetooth host stores a plurality of access or link IDs in relation to a plurality of master device IDs and, upon detecting a beacon, determines what access or link ID to provide and whether to provide additional stored information.10-01-2009
20080307513Verifying authenticity of instant messaging messages - A certificate registry system is configured to issue authentication certificates to each one of a plurality of information providers and to maintain a root certificate corresponding to all of the authentication certificates. Each one of the authentication certificates links respective authentication information thereof to identification information of a corresponding one of the information providers. Each one of the authentication certificates includes a respective Instant Messaging (IM) screen name information of the information provider. The authentication certificates of the certificate registry are associated in a manner at least partially dependent upon at least one of a particular type of information that the information providers provide, a particular organization that the information providers are associated with, a particular type profession in which the information providers are engaged and a particular geographical region in which the information providers are located.12-11-2008
20100154037TECHNIQUES FOR NETWORK PROCESS IDENTITY ENABLEMENT - Techniques for network process identity enablement are provided. Inter-server communications within a network are intercepted so that unique identity-based information is gathered and recorded before a sending process is permitted to release a communication over the network to a receiving process. Moreover, the receiving process cannot process the communication being sent until identifying information is gathered again and independently validated against the prior recorded information.06-17-2010
20100154038Dynamic File Access To Files Of Unmapped Remote Computers - Dynamically providing access to files of presently unmapped remote computers, including, responsive to receiving a file access request from a user, displaying a file access Graphical User Interface (‘GUI’) dialog box; receiving, from the user through the file access GUI dialog box, a Uniform Resource Locator (‘URL’) representing a file location on a remote computer, wherein the URL specifies a particular access protocol among a number of available access protocols, a network location of the remote computer, a port number, and a file system path; and accessing, in dependence upon the URL, a file on the remote computer at the file system path through data communications established between a local server module and a remote server running on the remote computer using the particular access protocol, the network location of the remote computer, and the port number.06-17-2010
20100154040METHOD, APPARATUS AND SYSTEM FOR DISTRIBUTED DELEGATION AND VERIFICATION - A method for distributed delegation and verification includes: a service provider generating first delegation information including authorization credentials and self-signed credentials thereof to establish a delegation relationship with a first service node; the first service node generating second delegation information including the authorization credentials in the first delegation information and self-signed credentials thereof to establish a delegation relationship with a service requestor; upon receipt from the service requestor of a service request including the delegation information issued to the service requestor, the service provider requesting the first service node to verify the self-signed credentials in the delegation information in the service request; the first service node performing verification; and upon successful verification by the first service node, the service provider verifying the authorization credentials in the delegation information in the service request and, upon successful verification, granting the service request.06-17-2010
20100162368Method, apparatus and system for remote management of mobile devices - An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible.06-24-2010
20100162372Configurable user management - A user is authenticated by receiving an indication that a portal user wants to access a server. An attempt is made to access the server using a first authentication technique. If the first technique fails, an attempt is made to access the server using a second authentication technique.06-24-2010
20100162370MANAGING HOST APPLICATION PRIVILEGES - A method and system of controlling access to a hardware or software feature provided by a host is disclosed. An application seeking authorization to access a feature transmits a credential and an index to a host agent within the host. The index is associated with the requested feature. The host agent reads credential validation data from a storage location corresponding to the index in a non-volatile storage device in communication with the host. The validity of the credential is determined based on the credential validation data, and an authorization is transmitted if the credential is valid. A third party can control the outcome of the validity determination by sending an instruction to the host to replace the credential validation data with invalid data that causes the validity test to fail. The third party can also control the non-volatile storage device data used by the application to calculate the credential.06-24-2010
20100162369Automatically Adding User Names to Server User List - A system and method in which when a user logs into a client computer with his user name, the client computer determines the existence of a server and the server automatically adds the user name to the list of users maintained by the server, is disclosed. With the user name automatically populated in the server user list, the administrator may easily select and configure access for the user.06-24-2010
20090288148Multi-channel multi-factor authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication.11-19-2009
20100192206BULLETIN BOARD SYSTEM, TERMINAL DEVICE OF BULLETIN BOARD SYSTEM, AND SERVER DEVICE OF BULLETIN BOARD SYSTEM - A unique authentication ID is given to a television to automatically log in a server by using the ID. A password used for logging in the server is registered to the server from the television for each mobile phone of sub-users who share the television. A message may be input from both of the television and the mobile phone. The authentication ID, the password, a message, a user name, and an input date are stored in the server. When being accessed from the television or the mobile phone, the server generates and transmits an HTML to be displayed on the television or the mobile phone, and thus, a message is displayed in a predetermined display format for each of the television and the mobile phone.07-29-2010
20100186071NETWORK AUTHENTICATION SYSTEM AND METHOD - A network authentication system and method are provided. When an authentication request is initiated by a user of a computer device through a network, a display interface displaying an identifier, an authentication (matching) result corresponding to the identifier and one or more non-authentication (bogus) results unrelated to the identifier are transmitted to the computer device. The user then chooses among the authentication result and the non-authentication results with the goal of choosing the result that is associated with displayed identifier. If a non-authentication result is chosen, the user is given an opportunity to repeat the authentication. The identifier includes advertising information, thereby predictably producing a desired advertising effect.07-22-2010
20100186070System, device and method for secure provision of key credential information - A system for secure provision of key credential information is provided. The system comprises secure logic circuitry for being disposed in a host computer. The secure logic circuitry detects a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information; generates a message for prompting a user for provision of the key credential information; receives the key credential information; and provides the key credential information to the remote computer absent processing using circuitry of the host computer. The system further comprises a secure user interface cormected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry.07-22-2010
20120198526SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR MESSAGE AUTHENTICATION TO SUBSCRIBERS OF AN INTERNET SERVICE PROVIDER - An internet service provider (ISP) is configured to provide notification messages such as service updates to subscribers via redirected web pages. In order for the web pages to be treated as originating from the ISP, the ISP provides a shared secret in the browser message. The shared secret may be a secret not derivable by viruses or trojans in the subscriber computer, such as a MAC address of the subscriber modem.08-02-2012
20120198524RESUMABLE PRIVATE BROWSING SESSION - A resemble private browsing session is activated on a network computing device communicatively coupled via a network to other network computing devices. The private browsing session restrictedly saves one or more network browsing memories corresponding to activity between the network computing device and other network computing devices. The one or more network browsing memories are restrictedly saved under protection of a private credential. After the private browsing session has ended, access to the private browsing session is blocked unless a received credential submission matches the private credential. If the received credential submission matches the private credential, the private browsing session is resumed with access to the one or more network browsing memories.08-02-2012
20120124652SYNCHRONIZATION APPARATUS AND METHOD - Disclosed herein is a synchronization apparatus and method. The synchronization apparatus includes a server synchronization determination unit for determining whether synchronization with a server is possible. A device search unit searches for a communication-enabled neighboring device if it is determined that synchronization with the server is impossible. A multi-hop synchronization processing unit transmits synchronous data to the neighboring device, thus enabling synchronization with the server via the neighboring device. In the synchronization method, whether synchronization with a server is possible is determined. If it is determined that synchronization with the server is impossible, a communication-enabled neighboring device is searched for. Synchronous data is transmitted to the neighboring device, thus enabling synchronization with the server via the neighboring device.05-17-2012
20090077638Setting and synching preferred credentials in a disparate credential store environment - Apparatus and methods are described for using preferential credentials in an environment of multiple disparate credential stores. For at least two disparate credential stores, credential information is known, including a preferred credential indicated by a user. Upon indication of a desire to link another credential information to the preferred credential information, the two are mapped to one another. Users can sign-on, singularly, with the preferred credential information, and have access to both the disparate credential stores. A credential value can be shared by multiple credential ID's or one credential ID can be associated with multiple credential values thereby giving users the ability to cross-reference secrets and credentials for most efficiency. Default credentials are also possible as are retrofits for existing SSO services. Policy applications, computer program products and computing network interaction are other noteworthy features.03-19-2009
20090077636AUTHORIZING NETWORK ACCESS BASED ON COMPLETED EDUCATIONAL TASK - In one embodiment, a method comprises authentication a user of a client device by a network access device; selectively sending an education assignment request to an authorization server, by the network access device, in response to receiving a request from a client device for access to a network and based on determining the user requires educational authorization to access the network, the education assignment request including an identifier for identifying the user; forwarding to the client device an educational assignment received from the authorization server for completion by the user of the client device; forwarding to the authorization server a response to the educational assignment and having been received from the client device; and selectively authorizing, by the network access device, the access to the network by the client device based on a received authorization message from the authorization server relative to the response to the educational assignment.03-19-2009
20090077639SYSTEM AND METHOD OF PROCESSING AN AUTHORING ASSIGNMENT - A system and method of processing an authoring assignment enable an authoring assignment to be requested, forwarded, created, modified, accepted, rejected, and published electronically. A request that an authoring assignment be completed may be created and communicated electronically using an authoring assignment processing system. The request may be received by one or more users that may process the assignment. A completed assignment may be forwarded for approval to the user that requested the assignment. The requestor may approve or reject the assignment. A notification may be transmitted, for example, via electronic mail, text message, phone call, facsimile, etc. to the user that created the assignment notifying the user that the assignment has been approved or rejected. The assignment may be forwarded to another user, published, or have another function performed thereon. The system and method may maintain a history of actions performed on the assignment and data relating to each of the actions. Notes and other documents may be attached to the authoring assignment. The request and assignment may be stored as proxy documents. The proxy documents may be converted to a final document upon acceptance of the assignment. The proxy documents contain metadata of the final document that enable the proxy document to act as the final document until the final document is created.03-19-2009
20090077637METHOD AND APPARATUS FOR PREVENTING PHISHING ATTACKS - The invention includes a method and apparatus for preventing phishing attacks. A first method, for informing a user that a remote server is valid, includes receiving a request for information available from the remote server where the request includes an identifier, obtaining a dynamic personal attribute associated with the user using the identifier, and propagating the dynamic personal attribute toward the user, wherein the dynamic personal attribute is adapted for use by the user in validating the remote server. The remote server may be a web server, an authentication server, or any other remote device with which the user may desire to authenticate. A second method, for informing a user that a received message is associated with a valid website, includes obtaining a dynamic personal attribute associated with a user, generating a message for the user where the message is adapted to enable the user to request a website and includes the dynamic personal attribute associated with the user, and propagating the message toward the user. The received message may be any type of message, such as an email message, an instant message, a text message, and the like.03-19-2009
20100162371Login security with short messaging - Additional security is provided for on-line account users beyond that which is otherwise conventionally provided by, e.g., longer passwords, passwords that include both characters and numbers, etc., by implementing an on-line server that notifies a pre-registered account holder via a short messaging system (SMS) with a short message login notification when a log-in (or even just a login attempt) occurs. Thus, even entry of the proper user/password information, which would conventionally be presumed to be authorized, will be notified to the registered SM address of the authorized user.06-24-2010
20100235891METHOD AND SYSTEM FOR FACILITATING SYNCHRONIZING MEDIA CONTENT BETWEEN A VEHICLE DEVICE AND A USER DEVICE - A user uploads content such as files containing audio, video, graphical, data, points of interest, and other information from a user device such as a personal computer to a central server over the interne. Upon determining that a trigger event has occurred, communication and processing circuitry in a vehicle device automatically download the previously uploaded content over the interne and a short-range wireless network and store the content for use by a device such as an audio/visual/navigation unit. Examples of a trigger event include proximity to a short-range wireless communication network coupled to the internet, presence within a geofence, turning off a vehicle's engine, or detecting an SMS wake-up message while the vehicle device's main processor, transceivers not used for SMS, and auxiliary circuitry are in sleep mode. The short-range wireless network can be a vehicle owner's home network, or a commercial wi-fi hot spot, or subscription wireless service.09-16-2010
20100242099Method and apparatus of UI design for web-based computer user working environment - This invention takes the course of evolution and creating a web based computer user work environment for a control management station and its associated systems on the network crossing Intranet, Internet or LAN. Therefore, users can access and manage the control management station and all its associated system through web browser on any other systems or devices. To establish a web based computer user work environment, the resources information on control management station and on associated systems on network need to be collected and convert them to standard structured format for web based communication and further displaying them in web browser. These information need to be collected by control management station at its and the associated systems' boot up time or at the time when a user logins and requests to access and manage these resources.09-23-2010
20120036564PEER ENROLLMENT METHOD, ROUTE UPDATING METHOD, COMMUNICATION SYSTEM, AND RELEVANT DEVICES - Embodiments of the present invention disclose a peer enrollment method, a route updating method, a communication system, and relevant devices to improve security of a peer-to-peer (P2P) network. The peer enrollment method includes: receiving an enrollment request from a peer, where the enrollment request carries identity information of the peer; verifying the identity information of the peer, and if the verification succeeds, obtaining peer location information of the peer and generating a peer credential according to the peer location information; and sending the peer credential carrying the peer location information to the peer so that the peer joins the P2P network according to the peer credential. Embodiments of the present invention further provide a route updating method, a communication system, and relevant devices. Embodiments of the present invention may improve security of the P2P network effectively.02-09-2012
20100218240Authentication system and method - An authentication system includes one or more terminals in communication with a server on a network. The server is operable to receive user login information; and generate an authentication data set having: a plurality of decoy data; an anchor data, wherein the anchor data is based on information from a user profile; and target data in a predetermined relationship relative to the anchor data. The server is also operable to generate a decoy data set having: a plurality of second decoy data; and at least one anchor data. The server may then display the authentication data set and decoy data set and determine an authentication result by performing a predetermined manipulation of the target data. The server may receive a user response to an authentication prompt; and authenticate the user if the authentication result and user response are the same.08-26-2010
20100242100NETWORK ACCESS AUTHENTICATION - The invention relates to a method, an element, and a system for providing access authentication for a user using user equipment (09-23-2010
20100218241AUTHENTICATION USING A WIRELESS MOBILE COMMUNICATION DEVICE - An authentication scheme may be used to decide whether to permit access to a user account access to which is controlled by a network resource server. An initial portion of a password is received at a mobile communication device, and a remaining portion of the password is received at a password client installed in or otherwise coupled to the network resource server. The initial portion is communicated from the mobile communication device to the network resource server, where it is passed to the password client, which combines it and the remaining portion to produce a complete password. A value calculated by the password client from the complete password is sent to a password server, which generated the password and sent the initial portion and remaining portion. If the value matches a value calculated by the password server from the complete password in the same manner, authentication has succeeded.08-26-2010
20100211999NETWORK PROTECTING AUTHENTICATION PROXY - It is convenient to allow access to a private network, such as a corporate intranet, or outward facing extranet application, from an external network, such as the Internet. Unfortunately, if an internal authentication system is used to control access from the external network, it may be attacked, such as by a malicious party intentionally attempting multiple invalid authentications to ultimately result in an attacked account being locked out. To circumvent this, an authentication front-end, proxy, wrapper, etc. may be employed which checks for lockout conditions prior to attempting to authenticate security credentials with the internal authentication system.08-19-2010
20100251345Adaptive HTTP Authentication Scheme Selection - A method is presented for selecting an HTTP authentication scheme at a client computer. A request message is sent from the client computer to a server computer to access information on the server computer. In response, the client computer receives a response message from the server computer. The response message includes an HTTP header that includes a first scheme identifier, indicating a first HTTP authentication scheme and a second scheme identifier, indicating a second HTTP authentication scheme. If the client computer does not support the second HTTP authentication scheme, the client computer uses the first HTTP authentication scheme when sending another HTTP message to the server computer. If the client computer supports the second HTTP authentication scheme, the client computer uses the second HTTP authentication scheme when sending another HTTP message to the server computer.09-30-2010
20100251347SIMPLE, SECURE LOGIN WITH MULTIPLE AUTHENTICATION PROVIDERS - A secure distributed single-login authentication system comprises a client and a server. The client collects authentication credentials from a user and tests credentials at a variety of potential authentication servers to check where the login is valid. It combines a password with a time-varying salt and a service-specific seed in a message digesting hash, generating a first hash value. The client sends the hash value with a user name and the time-varying salt to a selected server. The server extracts the user name and looks up the user name in the server's database. If an entry is found, it retrieves the password, performing the same hash function on the combination of user name, service-specific seed, and password to generate a second hash value, comparing the values. If the values match, the user is authenticated. Thus, the system never reveals the password to authentication agents that might abuse the information.09-30-2010
20100251346AUTOMATIC LICENSE KEY INJECTION - A method, server and system for obtaining a licensed application is provided. In one example embodiment, the method comprises: receiving an application download request from a user of the electronic device by way of an input mechanism associated with the electronic; transmitting a download request from the electronic device to an application delivery server; receiving an application from the application delivery server at the electronic device; receiving a license key from the application delivery server; and automatically injecting the license key into the application.09-30-2010
20100115594AUTHENTICATION OF A SERVER BY A CLIENT TO PREVENT FRAUDULENT USER INTERFACES - Protecting a user against web spoofing in which the user confirms the authenticity of a web page prior to submitting sensitive information such as user credentials (e.g., a login name and password) via the web page. The web page provides the user with an identifiable piece of information representing a shared secret between the user and the server. The user confirms the correctness of the shared secret to ensure the legitimacy of the web page prior to disclosing any sensitive information via the web page.05-06-2010
20100122326Systems and Methods for State-Less Authentication - Systems and methods for providing user logon and state-less authentication are described in a distributed processing environment. Upon an attempted access by a user to an online resource, transaction, or record, a logon component asks the user to supply a logon ID and a password. The logon component verifies the provided information, and upon successful identification, a security context is constructed from information relevant to the user. The security context is sent to the user and is presented to the system each time the user attempts to invoke a new resource, such as a program object, transaction, record, or certified printer avoiding the need for repeated logon processing.05-13-2010
20100122325Data Session Authentication Credentials Update For A Wireless Communication Device - Methods and apparatus of a wireless portable communication device for maintaining appropriate authentication credentials for accessing a data application maintained in a service network are provided. A default access point name (APN) or network access identifier (NAI) is maintained in memory of the wireless device. The wireless device submits, via a default wireless network, the default APN or NAI for establishing a data session in the default wireless network. The wireless device is then able to receive, in the data session via the default wireless network, a message service using the common data application maintained in the service network. In response to a change in service subscription for the wireless device, the wireless device receives, via a current cellular network, a current APN or NAI and stores it in its memory. The wireless device then submits, via the current wireless network, the current APN or NAI for establishing a data session in the current wireless network. The wireless device is then able to receive, in the data session via the current wireless network, the message service using the common data application maintained in the service network.05-13-2010
20100064354MAIDSAFE.NET - This invention is a network that is defined by its novel approach to privacy, security and freedom for its users. Privacy by allowing access anonymously, security by encrypting and obfuscating resources and freedom by allowing users to anonymously and irrefutably be seen as genuine individuals on the network and to communicate with other users with total security and to securely access resources that are both their own and those that are shared by others with them. Further, this invention comprises a system of self healing data, secure messaging and a voting system to allow users to dictate the direction of development of the network, whereby adoption or denial of proposed add-ons to the network will be decided. System incompatibilities and security breaches on networks and the Internet are addressed by this invention where disparity and tangents of development have had an undue influence. The functional mechanisms that this invention provides will restore open communications and worry-free access in a manner that is very difficult to infect with viruses or cripple through denial of service attacks and spam messaging, plus, it will provide a foundation where vendor lock-in need not be an issue.03-11-2010
20090328164Method and system for a platform-based trust verifying service for multi-party verification - A method and system for a platform-based trust verifying service for multi-party verification. In one embodiment, the method includes a client platform accessing an service provider over a network. Upon accessing the service provider, the client platform receives a request from the service provider for platform measurement and verification. The client platform collects platform information and performs measurement and verification, including performing an integrity manifest comparison. If the integrity manifest comparison indicates a good client platform posture, then the client platform signs the client platform posture and sends an approval notification to the service provider indicating that the client platform has not been compromised. The client platform may then receive the service of the service provider. If the integrity manifest comparison indicates that the client platform posture is not good, then the client platform will send a failure notification to the service provider indicating that the client platform has been compromised.12-31-2009
20090288149SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS - A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requester identifying information; generating an authentication request to send to an authentication authority, the authentication request including requester identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer.11-19-2009
20090328163SYSTEM AND METHOD USING STREAMING CAPTCHA FOR ONLINE VERIFICATION - An improved system and method using a streaming captcha for online verification is provided. A request sent by a client device may be received by a server to serve a streaming captcha to the client device. A server may compose a streaming captcha by superimposing a captcha character string on a video. The streaming captcha may be streamed to the client device. The streaming captcha may be displayed on the client device, and a character string input by a user may be received in response to display of the streaming captcha. The character string received may be sent to the server for verification. The server may verify that the character string received is the same as the captcha character string displayed in the streaming captcha. The server may then send an indication of the verification to the client device.12-31-2009
20110067091NEXT GENERATION INTEGRATION BETWEEN DIFFERENT DOMAINS, SUCH AS, EXTERPRISE AND SERVICE PROVIDER USING SEQUENCING APPLICATIONS AND IMS PEERING - The present invention provides mechanisms for sharing user information, including user authentication information, across communication networks and more specifically across networks separated by one or more Session Border Controllers (SBCs). The authentication of a user at one network can be leveraged by the second network to invoke one or more applications at the second network in connection with administering a communication session for the user.03-17-2011
20080313717Communication-Address Issuing Apparatus, Communication-Mediating Apparatus, Communication-Mediating Method, Program, and Recording Medium - [Problem] To provide a communication-address issuing apparatus, a communication-mediating apparatus, and so on capable of enhancing the security level to prevent someone else from intercepting exchange of communication without permission.12-18-2008
20110239281METHOD AND APPARATUS FOR AUTHENTICATION OF SERVICES - An approach is provided for authenticating services at a device. An authentication request from a service platform is received at a device. Local credentials to authenticate access to a storage are retrieved. The access to the storage is authenticated based, at least in part, on the local credentials. If authenticated, it is determined that account information for the service platform is in the storage. The account information includes authentication credentials associated with the service platform, a security policy associated with the service platform, or a combination thereof. A response to the authentication request is generated based, at least in part, on the account information.09-29-2011
20090320105AUTHENTICATION OF USER INTERFACE ELEMENTS IN A WEB 2.0 ENVIRONMENT - A method for managing authentication of user interface elements in a user interface can be provided. The method can include displaying a plurality of widgets in the web browser and sending an HTTP request for data to a web site, wherein the HTTP request is sent via an XMLHttpRequest API. The method can further include receiving from the web site a 401 HTTP status code associated with a custom “WWW-Authenticate” header value indicating that the HTTP request is unauthorized for communication with the web site and detecting the custom “WWW-Authenticate” header value. The method can further include displaying in a first widget of the plurality of widgets a text field for entering user credentials. The method can further include sending to the web site an HTTP request including the user credentials entered by a user, wherein the HTTP request is sent via the XMLHttpRequest API.12-24-2009
20120246706SYSTEMS, DEVICES, AND METHODS FOR SECURELY TRANSMITTING A SECURITY PARAMETER TO A COMPUTING DEVICE - Embodiments of the systems, devices, and methods described herein generally facilitate the secure transmittal of security parameters. In accordance with at least one embodiment, a representation of first data comprising a password is generated at the first computing device as an image or audio signal. The image or audio signal is transmitted from the first computing device to the second computing device. The password is determined from the image or audio signal at the second computing device. A key exchange is performed between the first computing device and the second computing device wherein a key is derived at each of the first and second computing devices. In at least one embodiment, one or more security parameters (e.g. one or more public keys) are exchanged between the first and second computing devices, and techniques for securing the exchange of security parameters or authenticating exchanged security parameters are generally disclosed herein.09-27-2012
20090144810METHOD AND APPARATUS FOR PROVIDING AUTHENTICATION - A method and apparatus for providing authentication are disclosed. For example, the method receives a request from a customer to access a service via a first user endpoint device, and sends a first authentication request to the customer for first authentication information. The method then sends a second authentication request to the customer for second authentication information via a second user endpoint device if the first authentication information is received, wherein the first user endpoint device is different from the second user endpoint device. The method then enables the customer to proceed with accessing the service if the second authentication information is received.06-04-2009
20090125989EXTENSION POINT APPLICATION AND CONFIGURATION OF A LOGIN MODULE - Embodiments of the present invention address deficiencies of the art in respect to applying application security to an extension point oriented application framework, and provide a novel and non-obvious method, system and computer program product for log-in module deployment and configuration in an extension point oriented application. In this regard, a method for log-in module deployment and configuration in an extension point oriented application can include installing a proxy to a login controller plug-in for the extension point oriented application, and proxying login module directives from an external security service to the login controller plug-in for the extension point oriented application.05-14-2009
20090113528TECHNIQUES FOR AUTHENTICATION VIA NETWORK CONNECTIONS - Techniques for authenticating network connections are provided. A client makes a request to connect to a server via a client service. The server delays the request to acquire a signature for the client service from the requesting client's environment. The signature is compared against a known and previously verified signature. When the two signatures match, the server permits the connection between the client and the service via the client service. When the two signatures do not match, the server denies the connection between the client and the server and does not permit the client service to process a request to make that connection.04-30-2009
20120144460METHODS AND DEVICES FOR ACCESS AUTHENICATION ON A COMPUTER - The invention discloses methods for preventing unauthorized and potentially illegal access to password-protected accounts. Specifically, the invention allows for inclusion of time-related data to distinguish between a human and computer as the source of a password, either in its creation or in its delivery to a server to gain access to a web-based account.06-07-2012
20080250479WORKFLOW EXECUTING APPARATUS AND CONTROL METHOD OF THE APPARATUS AND PROGRAM THEREOF - A workflow executing apparatus that executes processing in accordance with a workflow, the apparatus comprising: a workflow information storage section that stores workflow information describing the workflow; a transmission control section that transmits an e-mail during the process of the workflow to a user that requested that workflow, in accordance with the stored workflow information; and a workflow execution section that adds identification information of e-mails transmitted prior to the e-mail transmitted by the transmission control section to the stated e-mail and sends the e-mail.10-09-2008
20100299729Server Computer Issued Credential Authentication - Methods and systems for authenticating computers is disclosed. The methods and system include issue a credential from a first computer to a second computer. When the second computer authenticates to the first computer, the second computer transmits the credential and a first challenge to the first computer. The first computer determines whether the credential is valid, computes a first response to the first challenge, and generates a second challenge. The first computer transmits the first response and the second challenge to the second computer. The second computer determines whether the first response is valid and computes a second response to the second challenge. The second computer transmits the second response to the first computer in order to verify and authenticate the computers.11-25-2010
20090037985Automated Peer Authentication - An apparatus and methods are disclosed for performing peer authentication without the assistance of a human “guard.” In accordance with the illustrative embodiments, a peer is selected from a non-empty set of candidates at authentication time based on one or more of the following dynamic properties: the current geo-location of the user to be authenticated; the current geo-locations of the candidates; the current time; the contents of one or more directories (e.g., a telephone directory, an organizational chart or directory, etc.), the contents of one or more call logs; and the candidates' schedules.02-05-2009
20100306833AUTONOMOUS INTELLIGENT USER IDENTITY MANAGER WITH CONTEXT RECOGNITION CAPABILITIES - A remotely located, uniquely identified resource can serve an application utilized by the Web browser. Access to the application can require authentication including a userid and password. A memory for a record associated with the application can be queried. The memory can include a set of userids and passwords indexed against unique application identifiers that are independent upon server identifiers or URLs. Responsive to querying the memory, a match between the application requiring authentication and a unique application identifier in the memory can be determined. A userid and password can be provided without manual input from a user from memory that is associated with the unique application identifier to the remotely located. The uniquely identified resource can use the userid/password as authentication to access the served application.12-02-2010
20090070859Method and Apparatuses for Secure, Anonymous Wireless Lan (WLAN) Acess - A method and system for providing secure, anonymous access to a wireless local area network, including configuring an access point to drop packets except packets exhibiting an URL access protocol like HTTP and HTTPS, intercepting a URL access request by an access point from a mobile device via a web browser, re-directing the URL access request to a web server by the access point generating a security key by one of the access points and the web server, communicating the generated security key to the said web server securely by the access point or vice versa and setting the security key by the access point is described. A mobile device including means for forwarding a request for secure access to a wireless local area network via a URL access request, means for receiving a mobile code or a signal for displaying a security key and means for setting the security key is also described.03-12-2009
20130133045Method for directing requests to trusted resources - The present invention enables an enterprise to move from an implicitly trusted resource pool to an explicitly authenticated resource pool. Trust information is generally conveyed whenever a new resource is added to the pool and trust information is revoked when a resource is removed from the pool or is unable to provide its advertised resources. The dynamic, event driven conveyance of trust information is particularly important in highly virtualized environments where virtual resources are dynamically scaled up and down in response to resource demand.05-23-2013
20130133046SEARCH SERVICE ADMINISTRATION WEB SERVICE PROTOCOL - The embodiments described herein generally relate to a method and system for enabling a client to configure and control the crawling function available through a crawl configuration Web service. A client is able to configure and control the crawling function by defining the URL space of the crawl. Such space may be defined by configuring the starting point(s) and other properties of the crawl. The client further configures the crawling function by creating and configuring a content source and/or a crawl rule. Further, a client defines authentication information applicable to the crawl to enable the discovery and retrieval of electronic documents requiring authentication and/or authorization information for access thereof. A protocol governs the format, structure and syntax (using a Web Services Description Language schema) of messages for communicating to and from the Web crawler through an application programming interface on a server hosting the crawler application.05-23-2013
20130133047INTERWORKJNG BETWEEN FIRSTAND SECOND AUTHENTICATION DOMAINS - To interwork between a first authentication domain and a second authentication domain, a bridge module performs a first authentication procedure in the first authentication domain for a mobile station, wherein the first authentication domain is part of a wireless access network. Based on information collected in the first authentication procedure, the bridge module performs a second authentication procedure is performed, on behalf of the mobile station, in the second authentication domain.05-23-2013
20130133048IDENTITY ASSESSMENT METHOD AND SYSTEM - A method, system and software for assessing an entity (05-23-2013
20100306832METHOD FOR FINGERPRINTING AND IDENTIFYING INTERNET USERS - Various aspects of the present system provide methods and systems for identifying an individual who operates a remote computer. One aspect provides a technique to generate fingerprint of computer and its user based on the information collected through the actions a user conducts on internet. Another aspect of the system provides a technique to compute the fingerprints and find relations between users and computers. Another aspect of the system provides a trust ranking to a user based on the consistency of information collected from the user's various actions.12-02-2010
20100281524Authentication Method Without Credential Duplication for Users Belonging to Different Organizations - The present invention relates to a method for allowing a user to access the Internet. A user sends an Internet access request through a first Organization's gateway and supplies to the latter some credentials for his/her authentication with a second Organization. The credentials provided contain at least one piece of information about the second Organization. The first Organization contacts the second Organization for the purpose of authenticating the user and granting him/her access to the Internet. The second Organization then gives the user the authorization to access the Internet. According to the invention, upon the access request the gateway redirects the user to a web page of the second Organization, where the user supplies to the second Organization, through the web page, further authentication credentials required for his/her identification.11-04-2010
20130139228INFORMATION PROCESSING APPARATUS EQUIPPED WITH WIRELESS COMMUNICATION FUNCTION, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - An information processing apparatus capable of effectively preventing an unauthorized access in a manner cooperatively associated with a predetermined security setting of a wireless communication. An information processing apparatus is capable of wireless communication with an external apparatus, receives a job request therefrom, and executes job processing according to the job request. A CPU sets a management setting for managing users who use the information processing apparatus. The CPU receives the job request from the external apparatus via a wireless LAN interface. The CPU determines, when the job request is received, whether or not the wireless communication has been set to a predetermined security setting, and performs control, when it is determined that the wireless communication has not been set to the predetermined security setting, so as to refuse to accept the job request, unless the management setting has been set.05-30-2013
20130139229SYSTEM FOR SHARING PERSONAL AND QUALIFYING DATA WITH A THIRD PARTY - A method for users to share personal and qualifying information with a plurality of third parties. Authenticated users may share personal and qualifying information obtained from a plurality of data repositories comprising of credit data, motor vehicle data, insurance data, criminal data, sex offender data, occupancy data and employment data. The personal and qualifying information may be viewed by a plurality of third parties until the user revokes access at any time. Neither user nor third parties are allowed to alter data. However, users have the option to supply supplemental explanations for data. The method facilitates the development of trust necessary for transactions between two parties comprising of securing housing, obtaining loans, securing employment, etc.05-30-2013
20100325704Identification of Embedded System Devices - An embedded system device comprises a processor operatively coupled to a first memory space, a second memory space, and a plurality of user controls. The processor is configured to execute only executable code residing within the first memory space, and the executable code includes authentication routine configured to generate a device identifier based at least upon non-user-configurable parameters of the embedded system device. The second memory space includes user configurable options for use by the processor when executing the executable code. The user controls are adapted to configure the user configurable options within the second memory space, wherein the user controls cannot configure the first memory space.12-23-2010
20090293107Transfer server of a secure system for unattended remote file and message transfer - A method for automatically transferring a data file from a network drive of a client controlled local area network to a transfer server over the Internet comprises using a first workstation to configure event parameters within event tables of the transfer server. An unattended interface module executed by a processor of a second workstation obtains, from the transfer server, the event parameters stored in the event tables. The event parameters comprise a file name and a directory path. The file name identifies the data file to be uploaded. The directory path identifies an upload directory of the network drive. The second workstation periodically searches the upload directory and, upon locating a data file in the upload directory with the file name, transfers the data file to the transfer server over a secure connection established with the transfer server over the internet.11-26-2009
20100235890Communication of Session-Specific Information to User Equipment from an Access Network - In conjunction with establishment of a session between an access network and user equipment of a communication system, session-specific information is transmitted from the access network to the user equipment. The session-specific information transmitted from the access network to the user equipment comprises information to be utilized in an authentication protocol carried out between the user equipment and an authentication server of the system. For example, the session-specific information transmitted from the access network to the user equipment may comprise an identifier of a gateway coupled between the access network and the authentication server.09-16-2010
20100333183IMAGE FORMING SYSTEM, IMAGE FORMING APPARATUS AND RECORDING MEDIUM - An image forming system includes an image forming apparatus, an information processing apparatus and a printer driver generator that generates a printer driver and a unique authentication key for the printer driver. The information processing apparatus gives the unique authentication key to a job generated according to the printer driver currently installed thereon, and transmits them to the image forming apparatus. And the image forming apparatus executes the job if the authentication key received therefrom and an authentication key recorded in the image forming apparatus are identical.12-30-2010
20100169956FAR-END CONTROL METHOD WITH SECURITY MECHANISM - The present invention relates to a far-end control method with a security mechanism including a host transmitting an identification code through the PSTN (Public switched telephone network) to the I/O control device of the far-end. The I/O control device has a CPU to receive the identification code and judge whether the identification code matches with the predetermined value stored therein; if the identification code matches with the predetermined value, the mobile internet connection between the host and the I/O control device is activated to enable the host to mutually transmit information or signals with a far-end control device from the I/O control device through the mobile internet, and the connection will be disabled after the information or signal transmission is completed. Thus not only the damage caused by line occupied from the hacker invasion or error signal transmission is reduced, but also the cost and power consumption without connecting the mobile internet between these two ends all the time is reduced.07-01-2010
20110030040APPLICATION AUTHENTICATION SYSTEM AND METHOD - A system and method are provided for validating executable program code operating on at least one computing device. Program instructions that include a request for access to sensitive information are executed on a first computing device. An authentication request for access to the electronic information is sent from the first computing device to a second computing device. In response to the authorization request, a challenge is sent from the second computing device to the first computing device. The first computing device executes the challenge and generates an authentication response that includes at least one memory object associated with the program instructions. The response is sent to the second computing device from the first computing device, and the second computing device generates and sends a verification to the first computing device confirming that at least some of the first program instructions have not been altered or tampered with, and further grants the first computing device access to at least some of the electronic information.02-03-2011
20110010761CONNECTIVITY DEPENDENT APPLICATION SECURITY FOR REMOTE DEVICES - Conditional access to security-sensitive applications and/or content in a remote device may be granted based on a history of access to connectivity (e.g., access to a communication network) for the remote device. A remote device may monitor access to connectivity. If it is determined that the remote device has a first history to access to connectivity (e.g., a recent access to connectivity), a first security level is applied in providing access to the security-sensitive application. Otherwise, if a second history of access to connectivity is ascertained (e.g., no recent access to connectivity), a second security level is applied in providing access to the security-sensitive application, where the second security level is more stringent then the first security level. If the remote device is lost, a remote server may send a request to the remote device to restrict or disable access to the security-sensitive applications and/or content01-13-2011
20110030039DEVICE, METHOD AND APPARATUS FOR AUTHENTICATION ON UNTRUSTED NETWORKS VIA TRUSTED NETWORKS - The described apparatus and methods may include a security agent configured to transmit a first service request message via a trusted network, and acquire credential information via the trusted network. The security agent is further configured to transmit a second service request message via an untrusted network, wherein the second service request message comprising the credential information. The security agent is further configured to receive service via the untrusted network based on the credential information in the second service request message.02-03-2011
20110041165SYSTEM AND METHOD FOR IMPLEMENTING A PROXY AUTHENTICATION SERVER TO PROVIDE AUTHENTICATION FOR RESOURCES NOT LOCATED BEHIND THE PROXY AUTHENTICATION SERVER - Networked resources that are not located behind a proxy authentication server may be enabled to use the proxy authentication server for authentication. This may provide one or more of the features associated with a proxy authentication server (e.g., centralized administration of authentication and/or access information, enhancing software security, centralized administration of permission information, and/or other features) for the resources not located behind the proxy authentication server. These features may be provided without requiring substantial modification of the proxy authentication server.02-17-2011
20110119741Method for Conditionally Obtaining Files From a Local Appliance - The invention is directed to a method for allowing a user at a client device to conditionally obtain files from either a server device located at, for example, a data center, or an appliance such as a local cache. Should the local appliance be accessible by the client at the time of the user's download request, the server may redirect the download request to the appliance. Otherwise, the file may be downloaded directly from the server. For example, a method configured according to the invention may receive, at a server device, login data from a client device, the login data being input by a user. An affiliated entity of the user based on the login data may be determined, after which an appliance status of the affiliated entity may be determined. A download process according to the appliance status may then be initiated.05-19-2011
20110119740SYSTEM AND METHOD FOR PROVIDING ENTERPRISE INTEGRATION IN A NETWORK ENVIRONMENT - A method is provided in one example embodiment and includes receiving a request to authenticate an end user in a service provider network, and evaluating the request to identify the end user as belonging to an enterprise network. A tag is generated for a packet associated with a flow for the end user in the enterprise network. Routing occurs for subsequent packets associated with the flow between the enterprise network and the end user. The subsequent packets associated with the flow are not routed through the service provider network. In more particular embodiments, the end user is authenticated in the enterprise network after being authenticated in the service provider network. In addition, traffic for the end user can be separated based on one or more tags identified within the flow. A plurality of flows can be classified based on a customer identification (CID). The tag can be a virtual local area network (VLAN) tag generated at a base station.05-19-2011
20110247057METHOD, SECURE DEVICE, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DIGITALLY SIGNING A DOCUMENT - A method for digitally signing a document, a secure device, and a computer program product for implementing the method. The method employs a secure device which is protected against malicious software or malware and is adapted to establish a secure connection to a recipient via a host. The method includes: connecting to a terminal; accessing the contents of a document received by the secure device; instructing at the secure device to communicate the accessed contents to an output device other than the terminal such that the contents can be verified by a user; ascertaining at the secure device a command received to digitally sign the document; executing at the secure device the ascertained command; and instructing to send a digitally signed document to a recipient over a connection established via the host connected to a telecommunication network.10-06-2011
20110131637TIME CLOCK - A time clock 06-02-2011
20110131635CLIENT-SIDE PREVENTION OF CROSS-SITE REQUEST FORGERIES - Cross-site request forgeries (“XSRF”) can be prevented using a client-side plugin on a client computer. The client computer accesses a content provided by a third party host via a network and generates a request to a web application as directed by the content. The client-side plugin determines whether the request is associated with suspicious activities based on the content, a source of the request and a list of approved hosts associated with the target host. In response to a determination that the request is associated with suspicious activities, the plugin removes authentication credentials from the request and sends the request to the web application.06-02-2011
20110088083METHOD AND SYSTEM FOR AUTHENTICATING A USER BASED ON A PHYSICAL OBJECT - An authentication method based on the use of an inanimate physical object that includes storing first object data in a storage medium, wherein the first object data is generated based on a first image of at least a portion of the physical object, capturing a second image of the at least a portion of the physical object, and generating second object data based on the second image. The method further includes searching the storage medium and determining that the second object data and the first object data are a match, and authenticating an individual associated with the physical object in response that determination. Also provided are embodiments of an authentication system that may be adapted to implement the method.04-14-2011
20110088082HOME IMAGE CONTENT SECURELY ISOLATED FROM CORPORATE IT - An exemplary apparatus includes one or more processors, volatile memory, a storage drive and circuitry configured to establish a network connection and to attempt to send credentials via an established network connection. Such an apparatus further includes circuitry configured, responsive to authentication failure after an attempt to send credentials, to release an implemented security policy and load an operating system stored on the storage drive, and, responsive to an attempt to send credentials, to maintain an implemented security policy and to use an operating system exposed via an established network connection and associated with the sent credentials Such an apparatus optionally includes circuitry configured to implement a security policy that isolates at least a portion of a local storage drive. Various other apparatuses, systems, methods, etc., are also disclosed.04-14-2011
20110088081METHODS FOR EFFECTING REMOTE INTERVIEW INVITATIONS - The invention comprises a method allowing for easy procurement of remote interviews across different web servers. While browsing through prospective candidate personal profiles (or online resume) on e.g. a job-marketplace website, a community website or a networking website, an inviter can directly with limited user input invite any given prospective candidate for a remote interview. By the click of a link embedded within the prospective candidate's profile, the system will invoke a second web server which selects a remote interview profile including information about the open (job) position, remote interview questions and parameters related to the remote interview. The system then associates the remote interview profile, the prospective candidate and the inviter and generates a remote interview invitation link including the associated parameters and sends it to the prospective candidate by e-mail. Once the prospective candidate clicks on the link included in the invitation e-mail she is directed to the remote interview web page which can commence immediately at the second web server. The remote interview webpage display customized look and feel based on the parameters associated with the remote interview profile. Since the associated parameters are included in the link, the second web server can retrieve and use the correct parameters for the remote interview. A candidate can also consent to embed the above remote interview mechanism to allow any inviter sees her online profile to directly invite her for an interview.04-14-2011
20090300733INFORMATION PROCESSING APPARATUS, AUTHENTICATION SYSTEM, INFORMATION PROCESSING METHOD AND STORAGE MEDIUM - An information processing apparatus includes a storage unit that stores a first user identifier that identifies respective users in the information processing apparatus, and plural second user identifiers stored in respective authentication apparatuses and identify the users in each authentication apparatus, so as to correspond with each other; a first authentication request unit that transmits authentication information input by a user to at least one of the authentication apparatuses and requests authentication of the user; a first user identifier acquisition unit that, when authentication of the user has been successful, acquires the second user identifier of that user stored in that authentication apparatus; and a use allowing unit that specifies the first user identifier stored in the storage unit corresponding with the second user identifier acquired by the first user identifier acquisition unit, and allows the user identified by the specified first user identifier to use the information processing apparatus.12-03-2009
20090300734AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND COMPUTER-READABLE STORAGE MEDIUM STORING AUTHENTICATION PROGRAM - An authentication system including an apparatus, in the system use of the apparatus is restricted by an authentication processing according to authentication information, the system having: decision section to compare inputted authentication information with pre-stored authentication information and to notify a message indicating that the authentication information has been changed in a case where the inputted authentication information is not the same as the updated authentication information but is the same as the previously set authentication information.12-03-2009
20100154039APPARATUS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR FACILITATING SECURE PASSWORD CREATION AND MANAGEMENT - Apparatus, methods and/or computer program products are provided that facilitate the creation and management of secure passwords. Upon receiving a proposed password from a user for use in a computer system, apparatus or other communication system, the proposed password is evaluated for compliance with security guidelines. If the password complies at least with a minimum level of security, the password is evaluated and a relative level of the password is determined and assigned to the password. A lifespan for the password is selected based on the assigned relative security level of security. The user is notified of the assigned lifespan. Operations for evaluating the password, assigning the lifespan, and notifying the user of the lifespan may be performed in substantially real-time.06-17-2010
20110145896DOMAIN SPANNING APPLICATIONS - Managing and accessing media items, including: a plurality of domains configured to provide access to media items; a plurality of clients associated with the plurality domains, and providing a pathway for accessing the media items; and a spanning application configured to track and aggregate accessible media items from the plurality of domains based on authentication and registration information and associated rights of the plurality of clients and the plurality of domains, wherein the spanning application enables accessing of the media items across the plurality of domains.06-16-2011
20090328162Mutual for reporting a theft in an authentication system - Disclosed are protection of secret information including an encryption key and a system for reporting an emergency such as theft or confinement when secret information is accessed. Secret information includes a large quantity of decoy data and a piece/pieces of true and correct data mixed into the decoy data. The secret data including the decoy data and the true and correct data is two-dimensional code data the code of which is composed of groups of cells having different areas. The positions and order of storage of the true and correct data dispersedly mixed in the decoy data are determined and reported to the user. The user adds a predetermined alerting signal when inputting the password to tell that the user is under control of a third party. The system can detect the alerting signal and know that the user is in an abnormal state, performs normal identification procedures, and takes protection/preservation measures. Part of decoy data is specified as confinement report data and added to the true and correct data. Consequently at least a piece of confinement report data is included and therefore the user himself is judged to be under control of the third party. Then the user is identified and a confinement report alert is issued.12-31-2009
20110093934System and method for privilege delegation and control - This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.04-21-2011
20110093933AUTHENTICATION IN A COMMUNICATIONS NETWORK - A method of authenticating a user in an IP Multimedia Subsystem network, the method comprising receiving from an access network an access identifier defining a terminal's physical location, retrieving from a database a registered access identifier associated with the user; and determining if the received access identifier matches the registered access identifier, and if so then authenticating the user in the IMS network, and if not then performing an alternative authentication method. The method allows a nomadic user in the access network to register with an IP Multimedia Subsystem network.04-21-2011
20090100507SYSTEM TO AUDIT, MONITOR AND CONTROL ACCESS TO COMPUTERS - An audit, monitor, and access control system for use with at least one user computer and at least one protected computer. The system includes first software to authenticate authorized access by a user computer. A server connection network adapter permits communication with a user computer. Second software is provided to authenticate authorized superuser access by a user computer. A client connection network adapter permits communication with a protected computer. All data transferred and all activity between user computers and protected computers is recorded. Additionally, all data transferred and all activity between the user computers and the protected computers is audited.04-16-2009
20090249454AUTHENTICATION SERVER, AUTHENTICATION SYSTEM, AND AUTHENTICATION METHOD - To provide a technology for enabling authentication according to a state of use of a device on a user side. When, on a communication device (10-01-2009
20090044259MOBILITY DEVICE PLATFORM PARADIGM - A mobility device platform allowing for secure mobile computing is provided. In an illustrative implementation, an exemplary mobility device platform comprises a mobility device operable to communicate with at least one computing environment through a communications interface and wherein the mobility device is operable to process and store secure web services, a communications network operable to communicate data and computing applications using web services, and a mobility device management server operable to generate, process, store, communicate and encrypt web services to the mobility device. Further, the mobility device management server is operable to perform one or more mobility device management functions to provide encryption keys to cooperating mobility devices and to authenticate and verify cooperating mobility devices requesting web services from the mobility device management server. The mobility device management server and mobility device may further operate to perform authentication and verification using user identification and password information.02-12-2009
20100064356SYSTEM AND METHOD FOR DOUBLE-CAPTURE/DOUBLE-REDIRECT TO A DIFFERENT LOCATION - Embodiments disclosed herein provide a system, method, and computer program product for providing network access control for a shared network. One embodiment of a network access controller may intercept a request to access a network resource from a browser application running on a client device associated with an anonymous user and determine whether the network resource is in a set of network destinations in the shared network. If the network resource is in the set of network destinations, the network access controller may direct the browser application to the network resource. If the network resource is not in the set of network destinations, the network access controller may redirect the browser application to a pre-authentication capture destination in the shared network. From the pre-authentication capture destination the anonymous user is free to visit any of the set of network destinations in the shared network without authentication.03-11-2010
20100064355SEAMLESS CROSS-SITE USER AUTHENTICATION STATUS DETECTION AND AUTOMATIC LOGIN - A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (03-11-2010
20100037301MANAGEMENT OF USER AUTHENTICATION - A method and system for managing user authentication. First authentication data associated with a user is received from a first authentication mechanism. The first authentication data is generated in response to the first authentication mechanism successfully authenticating the user. In response to receipt of the first authentication data, a first identifier associated with the user is registered. The first authentication data is associated with the first identifier. In response to associating the first authentication data with the first identifier, second authentication data associated with the user is received from a second authentication mechanism. The second authentication data is generated in response to the second authentication mechanism successfully authenticating the user. The second authentication data is associated with the first authentication data and the first identifier.02-11-2010
20100037302PEER-TO-PEER ACCESS CONTROL METHOD OF TRIPLE UNIT STRUCTURE - This invention relates to a peer-to-peer access control method of a triple-unit structure for safely implementing bidirectional authentication between the terminal and the network. According to the method, on the basis of the access control method of the existing double-unit triple-entity structure, the authenticator function is implemented in the access controller, and the authentication protocol function is implemented in the terminal and the access controller, so that the terminal, the access controller and the server all participate in the authentication, and the trust relationship is established between the terminal and the access controller directly, which renders security very reliable. The invention not only solves the technical problems of the access control method of the existing double-unit double-entity structure that the access flexibility is limited and the extension of the number of the access controllers is inconvenient, but also solves the technical problems of the existing access control method of the double-unit triple-entity structure that the process for establishing the trust relationship is complicated and the security of the network may be influenced, thus achieving advantages of high security performance, no requirement of changing existing network structures and relative independency of the authentication protocol.02-11-2010
20090217363ELECTRONIC CREDENTIALS VERIFICATION AND MANAGEMENT SYSTEM - A credentials record system that creates and maintains all personnel data electronically is disclosed. The system captures personnel background data, such as license information, education and training, work experience, performance data and electronic signature at the time of entry using graphical user interfaces through a network. For example, computers with Internet connections may be used by authorized personnel to access, analyze, update and electronically annotate data even while other users are using the same record. An exemplary system may archive historical data is archived to create and record an audit trail of changes by the users. The system permits instant, sophisticated analysis of background data to identify relationships among the data, including archived data. Moreover, the system includes the capability to access reference databases for consultation regarding verification of data for accuracy on a continuous basis. The system also provides for an automated auditing process to ensure data integrity. The system may also include the capability to incorporate legacy data, such as paper files and mainframe data, for each personnel record.08-27-2009
20090217362SELECTIVELY PROVISIONING CLIENTS WITH DIGITAL IDENTITY REPRESENTATIONS - A server provisions a client with digital identity representations such as information cards. A provisioning request to the server includes filtering parameters. The server assembles a provisioning response containing cards that satisfy the filtering parameters, and transmits the response to a client, possibly by way of a proxy. The provisioning response may include provisioning state information to help a server determine in subsequent exchanges which cards are already present on the client. A client may keep track the source of information cards and discard cards which a server has discarded. A proxy may make the provisioning request on behalf of a client, providing the server with the proxy's own authentication and with a copy of the request from the client to the proxy.08-27-2009
20090217360Data Search System, data serach method, and recording medium storing data search program - A data search system in which a data processing apparatus and a data search device are communicably connected includes an operational history acquisition unit to acquire operational history data including user data, information about current data processing and the document processed, and apparatus data, an apparatus data file storage unit to store an apparatus data file including the apparatus data and registered group data identifying a group that uses the data processing apparatus, a group-apparatus associator to associate the user data with the apparatus data file, a profile generator to generate a profile specifying significance degrees of the document in relation to the data processing apparatus and the group data, based on the operational history data, the apparatus data file, and the association, a profile storage unit to store the profile, and a data search unit to perform a data search according to a data search request from the user.08-27-2009
20090217359CONNECTION AUTHENTICATION SYSTEM, TERMINAL APPARAUS, CONNECTION AUTHENTICATION SERVER, CONNECTION AUTHENTICATION METHOD, AND PROGRAM - The first terminal apparatus includes a key information acquiring unit that acquires key information from a connection authentication server, a key information notifying unit that notifies the first user of the key information, and a connection information acquiring unit that acquires connection information from the connection authentication server. The second terminal apparatus includes a key information input unit that receives the key information transmitted to the second user and an information providing unit that provides the key information and the connection information to the connection authentication server. The connection authentication server includes a key information providing unit that provides the key information to the first terminal apparatus, an information acquiring unit that acquires the key information and connection information of the second terminal apparatus from the second terminal apparatus, and a connection information providing unit that provides the connection information to the first terminal apparatus.08-27-2009
20090217358TECHNIQUES FOR SECURE TRANSPARENT SWITCHING BETWEEN MODES OF A VIRTUAL PRIVATE NETWORK (VPN) - Techniques for secure transparent switching between modes of a virtual private network (VPN) are provided. A principal, via a client, establishes a VPN session in a first mode of operation with a server. The principal subsequently requests a second mode of operation during the same VPN session. The VPN session is transparently transitioned to the second mode of operation without any interaction being required on the part of the principal and without terminating the original VPN session.08-27-2009
20090217357Method and System for Managing Authentication of a Mobile Terminal in a Communications Network, Corresponding Network and Computer-Program Product - A terminal is authenticated in view of inclusion in a communication network by an authentication process conditioned upon location information transmitted from the terminal to at least one server in the network. At least one access point for the terminal to the network is configured for allowing a non-authenticated terminal to transmit to an authentication server in the network authentication messages based on a given authentication protocol, such as, e.g., EAP. The terminal is configured for transmitting the location information to the authentication server by conveying it over the authentication protocol. A location system can be integrated in the terminal to generate location information identifying the location of the terminal, and in that case the terminal is configured for transmitting the location information identifying the location of the terminal to authentication server. As an alternative, a location server is associated with the network and the location information is transmitted from the terminal to the location server. On the basis of the location information transmitted from the terminal, the location server generates location information identifying the location of the terminal and sends the information to the authentication server.08-27-2009
20100077464MERCHANT DEVICE AND METHOD FOR SUPPORT OF MERCHANT DATA PROCESSING - A method begins by accessing a merchant web site that is associated with a merchant profile database. The method continues by receiving a log-in page. The method continues by providing log-in information of a merchant via the log-in page. The method continues, when the log-in information is confirmed, by receiving a merchant information page that contains data of a merchant profile record of the merchant profile database. The method continues by providing a response regarding the data of the merchant information page.03-25-2010
20100077463System and method for providing a secure content with revocable access - There is provided a method for use by a media player to provide access to a media content. The method comprises receiving a request from a user for playing the media content, prompting a user for an authorization code, receiving the authorization code from the user, transmitting the authorization code to an authentication server over a network, receiving a valid authentication message from the authentication server over the network if the authorization code is confirmed to be valid, transmitting the valid authentication message to a content server over the network, retrieving the media content from the content server over the network, wherein the media content incorporates an identification information associating the media content with the user.03-25-2010
20100077461METHOD AND SYSTEM FOR PROVIDING AUTHENTICATION SCHEMES FOR WEB SERVICES - A method for generating authentication code for web service resources. The method includes receiving a selection of a resource method, where the resource method defines a method for interacting with a resource associated with a web service. The method further includes determining an authentication scheme for the resource method, where the authentication scheme defines an authentication mechanism required during execution of the resource method to enable interaction with the resource. The method further includes generating authentication code for the resource method using the authentication scheme, where the authentication code enables a user executing the resource method to interact with the resource.03-25-2010
20100064353User Mapping Mechanisms - In various embodiments, techniques can be provided for identifying a user or group of users who initiated network traffic. The user or group of users may be identified as an employee who can be found in corporate or organizational directory. In some embodiments, different authentication mechanisms may be used for various types of network traffic. For example, by proxying instant messaging (IM) communications, a proxy server can know which users are associated with what network traffic. In another example, transparent and non-transparent mechanisms may be provided to authenticate HTTP URL traffic. For other types of traffic, such as non-proxied IM, P2P, and spyware, an existing authentication cache or credential cache may be used to identify the user who generated the traffic.03-11-2010
20100071038NETWORK-AGNOSTIC CONTENT MANAGEMENT - System(s) and method(s) are provided for content management, e.g., exchange and manipulation, across devices provisioned through disparate network platforms. Devices can be mobile or stationary, and connect to provisioning network platforms through various network bearers. Through various secure protocols, a client component within a device secures access to content and provides secure delivery thereof Directives for content manipulation are also delivered securely. Delivery of contents and directives are performed from device to device, routed via gateway nodes within a network platform that provisions the device. In addition, or alternatively, content management can be implemented through an intermediary component, which can also validate devices and secure delivery of content or directives. Alarm signaling among devices provisioned through disparate network platforms also can be securely conveyed. Intermediary component also can be exploited for content management among subscribers of disparate network providers.03-18-2010
20110099610TECHNIQUES FOR SECURING DATA ACCESS - Techniques for securing data access are presented. A user's data is encrypted on multiple servers throughout a network. Each portion of the encrypted data resides on a different server, and each portion represents a non-contiguous data selection from the user's original unencrypted data. Each portion encrypted using a master credential that is different from the user's logon credential. Also, each portion encrypted using a server identity for the server on which that portion resides. An order, which is used for assembling decrypted versions of the encrypted portions back into the user's data, is acquired via another and different principal-supplied credential.04-28-2011
20110107405METHOD FOR THE TEMPORARY PERSONALIZATION OF A COMMUNICATION DEVICE - The invention relates to a method for the temporary personalization of a communication device (05-05-2011
20110154454METHOD AND SYSTEM FOR AUTHENTICATING A NETWORK NODE IN A UAM-BASED WLAN NETWORK - A method and system for authenticating a mobile network node in a Wireless Local Area Network (WLAN), wherein the mobile network node requests access to the WLAN at an access point. Within a closed first network region, before authentication all network protocol layers up to the Layer 3 protocol layer are set up. An authenticator based on Extensible Authentication Protocol (EAP) is generated on the Web server as a captive portal and the Layer 3 protocol layer between the authenticator and the mobile network node including an EAP peer is extended bidirectionally by a defined bit sequence. In case of an access request, the Web server transmits an authentication stimulus to the mobile node by encoding an EAP message request and transmitting it in the Layer 3 protocol layer by the defined bit sequence. The mobile node decodes the EAP message request and transmits, in the Layer 3 protocol layer, by the defined bit sequence, an encoded EAP response message to the authenticator, the EAP response message includes authentication data of the mobile network node. The Web server decodes the EAP response message from the bit sequence, transmits it to an AAA server including an EAP server by an authentication inquiry. On the basis of an authentication response by the AAA Server, access is enabled to a second network region for use by the mobile network node by a Network Access Server.06-23-2011
20110154452Methods, Systems and Computer Program Products for Secure Access to Information - Methods for secure communications are provided. The methods include creating a safe user account on a secure access system, wherein creating an account includes provision of at least one strong authenticator to be associated with a user of the secure access system; providing a unique login and the at least one strong authenticator associated with the user to the secure access system to gain access to information associated with a referring organization, the referring organization being registered with the secure access system; and accessing the information associated with the referring organization based on the unique login and the at least one strong authenticator provided to the secure access system. Related systems and computer program products are also provided.06-23-2011
20110154453SYSTEM AND METHOD FOR COMMUNICATION SECURITY - A system and method for communication security receives a request from a first communication device for communication with a second communication device, and determines if the communication is to be secure. The system and method further requests identity verification from the second communication device if the communication is to be secure. In addition, the system and method establishes a secure communication between the first communication device and the second communication device when a valid password is received from the second communication device.06-23-2011
20110154451SYSTEM AND METHOD FOR FOR AN INDUSTRY BASED TEMPLATE FOR INTELLECTUAL PROPERTY ASSET DATA - A comprehensive platform for merchandising intellectual property (IP) and conducting IP transactions is disclosed. A standardized data collection method enables IP assets to be characterized, rated and valuated in a consistent manner. Project management, workflow and data security functionality enable consistent, efficient and secure interactions between the IP Marketplace participants throughout the IP transaction process. Business rules, workflows, valuation models and rating methods may be user defined or based upon marketplace, industry or technology standards.06-23-2011
20120304260PROTECTION FROM UNFAMILIAR LOGIN LOCATIONS - In one embodiment, a user authentication server may use geo-location tracking to determine whether to present an enhanced identity challenge. A communication interface 11-29-2012
20110088084INFORMATION STORAGE APPARATUS, RECORDING MEDIUM, AND METHOD - A storage apparatus includes: an access acceptance unit to receive an access request associated with an access from a host apparatus; an authentication processing unit to judge whether the access is authenticated or unauthenticated; a storage unit including a first area that stores first data and a second area that stores second data serving as a substitute for the first data; a data switching unit to allow, when the access acceptance unit judges the access as authenticated, the access to the first area and switches the access to the second area in a case where the authentication processing unit judges the access as unauthenticated, the access to the second data in the second area being provided to disguise that the access was unauthenticated.04-14-2011
20110078771ELECTRONIC DEVICE FOR DISPLAYING A PLURALITY OF WEB LINKS BASED UPON FINGER AUTHENTICATION AND ASSOCIATED METHODS - An electronic device is for communicating with a remote server hosting a web feed of updated content including a plurality of web links. The electronic device includes a finger biometric sensor, a display, and a processor. The processor is for authenticating a finger placed adjacent the finger biometric sensor, and displaying on the display the plurality of web links from the web feed of updated content based upon authenticating the finger. The processor is also for associating account access data with the authenticated finger, and accessing information from a selected web link based upon the account access data associated with the authenticated finger. Additionally, the processor is for downloading and displaying on the display information from the selected web link.03-31-2011
20100125896TRUSTED NETWORK TRANSFER OF CONTENT USING OF NETWORK INPUT CODE - Systems and methods for use in connection with the trusted transmission and reception of content, such as encryption key information, from one computing device in a network to a second computing device are provided. In one embodiment, the invention provides a way to trust or validate the transfer of a public key using a very short code entered out of band of the network that is easy for end-users to remember, or write down.05-20-2010
20110083170User Enrollment via Biometric Device - A web-enabled application identifies a biometric device installed in a client device. The system identifies biometric information associated with a user and creates a biometric template associated with the biometric information. The system then receives user credentials associated with the user and binds the user credentials with the biometric template.04-07-2011
20110083169METHOD AND SYSTEM FOR THE PROVISION OF SERVICES FOR TERMINAL DEVICES - Services are provided for terminal devices, each having a TPM module. The TPM module of a terminal device transmits a service request with an ID assertion signed by a configurable credential to a server for the purpose of accessing the services of the server.04-07-2011
20110078770USER INFORMATION POPULATION - Methods and systems are provided for populating user related information, such as in forms at web sites. For example, a method can include providing a web site with information about a user during the front end of accessing the web site by the user. The information can be used to facilitate use of the web site by the user. A system for facilitating access of a web site by a user can comprise an ID provider that is configured to receive a request from a web site for information regarding a user, request information regarding the user from an information provider, and forward the information to the web site. By providing such information to the web site, log on, sign in, and/or registration with a web site can be done quickly, conveniently, and in a manner that is substantially less prone to errors.03-31-2011
20110078773MOBILE TERMINAL AUTHORISATION ARRANGEMENTS - An end-to-end client server system and related method for use in conjunction with mobile terminals. A client application on a mobile terminal is configured to remotely access a backend server via a gateway system. The mobile terminal includes a client application configured to generate a one time password using secret information and a password library, both known only to the client application and a verification component of the gateway system. The one time password provides an additional level of security, which is user dependent and not network dependent.03-31-2011
20110078772LDAP SECURITY DOMAIN DATA STORAGE - A Security Domain Access System (SDAS) provides highly available security domain data. The SDAS receives a request pertaining to a security domain. The request includes credentials for accessing a security domain manager server. The SDAS selects one of a plurality of security domain manager servers to process the request based on the credentials and the availability of each of the plurality of security domain manager servers. The SDAS forwards the request to the selected security domain manager server.03-31-2011
20110016513SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR ADAPTING THE SECURITY MEASURES OF A COMMUNICATION NETWORK BASED ON FEEDBACK - An adaptable network security system includes trust mediator agents that are coupled to each network component. Trust mediator agents continuously detect changes in the security characteristics of the network and communicate the detected security characteristics to a trust mediator. Based on the security characteristics received from the trust mediator agents, the trust mediator adjusts security safeguards to maintain an acceptable level of security. Trust mediator also uses predetermined rules in determining whether to adjust security safeguards. Despite inevitable changes in security characteristics, an acceptable level of security and efficient network operation are achieved without subjecting users of the network to over burdensome security safeguards.01-20-2011
20130160095METHOD AND APPARATUS FOR PRESENTING A CHALLENGE RESPONSE INPUT MECHANISM - An approach is provided for presenting a challenge response input mechanism on a device. A user receives a challenge (e.g., a CAPTCHA, a password prompt, a login prompt, etc.) when attempting to access a service and/or a resource wherein the user has to provide a response before access to the service or to the resource is granted. Further, one or more applications on the user device and/or at a service provider present a combination dial/slider on the user device whereby the user may interface with the input mechanism for constructing a response to the challenge.06-20-2013
20130160096SYSTEM AND METHOD OF PORTABLE SECURE ACCESS - An access system and method to establish communication with a customer system via a port is provided. The system can comprise a secure access key that can provide a communication link to the port on the customer system, and a footprint module. The footprint module can block connectivity via the port with the customer system unless the footprint module detects the secure access key as having a first authentication to connect to the customer system. A client device can communicate with the secure access key to get a second authentication from the secure access key to create a connection for communication via the secure access key with the customer system. The system can further comprise a user authentication module that requires a third authentication of a user to operate the client device to communicate over the secure connection via the secure access key with the customer system.06-20-2013
20110016514METHODS FOR MONITORING AND CONTROL OF ELECTRONIC DEVICES - The present invention relates to telemetry methods and systems and more particularly, to telemetry network connectivity systems, devices and methods. In accordance with various embodiments, a suite of software components configured to provide machine-to-machine network connectivity includes a configurable device translation server module, a complex message constructor and at least one database. In some embodiments the suite of software components, specifically the complex message constructor, may be configured to authenticate commands between an interface and the device translation server. Additionally, the suite of software components, specifically the complex message constructor, may be configured to manage messages between the interface and the device translation server. Managing messages may include initiating alerts and notifications based on a comparison of programming and substantially synchronous and stored information.01-20-2011
20080229399Seamless Multiple Access Internet Portal - Multiple access internet portals are provided. A representative system, among others, includes a communication facility and a wireless internet server. The communication facility is operable to connect to a plurality of wireless devices through a mobile network. The wireless internet server is coupled to the communication facility and retrieves a personalized profile associated with a registered user an one of the plurality of wireless devices, and provides substantially similar personalized content to said at least one registered user on a variety of platforms associated with the wireless devices. Methods and other systems for multiple access portals are also provided.09-18-2008
20080229397Website log in system with user friendly combination lock - User friendly log in system for validation of user for entry into a website includes: (a) a plurality of user computers; (b) an internet; (c) a host server connected to the internet for connection to user computers; and (d) a website program hosted on the host server for a website that requires individual user security, for connecting each of the plurality of computers to the website available to the user computers, that includes an open log in field. The program has software for secured activity for receiving and recognizing a unique user identification from a user of a user computer to create a personal combination lock rule for a unique easy-to-remember user initialization input that includes a preset selection and operation of the intersection of a first randomly arranged challenge presentation and a second randomly arranged challenge presentation to obtain a selection solution.09-18-2008
20100077460System And Method For Securing A Network - A method of securing a telecom network, the operation of the telecom network controlled using a plurality of telecom network commands, includes grouping at least some of the plurality of telecom network commands into a plurality of different task sets. Each task set includes one or more telecom network commands. The method further includes grouping at least some of a plurality of users into a plurality of different user groups. In addition, the method includes each user group to the plurality of task sets. The method also includes allowing the at least one user access to the plurality of telecom network commands based on the association of each user group to the plurality of task sets.03-25-2010
20120204243SYSTEMS AND METHODS FOR NETWORK CURATION - Systems and methods for network curation are disclosed. In some embodiments, a method comprises scanning, by a mobile device, an area to identify a network device for accessing a network, receiving, by the mobile device, a network identifier associated with the network device, providing a curation indicator request to a curation server, the curation indicator request comprising the network identifier, receiving a curation indicator from the curation server, the curation indicator being retrieved, based on the network identifier, from a database of a plurality of curation indicators, the curation indicator associated with a likelihood of intent to publicly share the network by the network device, comparing the curation indicator to an access setting, the access setting indicating acceptability of network access based on the likelihood of intent to publicly share the network by the network device, and accessing the network via the network device based on the comparison.08-09-2012
20120204241SECURE TUNNELING PLATFORM SYSTEM AND METHOD - A system and method and provided for receiving, by a wireless gateway device from a user computing device, a request for network access and is received via a first communication protocol. The request is formatted to comply with a second communication protocol that is different than the first communication protocol, and transmitted to at least one authentication computing device. The wireless gateway device receives a reply formatted to comply with the second communication protocol from the at least one authentication computing device that grants the request. The device formats the reply to comply with the first communication protocol, and transmits by the wireless gateway device, the formatted reply to the user computing device. A first communication pathway is established between the authentication computing device and the user computing device, and a request for access to at least one other computing device is received by the authentication device. The request is forwarded to the at least one other computing device, and a reply granting the request is received and forwarded to the user computing device the reply granting the request for access. An identification of at least one of the user computing device and the at least one other computing device, is stored in at least one database.08-09-2012
20090282464SYSTEM AND METHOD FOR AUTHENTICATING AN END USER - A system and associated method for authenticating an end user. The method comprises generating a first mask in response to an authentication request from an end user, the first mask comprising a set of root nodes, a set of server nodes, and a set of client nodes each being unique to the end user. Next, determining the authenticity of the end user based on comparing data received from the end user with nodes contained in the first mask. The data comprising a set of nodes selected by the end user and the end user having selected the data in response to the first mask.11-12-2009
20090260065Cumulative Login Credit - Login credit is monitored over a credit time period. Continuous invalid login attempts decrease the login credit for the duration of the credit time period. Login credit accumulates with time. If the login credit is less than a credit threshold, login processing is precluded. A common invalid login notification for presentation to a user is generated if login processing is precluded or if login processing indicates that the login credentials are invalid.10-15-2009
20090125991SECURE MANAGEMENT OF AUTHENTICATION INFORMATION - A system, method and computer program product are provided for managing authentication information for a user. According to the method, a master digital key is received from the user, and authentication of the user is obtained based on the master digital key. There is received from the user a selection of one identity from among a plurality of identities that are stored for the user. Authentication information for the user is provided into an application or web page based on the one identity selected by the user. In one embodiment, the authentication information is provided by recognizing a web page for which authentication information is stored, and automatically filling the authentication information for the user into appropriate elements of the web page.05-14-2009
20090241174Handling Human Detection for Devices Connected Over a Network - A system and method for determining whether a user of a computer is a human, comprising: generating dynamic request code asking the user for information; sending the dynamic request code to the computer; receiving validation code as an answer to the dynamic request code; and determining whether or not the validation code was generated by a human.09-24-2009
20090241173METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE - A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software.09-24-2009
20110258685ONLINE SECURE DEVICE PROVISIONING FRAMEWORK - A method for updating network-enabled devices with new identity data includes generating a plurality of new identity data records and loading the new identity data records onto an update server. A request is received at the update server for new identity data from at least one network-enabled device having a previously assigned identity linked to an identifier. The previously assigned identifier is linked to a new identifier that is linked to one of the new identity data records. One or more new identity data records are securely delivered to the network-enabled device.10-20-2011
20090165100WEB PAGE SAFETY JUDGMENT SYSTEM - A user terminal displays on its display unit a target web page including an authentication information input field into which input authentication information is inputted by the user terminal. The user terminal judges first to third validity levels for a plurality of login history information by referring to a login information list and a service group information. The user terminal selects a corresponding process from a plurality of predetermined processes for the input authentication information based on existence or absence of the login history information in the first or second validity level and on a result of checking the input authentication information with login information in the login history information in the first to third validity levels. The user terminal executes the corresponding process.06-25-2009
20080313719Methods and Apparatus for Delegated Authentication - An authentication-delegating service implemented in an authentication server or other processing device is configured to receive a request from a relying party for delegated authentication information associated with a particular user, to determine a level of trust associated with the relying party, and to provide the delegated authentication information to the relying party if the relying party has a sufficient level of trust, so as to permit the relying party to authenticate the user based on the delegated authentication information. The delegated authentication information has the property that the user can be presently authenticated based on such information. The delegated authentication information may comprise, for example, at least one value derived from a one-time password or other authentication credential of the particular user. The authentication-delegating service may be graded to provide different types of delegated authentication information based on respective levels of trust that may be associated with relying parties.12-18-2008
20080313718SYSTEM AND METHOD FOR PROTECTION OF CREATIVE WORKS - The inventive method for protection of creative works is accomplished by creating a creative work, securing the creative work using biometric information of an author of the creative work, and restricting an access to the creative work to the author and select users, who are authorized by the author and whose biometric information is registered with a biometric security database.12-18-2008
20120204244AUTOMATED PASSWORD AUTHENTICATION - A system connected to an existing computer includes a unit for monitoring the screen and provides input, and a storage unit that stores data that pair screen buffer regions with authentication details. The system learns new pairs via user training and presents stored authentication details when the screen buffer matches a related stored region which is paired with a region of the screen.08-09-2012
20120204242PROTECTING WEB AUTHENTICATION USING EXTERNAL MODULE - Systems, methods, computer program products, and networks for protecting web authentication. In some examples a system for protecting web authentication includes a web client and a validator which is external to the web client. In these examples, the validator is configured to enable at least one validation item which is provided to a web server during web user authentication to be protected from possible tampering by the web client.08-09-2012
20080320568CONTENT DISTRIBUTION AND EVALUATION PROVIDING REVIEWER STATUS - A content distribution system may be provided for reviewing content such as video games, music, movies, or the like that may be shared by the system. The content distribution system may receive a credential from a user and authenticate the user based on the credential to permit access to the system. The content distribution system may also receive content generated by the user if the user may be authenticated. The content distribution system may provide the received content to a content evaluation entity, for example. The content distribution system may receive a review for the content from the content review entity and then may determine whether the content passes a review process based on the review, for example. The content distribution system may provide additional access to the content if the content passes the review process.12-25-2008
20110055908SYSTEM AND METHOD FOR REMOTELY ACCESSING AND CONTROLLING A NETWORKED COMPUTER - The present invention advantageously provides a system and method for remotely accessing a networked computer. The system includes a personal computer, a locator server, a remote access terminal, and a connection key. The system is configured to remote access to only those users who are authorized and use authorized remote access terminal and connection key. In some embodiments, the connection key is configured to automate communication requests and authentication processes without user interaction.03-03-2011
20110055907HOST STATE MONITORING - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for a host state machine. In one aspect, the method includes defining a state machine in a memory of a data processing apparatus, the state machine comprising a plurality of states, and wherein network access for a host device is controlled in each state according to one or more network access zones associated with the state, each network access zone defining network access capabilities for the host device; monitoring, by the data processing apparatus, host devices attempting to access the network and host devices that have access to the network; and transitioning, for each host device, a state of the host based on the monitoring and a current state of the host.03-03-2011
20100325703System and Method for Secured Communications by Embedded Platforms - A method for ensuring secured communications for embedded platforms includes steps for receiving a device identifier at an authenticating server over a public network from an extended trust device, the authenticating server being communicatively coupled between a secured server and the public network and the device identifier derived from a plurality of machine parameters resident on the extended trust device, accessing a database of authorized device identifiers corresponding to known extended trust devices, and establishing, in response to the device identifier matching one of the authorized device identifiers, a secure private network between the extended trust device and the secured server. The machine parameters may be a combination of a user-configurable parameter and a non-user-configurable parameter. The method may be embodied as a series of process steps stored on a computer readable medium executable by a processor.12-23-2010
20100333182SYSTEM AND METHOD FOR ESTABLISHING A SELF-REALIZING EXPANDABLE COMMUNICATIONS NETWORK - This invention relates to a system and method for providing secure reliable expansion of a mobile network. The system includes one or more portable communications devices (PCDs) which incorporate routing, authentication and encryption capabilities and are adapted to provide a connection between a peripheral device and a base-station either directly or indirectly via other similarly configured PCDs. The PCDs also incorporate tamper-proofing features to provide added security.12-30-2010
20080244712SYSTEM AND METHOD FOR AUTHENTICATING A USER OF AN IMAGE PROCESSING SYSTEM - A system and method for authenticating a user of an image processing system. User credentials are received at an authentication device corresponding to an image processing device, and transmitted to a first server remote from the authentication device. The validity of the user credentials are judged by comparing the received user credentials to authentication information stored at the first server, and a result of the judging is transmitted to the image processing device. The image processing device then requests access to a second server remote from the image processing device, and the second server transmits a request for the user credentials to the first server. After receiving the user credentials from the first server, the second server performs user authentication.10-02-2008
20110010762IDENTITY MANAGEMENT - In providing identity management in distributed systems, it is known to provide a user with a single sign-on to accounts with different service providers with whom the user interacts by communicating with the service providers' computers. Such a single sign-on is provided by having the user authenticate himself to an identity provider computer, and thereafter relying on that identity provider computer to issue identity assertions on his behalf. An identity provider validation service is proposed with which service providers can interact on receiving an identity assertion on behalf of a user. This allows the service provider to rely only on the identity provider validation service rather than having to rely on the numerous identity providers who might issue identity assertion on behalf of one of their users. Furthermore, the identity assertions include a level of assurance indication, and the identity provider validation service indicates whether each identity provider can be trusted to properly issue an identity assertion claiming that level of assurance. This provides a more fine-grained and adaptable identity management than has hitherto been provided.01-13-2011
20110167481SYSTEM AND METHOD FOR TOY ADOPTION AND MARKETING - A method and computer system for providing a virtual world are disclosed. First and second registration codes, which are different and are obtained from purchasing items are used to access different portions of a website. Subsequent to accessing the portions of the website using the registration codes, a first image and a second image are accessed to be viewed, each by using a user identification name and a password without reentering the first and second registration codes. A name is to be selected for each of the images after using the registration codes. After entering the user identification name, the first and second images are to be interacted with to bring about changes to the first and second images, and the changes are based on the interacting. An invitation is to be extended to at least one friend on the website, the at least one friend to view at least one of the first and second images in a virtual room owned by and customizable by the user.07-07-2011
20110265153Protection Against Unsolicited Communication - Methods and apparatus are disclosed to provide protection against Unsolicited Communication (UC) in a network, such as, without limitation, an Internet Protocol (IP) Multimedia Subsystem (IMS). A communication may originate from a sending device and may be intended for delivery to a receiving device. A network may determine authentication information associated with the sending device. The network may send the authentication information to a receiving entity to evaluate if the communication is unsolicited using the authentication information. If the communication is determined to be acceptable, a connection associated with the communication may be allowed.10-27-2011
20110265152SELF-REFRESHING DISPLAY DEVICE SYSTEM AND METHOD - Disclosed is a self-refreshing display system and method that includes a computing device and a display device operatively coupled to the computing device. In a preferred embodiment, an outer frame is provided in the display device, and at least two inner frames are contained in the outer frame. The outer frame is not visible and each of the at least two inner frames is operable to alternate being visible and being not visible. Each of the at least two inner frames is operable to display the content received from the computing device. Preferably, the computing device causes a first inner frame to visibly display content received over a communication network from an information processor while a second two inner frame remains not visible. An electronic request is preferably submitted by the computing device for new and/or updated content from the information processor, and when received, the second inner frame visibly displays the new and/or updated content and the first inner frame becomes not visible.10-27-2011
20100293606METHOD AND SYSTEM FOR MANAGING DELAYED USER AUTHENTICATION - A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, on start-up of the device, the host security module obtains user authorization input from a user and passes the input to a client operating system for validation. Once validated, the host security module unlocks the host-side of the device. At the same time, the client operating system sends a notice or request to the client-side virtual machine requesting that the client-side be unlocked. Once the virtual machine is initialized and available it launches the client security module and unlocks the client-side. During the delay while the virtual machine loads, the user is given access only to the host applications.11-18-2010
20100293605POSITIONAL PASSWORD CONFIRMATION - Adding a layer of security to access login credentials increases security while preserving the efficiency of automatically providing locally stored website login credentials. This security layer can prevent an unauthorized user, who gains access to a login panel or launches a web browser, from retrieving and inappropriately using the stored login credentials. Functionality can be implemented to use positional security information to locally verify the authenticity of a user trying to access stored login credentials. The positional security information can restrict access to/use of the stored login credentials. This can help reduce the possibility of an unauthorized user accessing and using the locally stored website login credentials.11-18-2010
20110119742COMPUTER NETWORK SECURITY PLATFORM - A computer system for managing security information for an organization includes a scanner execution module configured to automatically execute at least two scanners in a predetermined interval to analyze potential vulnerabilities of a computer environment. A vulnerability is acquired from the at least two scanners and stored in a data store. A user associated with the analyzed computer environment is determined based on the vulnerability stored in the data store, the user is notified of the vulnerability.05-19-2011
20110030041Session Ticket Authentication Scheme - A method of propagating a user's authentication/session information between different requests to Web services in a network includes a web server receiving a request for access to a first web service. The request is intercepted with an agent and authentication credentials are collected. A determination is made whether the web service customer is authenticated and authorized. If the web service customer is authenticated and authorized, a session and session ticket are created. An ID and the session ticket are returned to the web server. The session ticket ID and a public key are encrypted into an assertion. The assertion is sent to the first web service. The assertion is then returned to the web service customer for use with future requests. The assertion can be in the form of a SAML assertion.02-03-2011
20120311682SYSTEM AND METHOD FOR PROVIDING RESTRICTIONS ON THE LOCATION OF PEER SUBNET MANAGER (SM) INSTANCES IN AN INFINIBAND (IB) NETWORK - A system and method can provide subnet manager (SM) restrictions in an InfiniBand (IB) network. A first SM in a subnet in the IB network operates to determine whether a second SM associated with a remote port is trustworthy. Furthermore, the first SM is allowed to send at least one of a request and a response that contains a management key to the second SM, if the first SM determines that the second SM is trustworthy. Additionally, the first SM is prevented from attempting to initiate communication with the second SM, if otherwise.12-06-2012
20110072497SYSTEM AND METHOD OF USING PERSONAL DATA - A particular method includes receiving a request for a portion of user data from a data repository. The user data is associated with a user. The method includes determining a source of the request. The method includes determining whether the portion of user data can be provided to the source. The method also includes determining at least one type of credential to be supplied from the source when the user data can be provided to the source. The at least one type of credential includes a first authentication when the source is associated with the user and a second authentication when the source is not associated with the user.03-24-2011
20100180323STATEFUL SERVER BASED SOCIAL NETWORKING USING MOBILE DEVICES - The present invention provides methods and systems for using a stateful server for social networking using mobile devices. In one embodiment, a user uses a mobile device to register for a networking service offered by the stateful server. The stateful server transmits several tiers of service options to the user, and generates responses based on the user's selection to the service options. The stateful server establishes a unique state for each session initiated by the user, and stores all information related to the session in association with the unique state. The stateful server removes hyperlinks from text messages transmitted to the user's mobile device. The stateful server stores correlation information of the removed hyperlinks in association with the unique state. The stateful server enables the user to establish a friend network and to transmit information associated with the unique state to contacts within the friend network.07-15-2010
20100115592Systems and Methods to Control Access to Multimedia Content - Systems and methods to control access to multimedia are disclosed. A method includes receiving a request for multimedia content at a computing device, retrieving a destination address of a mobile communication device related to an authorized user of the computing device and determining whether the mobile communication device is located within a predetermined distance from the computing device. When the mobile communication device is located within the communicative distance from the computing device, the multimedia content is received at the computing device. When the mobile communication device is not located within the communicative distance from the computing device, an authorization-request message is transmitted via a network to the destination address of the mobile communication device, wherein the authorization-request message includes a request for authorization to receive the multimedia content at the computing device.05-06-2010
20110185401REAL-TIME ADJUSTMENTS TO AUTHENTICATION CONDITIONS - Embodiments of the invention provide for adjusting authentication conditions in real-time. A graph-theoretic data structure is dynamically constructing, having nodes corresponding to received valid and invalid authentication credentials used in attempts to access a system. Based on the graph-theoretic data structure, embodiments compute a probability of an invalid credential being an authentication attempt by a particular type of user. If the probability is beyond a threshold probability, embodiments trigger a security event is to adjust an authentication condition of the system, e.g., to increase or decrease a maximum permissible number of failed login attempts within a certain period of time.07-28-2011
20090300731Remote Publishing and Server Administration - Embodiments are directed to managing server content and configuration from within a single server management application. In one embodiment, a computer system receives a client connection requesting initiation of a server management application. The computer system initiates the server management application. The application provides means managing content and server configuration settings from within the server management application. The computer system receives user input indicating a configuration settings change to be applied to the server and alters configuration settings on the server. The management application provides configuration access to those settings for which the client has access rights. The computer system receives user input indicating that one or more portions of content are to be published to the server and publishes the content portions to the server. The server management application implements a protocol provider model that facilitates content publishing to the server over a variety of different protocols.12-03-2009
20090300736REMOTE ACCESS METHOD - A remote access method for use in a computer includes the following steps. Firstly, the computer logins into a remote access interface. Next, a remote access role of the computer is selected via the remote access interface, and a remote access operation is performed according to the selected remote access role. If the remote access role is intended to be changed, another remote access role of the computer is selected via the remote access interface.12-03-2009
20090300735METHOD FOR CONTROLLING ACCESS TO CONTENT ON DATA CARRIER - A method for controlling access to content on a data carrier includes reading a first and a second machine readable key stored on the data carrier. Further, a third key is retrieved from a remote server based on the first key. Access to the content on the data carrier is allowed only if the second key matches the third key.12-03-2009
20090300737SPLIT TEMPLATE BIOMETRIC VERIFICATION SYSTEM - An exemplary system includes a plurality of storage devices storing at least one of a plurality of chunks of a template. A first chunk is stored in a first location and a second chunk is stored in a second location. The system further includes a client device in communication with the storage devices. Each client device includes a verification module that divides the template into the plurality of chunks, and reconstitutes the plurality of chunks into the template during validation. A method includes generating the template based upon an enrollment biometric identifier, dividing the template into the plurality of chunks, storing at least one of the plurality of chunks in a first storage location, and storing at least another of the plurality of chunks in a second storage location.12-03-2009
20090300730SECURITY MESSAGE PROCESSING - Systems, methods and apparatus for handling security messages in a distributed security system. Requests, replies, and/or updates have varying time constraints. Processing node managers and authority node managers determine the best transmission times and/or the ignoring of such data to maximize information value.12-03-2009
20090300732METHOD AND APPARATUS OF OTP BASED ON CHALLENGE/RESPONSE - The present invention is proposed to solve the problem of high cost of an ordinary OTP token and the problem of vulnerability to hacking of a mobile OTP, for which an OTP program is mounted to solve the problem of high cost. There is provided a user authentication system and a method thereof, in which a user sets an image password as a fixed key, a query terminal outputs a query screen on which a created OTP is divided into pieces and matched to images of the fixed key, the user who confirms the query screen sequentially inputs the numbers that correspond to the image password, i.e., the fixed key of the user himself or herself, and a result of user authentication is processed according to whether the inputted numbers are matched to the response value prepared in a server.12-03-2009
20110191832RESCUING TRUSTED NODES FROM FILTERING OF UNTRUSTED NETWORK ENTITIES - Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity.08-04-2011
20110265156PORTABLE SECURITY DEVICE PROTECTION AGAINST KEYSTROKE LOGGERS - The invention relates to a portable security device (SC, TK) comprising host connection means (PAD_H, USB_M) for connecting to a computer (PC), client connection means (PAD_C, USB_F) for connecting to an input device (KBD), filtering means for intercepting sensitive data transmitted from the client connection means (PAD_C, USB_F) to the host connection means (PAD_H, USB_M), and protection means for protecting said sensitive data. The invention also relates to an input device comprising a portable security device, to a server, to a system comprising a portable security device, a computer and an input device, and to a method for securing data entered into a computer (PC) with an input device (KBD), the method comprising installing a portable security device (TK) between the computer (PC) and the input device (KBD).10-27-2011
20110265154APPARATUS FOR ASSOCIATING A CLIENT DEVICE OR SERVICE WTIH A WIRELESS NETWORK - A network association apparatus includes identification information and an authorization credential associated with a specific client device or service to be connected to a wireless network. The apparatus is configured to automatically provide the identification information and the authorization credential to a host device of a wireless network in a secure fashion when brought into close proximity to or physically connected with the host of the wireless network. The apparatus may comprise an RFID tag.10-27-2011
20100031330METHODS AND APPARATUSES FOR CONTROLLING ACCESS TO COMPUTER SYSTEMS AND FOR ANNOTATING MEDIA FILES - Methods and apparatuses for controlling access to computer systems and for annotating media files. One embodiment includes a method including generating a challenge to a user, wherein the challenge includes a verify part and a read part. The methods also includes prompting the user to solve both the verify part of the challenge and the read part of the challenge; receiving input from the user; determining if the input from the user relative to the verify part of the challenge corresponds with the known answer for the verify part of the challenge; and identifying the input from the user relative to the read part of the challenge as an answer to the read part of the challenge, if the input from the user relative to the verify part of the challenge corresponds with the known answer for the verify part of the challenge.02-04-2010
20100031329METHOD TO AUTHENTICATE DEVICE AND SERVICE, AND SYSTEM THEREOF - A method to authenticate a device and service, and a system thereof, the authentication method including: requesting device authentication information from a device provider in order to receive a service from a service provider, distinct from the device provider, and receiving the device authentication information from the device provider, the device authentication information being used by the service provider to authenticate the device. Therefore, it is possible to perform a device authentication process and service authentication process more simply.02-04-2010
20100031328SITE-SPECIFIC CREDENTIAL GENERATION USING INFORMATION CARDS - Systems and methods for generation of site-specific credentials using information cards are provided. An apparatus can include a machine, a browser on the machine configured to receive a request from a relying party site for a credential from a user, a receiver to receive one or more inputs, a site-specific credential generator to generate the credential based on the inputs, and a transmitter configured to transmit the generated credential to the relying party site.02-04-2010
20100024011DOCUMENT MANAGEMENT SYSTEM AND DOCUMENT MANAGEMENT METHOD - When a valid password is input by a user having a right to access a folder, a decrypted document and image for view are produced from an encrypted document included in the folder and stored in the folder such that they are correlated with the encrypted document. If a request to view a document in this folder is issued by a user having a right to access the folder, a corresponding image for view is displayed on a terminal of the issuer of the request. When a request to acquire a document in the folder in order to save it is issued, a corresponding encrypted document is transmitted to a terminal of the issuer of the request. In a case where a request to acquire a document in the folder in order to print it is issued, a corresponding decrypted document is transmitted to an terminal of the issuer of the request.01-28-2010
20100024013Authenticating a Client Using Linked Authentication Credentials - Techniques are provided for improving security in a single-sign-on context by providing, to a user's client system, two linked authentication credentials in separate logical communication sessions and requiring that both credentials be presented to a host system. Only after presentation of both credentials is the user authenticated and permitted to access applications on the host system.01-28-2010
20100024012SECURE CUSTOMER INTERFACE FOR WEB BASED DATA MANAGEMENT - An integrated series of security protocols is disclosed that protect remote user communications with remote enterprise services, and simultaneously protect the enterprises services from third parties. In the first layer, an implementation of the Secure Sockets Layer (SSL) version of HTTPS provides communications security, including authentication of the enterprise web server and the security of the transmitted data. The protocols provide for an identification of the user, and an authentication of the user to ensure the user is who he/she claims to be and a determination of entitlements that the user may avail themselves of within the enterprise system. Session security is described, particularly as to the differences between a remote user's copper wire connection to a legacy system and a user's remote connection to the enterprise system over a “stateless” public Internet, where each session is a single transmission, rather than an interval of time between logon and logoff, as is customary in legacy systems. Security for the enterprise network and security for the data maintained by the various enterprise applications is also described.01-28-2010
20100017859Authentication system for networked computer applications - A system such as in a networked computer system comprising a user, an application server, a gatekeeper server and an authentication server. Communication within the system is managed by the gatekeeper server, wherein the user communicates with the authentication server and the application server through the gatekeeper server. Once the user has been initially authenticated by the authentication server, the user may request application services from a plurality of application servers within the networked computer system without having to be re-authenticated.01-21-2010
20110078774METHOD AND APPARATUS FOR ACCESSING SECURE DATA IN A DISPERSED STORAGE SYSTEM - A method begins by a processing module receiving, from a user device, a request to access secure data, wherein the request includes a user identification code and at least one object name for the secure data. The method continues with the processing module processing the request to determine a security level associated with the user device and to determine security parameters associated with the secure data. The method continues with the processing module determining a level of access to the secure data based on the security level associated with the user device and the security parameters. The method continues with the processing module retrieving a set of encoded data slices from dispersed storage units, wherein the set of encoded data slices includes less than a reconstruction threshold number of encoded data slices and generating a response that includes the set of encoded data slices when the level of access is a partial access level.03-31-2011
20120210402Protecting Information on a Computer System Using Multiple Authentication Methods - In one embodiment, a method includes receiving, for a user, first user authentication information for a first authentication method and receiving, for the user, second user authentication information for a second authentication method. The second authentication method is different from the first authentication method. Upon authenticating the first user authentication information and the second user authentication information, the method moves a subset of data stored on a back-end storage device to a front-end storage device. The front-end storage device is directly connected to the user via a network and the back-end storage device not being directly connected to the network. The method then allows access to the subset of data for a period of time, wherein after the period of time expires, the subset of data is removed from the front-end storage device.08-16-2012
20080289014Scan-to-home method and system for the delivery of electronic documents to a user home directory - A method and system for efficiently and securely permitting a user to scan electronic documents from a remote multi-function device to a user's home directory. A user can be authenticated via the multi-function device and electronic credentials associated with the user generated, which are utilized to determine the user's home directory. The multi-function device can then produce a customized template that can be selected by the user when accessing rendering/scanning services. The user can then scan a document and electronically store such a document at the home directory via an SMB (Server Message Block) protocol. Home directories can either be determined via an LDAP (Lightweight Directory Access Protocol) or configured on a network interface via a default directory path and the user name.11-20-2008
20110307943METHOD FOR REALIZING CONVERGENT WAPI NETWORK ARCHITECTURE WITH SEPARATE MAC MODE - A method for realizing a convergent Wireless Local Area Networks (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture with a split Medium Access Control (MAC) mode involves the steps: a split MAC mode for realizing WLAN Privacy Infrastructure (WPI) by an access controller is constructed through splitting the MAC function and the WAPI function of the wireless access point apart to a wireless terminal point and the access controller; integration of a WAPI and a convergent WLAN network system architecture is realized under the split MAC mode that the access controller realizes WPI; the association connection process is performed among a station point, a wireless terminal point and an access controller; the process for announcing the start of performing the WLAN Authentication Infrastructure (WAI) protocol between the access controller and the wireless terminal point is performed; the process for performing the WAI protocol between the station point and the access controller is performed; the process for announcing the end of performing the WAI protocol between the access controller and the wireless terminal point is performed; the secret communication process is performed between the wireless terminal point and the station point by using WPI.12-15-2011
20090158406PASSWORD RESET SYSTEM - A customer initiated password reset system resets user passwords on a variety of network entities, such as internal systems, allowing simultaneous reset with a minimum number of user specified passwords that nonetheless satisfy the password specifications of these internal systems. Thereby, the user avoids the tedium of logging into each of these systems, changing their password, logging out, etc., for each system with the likelihood of creating unique passwords for each system that have to be remembered. By further incorporating a score metric based upon how many character sets are touched, a required degree of complexity can be measured and enforced against the password specifications. Advantageously, a table-based approach to enforcing password reset against the multiple password specifications facilitates making and fielding updates.06-18-2009
20090172791USER ACCESS METHOD AND SYSTEM - A user access method and system are provided. The method includes the following steps. After the connection between a terminal and an access network AN is disconnected, a media access control identifier MAC ID is preserved in a predetermined time period. If the terminal initiates an access to the AN within the predetermined time period, the MAC ID is used by the terminal for accessing the AN. The system of the present embodiment includes a terminal and an AN. According to the method and system, the access time initiated by the terminal is reduced, the access collision is avoided, and the system performance is greatly enhanced.07-02-2009
20090172790DESIGN INFORMATION PROVIDING SYSTEM AND DESIGN INFORMATION PROVIDING SERVER - To provide a design information providing system equipped with a mechanism that does not allow continuation of manufacturing of products unless a patent license contract is concluded.07-02-2009
20090172789Policy Based, Delegated Limited Network Access Management - Policy-based, delegated limited network access management places day-to-day control of network access in the hands of authorized users, referred to as resource access administrators, selected for their business knowledge and ability to respond quickly to business events. Resource access administrators have the ability to respond, in the form of access decisions proposed by individuals with knowledge or, or responsibility for business processes and business partner relationships and shaped and pre-approved by network security specialists, referred to as network access administrators. This approach, therefore, reduces the cost, complexity, and delay (latency) associated with managing external network access without compromising network security.07-02-2009
20090172788TECHNIQUES FOR CREDENTIAL STRENGTH ANALYSIS VIA FAILED INTRUDER ACCESS ATTEMPTS - Techniques for credential strength analysis via failed intruder access attempts are presented. Intruders attempting to access a secure network with failed credentials are monitored. The failed credentials are retained and evaluated in view of previously recorded failed credentials. Credential policy is updated in response to the evaluation and intruder trends and sophistication levels are also predicted in response to the evaluation.07-02-2009
20120079569FEDERATED MOBILE AUTHENTICATION USING A NETWORK OPERATOR INFRASTRUCTURE - Architecture that utilizes the strong authentication mechanisms of network operators to provide authentication to mobile applications by identity federation. When a mobile client initiates request for access to an application outside the network operation infrastructure, the request is passed to an associated application secure token service. The application secure token service has an established trust and identity federation with the network operator. The application secure token service redirects the request to a network operator security token server, which then passes the request to a network operator authentication server for authentication against an operator identity service. Proof of authentication is then issued and returned from the network operator security token server to the application secure token service and the application, which allows the mobile client to access the application.03-29-2012
20090037984AUTOMATED PASSWORD TOOL AND METHOD OF USE - A method of auto updating a password comprises opening a password file and a new password file and reading information from the password file including user ID type. The method applies the user ID type to a predetermined application type and executes password-updating logic to generate a new password for the application type. The method further updates the new password file with the new password for the predetermined application type. A system comprises at least one of a hardware component and a software component configured to read information from a password file including user ID type. The hardware component and/or software component is further configured to determine that the user ID type matches to an application type and to apply the user ID type to the matched application type. The hardware component and/or software component is further configured to generate a new password for the application type and to update the password file with the new password for the application type.02-05-2009
20080263641APPARATUS FOR FACILITATING TRANSACTIONS BETWEEN THIN-CLIENTS AND MESSAGE FORMAT SERVICE (MFS)-BASED INFORMATION MANAGEMENT SYSTEM (IMS) APPLICATIONS - An apparatus is disclosed for facilitating conversational and non-conversational transactions between thin-clients and MFS-based IMS applications. The apparatus stores conversation attributes associated with a conversational transaction between a thin-client and an MFS-based IMS application, the conversation attributes comprising connection information and conversation-specific information. Next, one or more transaction messages from the thin-client are preprocessed based on a transaction message type. The stored conversation attributes are updated in response changes in the conversation attributes caused by the one or more transaction messages. Then, a conversation output message is formatted for the thin-client. The apparatus may include a security module that authenticates user, a connection module that establishes a connection with an MFS-based IMS application, a state module that preserves and maintains conversation attributes, and a control module to process a transaction message having one or more transaction message types.10-23-2008
20110167482SECURE AUTHENTICATION ADVERTISEMENT PROTOCOL - A network device for distributing authentication information between authorized nodes for purposes of concurrently “pre-authenticating” a mobile user at a plurality of points throughout a LAN is disclosed. When a client attempts to access the network through the network device, the network device attempts to authenticate the client based on the credentials presented by the user. If authenticated, the client is admitted into the network at the network device and the client's pre-authentication information transmitted to one or more network nodes associated with an authentication group. Upon receipt of the pre-authentication information, the one or more network nodes are authorized to admit the client into the network at those nodes in addition to the network device at which the client was initially authenticated, thereby concurrently pre-authorizing the client at multiple points across the network.07-07-2011
20120159583VISUAL OR TOUCHSCREEN PASSWORD ENTRY - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and movement of either the modified base image or modified overlay image is permitted if a criterion for movement is met. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image.06-21-2012
20120159582OBSCURING VISUAL LOGIN - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and either the modified base image or modified overlay image is moved by the user. A security level requirement is assigned and positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image after the moving in a manner that meets the security level requirement.06-21-2012
20120011575Methods, Systems, and Products for Authenticating Users - Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that are within a range of values for each criterion in the set of criteria, are determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated.01-12-2012
20120117631SYSTEM AND METHOD FOR PROVISIONING AN EMAIL ACCOUNT USING MAIL EXCHANGE AND ADDRESS RECORDS - A system for provisioning an electronic mail (email) account of a user for allowing access to an electronic mailbox from a remote device to retrieve email includes a communications module that receives email address parameters entered by the user and transmits a domain name system (DNS) query to the Internet for returning mail exchange (MX) and address (A) records corresponding to the entered email address parameters of the user. A configuration module processes any returned MX and A records to determine whether the email address parameters entered by the user are valid before attempting to provision the email account of the user.05-10-2012
20120117630Method and System for Secure Management of Co-Located Customer Premises Equipment - A method, system, and apparatus for managing customer premise equipment according to one embodiment includes establishing a secure connection between a first transport unit and a second transport unit. The secure connection includes an embedded operations channel and is operable to isolate a management plane from a data plane. The method further includes the first transport unit receiving a request for access to the first transport unit from the second transport unit. The method further includes establishing a secure terminal session between the first transport unit and the second transport unit using the embedded operations channel in response to receiving the request for access. The first transport unit then receives a management command from the second transport unit and the first transport unit performs at least one management function in response to receiving the management command.05-10-2012
20120017267METHODS AND APPARATUS TO DISCOVER AUTHENTICATION INFORMATION IN A WIRELESS NETWORKING ENVIRONMENT - Example methods and apparatus to discover authentication information in a wireless networking environment are disclosed. A disclosed example method involves transmitting, during network discovery, a Generic Advertisement Services (GAS) request to a network access point, the GAS request requesting authentication information, the authentication information being indicative of a credential required from a wireless terminal. In addition, a response to the GAS request is received from the network access point. The response includes the authentication information.01-19-2012
20090037986Non-disclosing password entry method - A non-disclosing password entry method is achieved by displaying an ordered arrangement or matrix of characters such that an authorized user's password is predetermined from a subset of these characters. The characters in the display are associated with a randomly ordered set of patterns or colors as, for example, the character background in the display. Additionally there is provided a means for selecting each type of pattern or color. Rather than entering the password directly, the authorized user is authenticated by noting the background pattern or color associated with the first character of the password and then selecting that pattern or color. The process is repeated with each password character in sequence until all the characters have been selected. The authorized user is authenticated by verifying that the selected backgrounds are correct for each of the characters of the password.02-05-2009
20090150982APPARATUS AND METHOD FOR DOMAIN MANAGEMENT USING PROXY SIGNATURE - A domain management apparatus and method using a proxy signature is provided. A domain management apparatus which manages a device domain being a set of at least one user device, the apparatus including: a registration performing unit for performing a registration procedure for registering the domain management apparatus in a service providing apparatus; a license issuance authority receiving unit for receiving a license issuance authority for content use from the service providing apparatus; and a service providing unit for providing the at least one user device with a content service and a license generated by the license issuance authority.06-11-2009
20120159585SYSTEM AND METHOD FOR POOL-BASED IDENTITY AUTHENTICATION FOR SERVICE ACCESS WITHOUT USE OF STORED CREDENTIALS - A computer-implemented system and method for pool-based identity authentication for service access without use of stored credentials is disclosed. The method in an example embodiment includes providing provisioning information for storage in a provisioning repository; receiving a service request from a service consumer, the service request including requestor identifying information; generating an authentication request to send to an authentication authority, the authentication request including requestor identifying information; receiving validation of an authenticated service request from the authentication authority; and providing the requested service to the service consumer.06-21-2012
20120159584Device Association - Embodiments provide systems, methods, and articles of manufacture for enabling a client to associate with a device. In various embodiments, the device may transmit cryptographic data to a client. Based on and utilizing the cryptographic data, the client may associate with the device.06-21-2012
20120072974STREAMING CONTENT IN GUEST MODE - The present application relates to systems, apparatus and methods for transmitting image data from a content source to an image display in a dual mode system which includes a guest mode and an authorized user mode. One example embodiment comprises establishing a secure connection to a network requiring access credentials, detecting a content source, establishing a non-secure connection to receive image data from the content source, receiving the image data from the content source, and providing the image data to a display, wherein the content source is not provided access over the secure connection.03-22-2012
20120072973METHOD AND APPARATUS FOR AUTHENTICATION IN PASSIVE OPTICAL NETWORK AND PASSIVE OPTICAL NETWORK - The embodiments of the present disclosure provide a method and an apparatus for authentication in a Passive Optical Network (PON), and a PON. The method includes: receiving, by an Optical Network Unit/Optical Network Terminal (ONU/ONT), a first negotiation message sent by an Optical Line Terminal (OLT), and authenticating the OLT according to a logic registration ID of the OLT; sending, by the ONU/ONT, a second negotiation message to the OLT, the logic registration ID of the ONU/ONT is used to enable the OLT to authenticate the ONU/ONT according to a logic registration ID of the ONU/ONT, and allocates a terminal identifier for the ONU/ONT after the authentication succeeds. In the embodiments of the present disclosure, the OLT and the ONU/ONT are authenticated through the logic registration IDs, thus eliminating security threats in the authentication process.03-22-2012
20120072972SECONDARY CREDENTIALS FOR BATCH SYSTEM - A batch job system may create a second set of credentials for a user and associate the second set of credentials with the user in an authentication server. The second set of credentials may allow computers running the batch jobs to have user-level authentication for execution and reporting of results. The second set of credentials may be a single sign on type of credential, and may consist of a virtual smartcard that each worker computer may use for authentication. In some embodiments, authentication requests may be routed to a virtual or physical Hardware Security Module.03-22-2012
20110083171Method and apparatus in combination with a storage means for carrying out an authentication process for authenticating a subsequent transaction - A computer, such as a WINDOWS® operating system-based PC, has associated with it a Subscriber Identity Module (or SIM), such as of the type used in a GSM cellular telephone system. The SIM can be authenticated by the telephone network, in the same way as for authenticating SIMs of telephone handset users in the network, and can in this way authenticate the user of the PC or the PC itself. Such authentication can, for example, permit use of the PC in relation to a particular application which is released to the PC after the authentication is satisfactorily completed. The application may be released to the PC by a third party after and in response to the satisfactory completion of the authentication process. A charge for the session can be debited to the user by the telecommunications network and then passed on to the third party.04-07-2011
20110107404PROTECTED PREMISES NETWORK APPARATUS AND METHODS - Apparatus and methods for enabling protected premises networking capabilities. In one embodiment, the premises network is a Multimedia over Coaxial Alliance (MoCA) network, and is secured by a requirement that devices use a password or key to access the network. The password may be given only to authorized devices. Information regarding a device may be utilized to associate the device with a particular premises network, and provide a password to authorized devices. The password is unique to the premises in one variant by being derived from a subscriber account. At least one of the devices requesting access to the premises network may comprise a gateway device. A home network utilizing existing coaxial cable in the premises is created between a plurality of authorized devices each receiving the password.05-05-2011
20110099611METHODS AND APPARATUS FOR SECURE, PORTABLE, WIRELESS AND MULTI-HOP DATA NETWORKING - A mobile network solution provides secure and portable wireless networking service to mobile users with devices equipped with wireless network interfaces. The Secure Nomadic Wireless Network, or SNOWNET, follows a hierarchical approach. Special SNOWNET nodes are deployed in the area where networking service is needed and form a backbone network. At the same time, SNOWNET nodes provide local access service to regular mobile clients. SNOWNET provides security through authentication of the nodes and clients, as well as through encryption of the data.04-28-2011
20090133105MULTI-MEDIUM WIDE AREA COMMUNICATION NETWORK - A communication network including a primary network, and an auxiliary network. The primary network includes wireless stations each able to transmit and receive data over the primary network, and bridge stations able to transmit and receive data both over the primary network and over the auxiliary network. The auxiliary network includes auxiliary stations and bridge stations each able to transmit and receive data over the auxiliary network. At each bridge station, the activity of other stations on both the primary network and the auxiliary network is monitored to establish the availability of intermediate stations for onward transmission of message data from an originating station to a destination station. Message data is transmitted from the originating station to the destination station via at least one opportunistically selected intermediate station, including at least one bridge station.05-21-2009
20120167185REGISTRATION AND NETWORK ACCESS CONTROL - In embodiments of registration and network access control, an initially unconfigured network interface device can be registered and configured as an interface to a public network for a client device. In another embodiment, a network interface device can receive a network access request from a client device to access a secure network utilizing extensible authentication protocol (EAP), and the request is communicated to an authentication service to authenticate a user of the client device based on user credentials. In another embodiment, a network interface device can receive a network access request from a client device to access a Web site in a public network utilizing a universal access method (UAM), and the request is redirected to the authentication service to authenticate a user of the client device based on user credentials.06-28-2012
20120131651System, Device And Method For Secure Provision Of Key Credential Information - A system for secure provision of key credential information is provided. The system comprises secure logic circuitry for being disposed in a host computer. The secure logic circuitry detects a message received from a remote computer connected to the host computer and indicative of a request for provision of the key credential information; generates a message for prompting a user for provision of the key credential information; receives the key credential information; and provides the key credential information to the remote computer absent processing using circuitry of the host computer. The system further comprises a secure user interface connected to the secure logic circuitry for receiving the key credential information from the user and providing the same to the secure logic circuitry.05-24-2012
20120167183METHODS AND SYSTEMS FOR TESTING PERFORMANCE OF BIOMETRIC AUTHENTICATION SYSTEMS - A method of testing the performance of a biometric authentication system includes conducting an initial biometric authentication transaction for an individual using data associated with the individual, and generating an initial result for the initial transaction with the biometric authentication system. Moreover, the method includes obtaining additional data associated with the individual when the additional data is required for conducting a subsequent biometric authentication transaction or after randomly determining that the subsequent transaction is to be conducted. Furthermore, the method includes conducting the subsequent transaction, generating a subsequent result for the subsequent transaction with the biometric authentication system, and updating cumulative performance records based on the initial and subsequent results. The method also includes generating a summary on a temporal or quantifiable basis that includes the cumulative performance records, and determining the performance of the biometric authentication system using the cumulative performance records or the summary.06-28-2012
20120131650SPOT BEAM BASED AUTHENTICATION - In one embodiment, a method to authenticate a claimant comprises receiving, from the claimant, at least one of a set of beam data from a spot beam transmission, comparing the claimed at least one set of beam data to a known valid data set, and authenticating the claimant when a difference between at least one set of beam data and the known valid data set is less than a threshold.05-24-2012
20120216262Methods, Systems, And Computer Program Products For Determining An Originator Of A Network Packet Using Biometric Information - Associating a network packet with biometric information for a user includes identifying biometric identification information for a user of a network device, including an identifier of the biometric identification information in at least one of a header and a trailer of a network packet without including biometric identification information in a payload of the network packet, and sending the packet via a network, wherein the identifier identifies the network packet as having originated from the user.08-23-2012
20120216261Method and System for Electronic Delivery of Essential Mail Items - A delivery server, and a method of operating same for providing an trusted electronic mail service for the delivery of items to a subscriber. An associated database contains subscriber details. The server receives from the subscriber a nomination of at least one service provider from which the subscriber wishes to receive electronic mail items. The nomination is stored in the database in association with the subscriber details. A trusted communications channel is established between the delivery server and a service provider computer system, for example via the Internet or other public network. The delivery server receives essential mail data from the service provider via the communications channel, and verifies that the subscriber wishes to receive a corresponding electronic mail item, by comparison with subscriber details and nominations stored in the database. In the event that the verification is successful, the delivery server delivers the electronic mail item to the subscriber.08-23-2012
20120216260SYSTEMS, METHODS AND APPARATUS FOR AUTHENTICATING ACCESS TO ENTERPRISE RESOURCES - Systems, apparatus, methods and articles of manufacture provide for controlling access to one or more enterprise resources, including one or more functions of an enterprise device, or other computing device, based on information about one or more activities of a user. Some embodiments provide for determining an intuitive challenge question having a corresponding response, such as an intuitive password.08-23-2012
20100205659INFORMATION MANAGEMENT SYSTEM, INFORMATION PROCESSING APPARATUS AND COMPUTER READABLE MEDIUM STORING INFORMATION PROCESSING PROGRAM - An information management system includes first and second information processing apparatuses. The first information processing apparatus includes: an invalidation unit configured to invalidate operation at the first information processing apparatus if input terminal password information is different from correct terminal password information; and a first releasing unit configured to release an invalidation of the operation based on an invalidation releasing process. The second information processing apparatus includes: a determination unit configured to determine whether target information is in a limited state in which a process to the target information is limited at the second information processing apparatus; and a second releasing unit configured to perform the invalidation releasing process if correct limitation releasing password information is input. The invalidation releasing process includes: releasing the limited state of the target information; and releasing the invalidation of the operation of the first information processing apparatus.08-12-2010
20100205658SYSTEM, METHOD AND PROGRAM PRODUCT FOR GENERATING A CANCELABLE BIOMETRIC REFERENCE TEMPLATE ON DEMAND - A system, method and program product for generating a cancelable biometric reference template on demand. The method includes creating, using a biometric application, a base reference template having a unique biometric template identifier that uniquely identifies biometric data corresponding to a biometric sample collected for an individual and generating, utilizing a transformation engine, a cancelable reference template derived from the base reference template, where the cancelable reference template generated is used by the individual to participate in a new biometric application without having to provide a new biometric sample or without having to rely on a biometric service provider to issue a new reference template for the new biometric application. The method further includes injecting the base reference template created into a secure portable device issued to the individual and loading the transformation engine onto the device for generating on demand the cancelable reference template.08-12-2010
20100205656MEDIA MONITORING SYSTEM - A media monitoring system that allows a monitoring device to control the media content that can be downloaded by a monitored device. The monitoring device reviews requests for media content from the monitored device and makes a decision whether to allow the monitored device access to the media content. Authorization may occur interactively or automatically using media settings associated with the monitored device. The monitored device is prevented from accessing media content until the media content is authorized. The media monitoring system may operate in a wired and/or wireless network.08-12-2010
20110185402ACCESS CONTROL SYSTEM - A key for a user can be created according to at least one first image of the user. The key can be verified with at least one second image of the user captured after the key is created. A visitor can be authenticated according to a first measure of similarity between the key and at least one authentication image of the visitor. The visitor is authenticated as the user if the first measure of similarity is greater than a first predetermined threshold. The key can be refined with the at least one authentication image of the visitor if the first measure of similarity is lower than the first predetermined threshold and the visitor is authenticated as the user based on a password.07-28-2011
20100175114ADDING BIOMETRIC IDENTIFICATION TO THE SERVER SECURITY INFRASTRUCTURE FOR AN ENTERPRISE SERVICE BUS SYSTEM - An enterprise service bus server receives a user's biometric information from a client. The enterprise service bus server requests authentication of the user by sending the user's biometric information to a trusted third party authenticator Furthermore, the enterprise service bus server establishes a connection with the enterprise service bus client if the trusted third party authenticator indicates that the user is authenticated. In addition, the enterprise service bus server allows access to an enterprise service bus service for the enterprise service client.07-08-2010
20100175113Secure System Access Without Password Sharing - A mechanism is provided for performing secure system access by a requesting user without sharing a password of a credential owner. A database stores system information for resources. The owner of super user authority for a resource provides system information to the database including a credential for accessing the resource. When a user wishes to access the system, client software of the requestor sends an access request to client software of the owner. The client software of the owner prompts the owner to authorize or deny access. Responsive to the owner authorizing the access, the client software of the owner returns authorization to the client software of the requestor, which then uses the credential in the system information database to access the resource. The client software of the requestor does not cache or store the credential or present the credential to the user.07-08-2010
20120174197PUSH BUTTON CONFIGURATION OF MULTIMEDIA OVER COAX ALLIANCE (MOCA) DEVICES - A first device coupled to a multimedia over coax alliance (MoCA) network may receive, from a second device, an indication that a configuration button on the second device has been pushed. The first device may receive, from a third device, an indication that a configuration button on the third device has been pushed. The first device may allow the second device to be authenticated on the MoCA network if the configuration buttons of the second and third devices were both pushed within a determined amount of time. The first device may prevent the second device from being authenticated on the MoCA network if the configuration button of the second device and the configuration button of the third device were not pushed within a determined amount of time. The indication from the third device may comprise a layer 2 management entity (L2ME) message or a Protocol Information element.07-05-2012
20120174196ACTIVE VALIDATION FOR DDOS AND SSL DDOS ATTACKS - Methods and systems for detecting and responding to Denial of Service (“DoS”) attacks comprise: detecting a DoS attack or potential DoS attack against a first server system comprising one or more servers; receiving, at a second server system comprising one or more servers, network traffic directed to the first server system; subjecting requesting clients to one or more challenge mechanisms, the challenge mechanisms including one or more of challenging requesting clients to follow through HTTP redirect responses, challenging requesting clients to request Secure Sockets Layer (SSL) session resumption, or challenging requesting clients to store and transmit HTTP cookies; identifying one or more non-suspect clients, the one or more suspect clients corresponding to requesting clients that successfully complete the one or more challenge mechanisms; identifying one or more suspect clients, the one or more suspect clients corresponding to requesting clients that do not successfully complete the one or more challenge mechanisms; and forwarding, by the second server system, traffic corresponding to the one or more non-suspect clients to the first server system. Once a client has been validated, clients may communicate directly with application servers in a secure manner by transparently passing through one or more intermediary proxy servers.07-05-2012
20120174195FUNCTION MODULE DISPATCHER - Disclosed are methods and systems for function module dispatcher. The methods and systems involve generating a multi tenant enabled function module by adding a logical tenant access parameter to a function to be executed in a tenant system. The methods and systems further include receiving access data associated with a central tenant system and input parameters for executing the function module on one or more tenant systems, accessing a central tenant system based on the access data, retrieving tenant access data associated with the tenant system by matching a logical tenant access parameter data received in the input parameters to the multi tenant function call with the tenant access parameter data stored in a destination map and dispatching the call to execute the function module on a respective tenant based on the tenant access data retrieved from the destination map.07-05-2012
20120317628SYSTEMS AND METHODS FOR AUTHORIZING A TRANSACTION - Methods and apparatuses are disclosed for creating a software based secure element reader and a digital credential data delivery system for point-of-sale (POS) locations that do not have a secure element reader. Methods and apparatuses are described for creating a remotely hosted repository of secure elements that may be selected and connected to a mobile or a stationary device. Near-field communication (NFC) capabilities may be utilized to interrogate a selected secure element by a RFID POS reader through the mobile NFC device over a data connection between that mobile NFC device and the remote hosted secure element.12-13-2012
20100299730USER AUTHENTICATION METHOD, WIRELESS COMMUNICATION APPARATUS, BASE STATION, AND ACCOUNT MANAGEMENT APPARATUS - A wireless communication apparatus transmits a user identifier to an account management apparatus through a communication apparatus. The account management apparatus generates code generation information, and generates code information using authentication information that corresponds to the user identifier and the code generation information. The account management apparatus transmits the code information and the code generation information to the communication apparatus. The communication apparatus sets code information, and transmits the code generation information to the wireless communication apparatus. The wireless communication apparatus generates code information using the code generation information and the authentication information, and when wireless network parameters are set, notifies the account management apparatus of success of authentication. The account management apparatus performs a process to permit the wireless communication apparatus to connect to a communication network.11-25-2010
20100299728File transfer system for direct transfer between computers - A file authentication requesting device that stores a computer program for requesting authentication of files in digital systems, the device comprises a confirmation request system that generates a request for a confirmation receipt from a third party authenticator authenticating the attributes of a file; a transferring system that transfers attributes of at least one file to be authenticated to the third party authenticator from the device that requested the confirmation; and a receiving system that receives the confirmation receipt comprising authenticated file attributes, after authentication by the third party authenticator; wherein, at least one file authentication is received from the third party authenticator. Corresponding processing devices, media, systems and methods are also provided.11-25-2010
20100299727METHODS AND SYSTEMS FOR EXACT DATA MATCH FILTERING - A technique for efficiently preventing exact data words (“entities”) from unauthorized disclosure is disclosed. Protect agents installed at various egress points identify candidate entities from digital information desired to be disclosed by a user. The candidate entities are compared against registered entities stored in a lightweight entity database (LWED). If a candidate entity matches against a registered entity in the LWED, the protect agent initiates a security action. Alternately, the protect agent transmits the matching candidate entity to a global entity database (GED) server to receive additional confirmation on whether the candidate entity matches a registered entity. In some instances, the protect agent also receives (from the GED server) metadata information associated with the matching candidate entity. The protect agent utilizes the metadata information to initiate suitable security actions.11-25-2010
20120222098WIRELESS ESTABLISHMENT OF IDENTITY VIA BI-DIRECTIONAL RFID - A method, a system, and a computer program product are provided for wireless establishment of identity via bi-directional radio-frequency identification (RFID). The method is implemented in a computer infrastructure having computer executable code tangibly embodied on a computer readable storage medium having programming instructions operable for sending device data including at least a username and a password to a transceiver. The method also includes receiving an identifier of an access point in a wireless network from the transceiver, the transceiver sending the device data to the access point via a security server. The device data is sent to the access point based on the identifier of the access point, the access point establishing a secure connection to the computer infrastructure based on the device data received from the transceiver and the computer infrastructure.08-30-2012
20100050241Accessing memory device content using a network - A first storage unit is bound to a second storage unit based on a binding type associated with content on the first storage unit, the first storage unit being operated through a first host device, and the second storage unit being operated through a second host device. When content on the first storage unit is requested in the first host device, the first host device will calculate an account identifier based on the binding type associated with the requested content and send the account identifier to a server. The server will send the account identifier to the second host device, and the second storage unit will use the account identifier to calculate a credential. The credential will be sent to the first host device through the server. The credential can be used to access the requested content if the credential is valid.02-25-2010
20100281525COMMUNICATION SYSTEM, COMMUNICATION METHOD, TERMINAL AND MANAGEMENT DEVICE - A communication system includes a plurality of terminals and a management device that manages a plurality of networks. A first terminal, which is connected to a first network to which the management device is also connected, transmits a connection request for connecting to a second network to the management device. Upon receiving the connection request, the management device determines a predetermined topology from among a plurality of topologies that can be formed when the first terminal connects to the second network. The first terminal receives network configuration information indicating the predetermined topology from the management device. The first terminal transmits the network configuration information to a plurality of terminals participating in the second network. The second network is recreated accordingly.11-04-2010
20090113527MOBILE AUTHENTICATION FRAMEWORK - Disclosed are apparatus and methods for associating a mobile device with a web service or a user account. A unique code is displayed on the mobile device. The unique code is associated with a user account or web service to be utilized with the mobile device. Instructions for a user to enter the unique code in an authentication process via an authentication portal of a management device are also displayed. After it is determined that a user has performed the authentication process, any user identification, which has been associated with the unique code, is then obtained from the management device. The obtained user identification is then stored for use by the mobile device. After user identification has been obtained and stored, the stored user identification is used for the mobile device to participate in an authentication process for authorizing the mobile device to utilize a web service or user account associated with the user identification. The authentication process is participated in by the mobile device without requiring input from the user during such authentication process.04-30-2009
20120260321Method and apparatus to auto-login to a browser application launched from an authenticated client application - A technique for automated login to a browser application from an authenticated client application begins upon the end user taking an action to access a target resource. A credential is associated with the client application as a result of a prior login operation. The technique is implemented in a server application associated with the client application. In response to the end user taking the action, the server application receives a first request that includes the credential. The credential is cached at a location identified by a one-time-key that is generated by at the server in response to receipt of the first request. The server application then returns a response to the first request that includes a data string (e.g., a URL-template) that includes the one-time-use key. Upon receipt of that response, the client application fills in the URL-template with the target resource URL and launches the browser. The resulting second request is received at the server application, which retrieves the credential from the location identified by the one-time use key. The server application sets the retrieved credential in a cookie and returns a response to the second request. That response includes the cookie and a redirect to the target resource. In this manner, the browser is redirected to the target resource (e.g., a secure page) without requiring an extra login.10-11-2012
20120180114Method and System for Subscriber to Log in Internet Content Provider (ICP) Website in Identity/Location Separation Network and Login Device Thereof - The present invention provides a method and system for a user to log in an Internet Content Provider (ICP) website in an identification location separation network and a login device thereof. The method includes: after receiving an access data packet of a user, the ICP website obtaining an identification code of the user therein, and transmitting the identification code of the user to an Internet Service Provider (ISP) authentication center; the ISP authentication center authenticating the user based on the identification code of the user, and if the authentication is passed, the ISP authentication center returning an authentication passed message, which contains the identification code of the user, to the ICP website; after receiving the authentication passed message, the ICP website obtaining personal information of the user according to the identification code of the user, and then the user logging in the ICP website.07-12-2012
20100024010Mobile device with customizable login screen - An exemplary method controls the display of information on the screen of a mobile device during a request for login information. Independently controlled regions of the screens are used to concurrently convey different information associated with each region to a user of the mobile device during the rendering of a login request that is contained in one of the regions.01-28-2010
20100011425System And Method For Making a Content Item, Resident Or Accessible On One Resource, Available Through Another - Systems and methods are provided to make content items, already available on one resource, also available through another, such as through a new location or resource. The content items may be, e.g., videos uploaded by a user or other content. The systems and methods employ a streamlined interface for convenience to the user. In one example, a user of a computer system views a video segment through a first website and re-posts the video segment to a second website by entering a single command or clicking a single button. The websites coordinate the re-posting using credentials previously or contemporaneously entered by the user. Moreover, a content item may be automatically prepared for re-posting on the target web site using previously-entered user selections. Playback software from a source website may be posted to a target website to allow access of the content item at the source website.01-14-2010
20100011424INFORMATION PROCESSING APPARATUS, METHOD FOR CONTROLLING INFORMATION PROCESSING APPARATUS, RECORDING MEDIUM, AND PROGRAM - An information processing apparatus not having an input device for receiving specific authentication information can access another information processing apparatus requiring the specific authentication information while suppressing a decrease in a security level. A control method for controlling an information processing apparatus includes authenticating a user using authentication information, receiving an access request from another apparatus, and requesting the other apparatus to send the authentication information in response to reception of the access request from the other apparatus. When the other apparatus does not have an inputting unit for inputting the requested authentication information, the requesting step includes requesting a predetermined substitute apparatus having the inputting unit to send the authentication information. The authenticating step includes authenticating the user based on the authentication information sent from the predetermined substitute apparatus in response to the request made at the requesting step.01-14-2010
20100011423User identification system and a method thereof - A service providing system using the biometrics identification without inputting the user ID poses the problem that the consideration of a service is erroneously claimed to the registered user not using the service due to the erroneous identification. According to this invention, the threshold of the value of the degree of similarity for user identification is set strictly for each registered biometrics information of the user in accordance with the declaration of the loss caused by the erroneous identification.01-14-2010
20100011422PORTABLE ACCOUNT INFORMATION - A method of providing portable account information includes associating two accounts (01-14-2010
20100011421ENABLING AUTHENTICATION OF OPENID USER WHEN REQUESTED IDENTITY PROVIDER IS UNAVAILABLE - A method, system and computer program product for enabling authentication of an OpenID user when a requested identity provider is unavailable. A relying party receives a login request from the OpenID user, where the login request includes a username. The relying party reads a list of trusted identity providers that are associated with the received username and selects one of those identity providers. The relying party generating an OpenID identifier using an identification (e.g., Uniform Resource Locator) of the selected identity provider and the username. The relying party transmits an authentication request (request to authenticate the OpenID user) to the selected identity provider using the formed OpenID identifier. If the selected identity provider is unavailable, then the relying party selects another identity provider from the list of identity providers that are associated with the received username and repeats the above process.01-14-2010
20100011420OPERATING A SERVICE ON A NETWORK AS A DOMAIN NAME SYSTEM SERVER - Operating a service such as a remote database as a dns server, receiving inputs such as queries as domain names and transmitting replies in the format of IPv4 or IPv6 addresses.01-14-2010
20100011419Authentication method using icon password - A method of authenticating a user of a terminal operating a server and connected to the terminal through a communication network, in which a password needed for authentication is inputted as icons, rather than numerals or characters, thereby preventing leakage or theft of the password. Through the present invention, security is improved in processing a password in an information processing device or a communication network, and furthermore, leakage of the password is fundamentally prevented in the process of inputting the password by a user. Therefore, an effect of securing reliability of the overall authentication process may be obtained.01-14-2010
20120272298METHOD TO PROVIDE CHIP BASED SECURITY FOR I/O PACKETS IN AN ARRAY USING DYNAMIC TOPOLOGY - An apparatus comprising a controller circuit and an array. The controller circuit may be configured to read/write data in response to one or more input/output requests. The array may be configured to present/receive data to/from the controller circuit in response to the input/output requests. The data may be only transmitted to/from the array after a successful authentication between (i) a first code embedded within each of the input/output requests and (ii) a second code stored on a non-volatile memory within the controller circuit.10-25-2012
20090055906METHOD AND APPARATUS FOR EMBEDDED MEMORY SECURITY - A method and apparatus for protecting data in a memory block from unauthorized access. When writing or reading data to or from the memory block an error correction code (ECC) is used to calculate an ECC value, wherein the calculation of the ECC value is based on a combination of the data and a password provided to the memory block prior to reading or writing. In case the calculated ECC value does not match a stored ECC value a write or read error is signalled to the device requesting the operation.02-26-2009
20090070860AUTHENTICATION SERVER, CLIENT TERMINAL FOR AUTHENTICATION, BIOMETRICS AUTHENTICATION SYSTEM, BIOMETRICS AUTHENTICATION METHOD, AND PROGRAM FOR BIOMETRICS AUTHENTICATION - A template sharing processing is performed between a first authentication server and a second authentication server. A client terminal generates two parameter differences, one of which is sent to the first authentication server, and the other to the second authentication server. The first authentication server transforms an already-registered template with the received parameter difference to create a temporary template and sends the temporary template to the second authentication server. The second authentication server transforms the received temporary template with the already-received parameter difference to create and register therein a further transformed template. A storage medium stores therein only a single master key for generating a parameter.03-12-2009
20090313683IMAGE PROCESSING APPARATUS, DATA PROCESSING APPARATUS, AUTHENTICATION METHOD, DEFINITION DATA UPDATING METHOD, AND AUTHENTICATION PROGRAM AND DEFINITION DATA UPDATING PROGRAM EACH EMBODIED ON COMPUTER READABLE MEDIUM - In order to facilitate maintenance of definition data in which permission or non-permission to execute a process is defined for a respective user, an MFP includes a process execution portion capable of executing processes, a user authentication portion, a definition data acquiring portion to acquire, for the authenticated user, user definition data defining a defined process for which permission or non-permission to execute the process is predetermined and also defining permission or non-permission to execute an undefined process other than the defined process, and a determination portion to determine, for each of the processes the process execution portion can execute, that the user is permitted to execute the process if it is set as the defined process and execution thereof is permitted in the user definition data, or if it is not set as the defined process but execution of the undefined process is permitted therein.12-17-2009
20100306831METHOD FOR FINGERPRINTING AND IDENTIFYING INTERNET USERS - Various aspects of the present system provide methods and systems for tracing internet actions to a remote computer and to an individual who operates the computer. One aspect provides a technique to generate fingerprint of computer and its user based on the information collected through the actions a user conducts on internet. Another aspect of the system provides a technique to compute the fingerprints and find relations between users and computers. Another aspect of the system provides a trust ranking to a user based on the consistency of information collected from the user's various actions.12-02-2010
20120233672Provisioning Methods And Apparatus For Wireless Local Area Networks (WLANS) With Use Of A Provisioning ESSID - A wireless network has a primary network which provides one or more communication services and a provisioning network which provides a provisioning service but disallows the one or more communication services. A mobile device associates with an access point of the wireless network by sending a request which includes a first set service identifier (SSID) for accessing and operating in the provisioning network. If an authentication procedure is successful, the device receives via the access point a second SSID in a provisioning procedure with the provisioning network, and programs the second SSID in a network list. The device subsequently associates with the access point by sending a request which includes the second SSID from the network list instead of the first SSID, for accessing and operating in the primary network for the one or more communication services.09-13-2012
20120233673System and Method to Support Identity Theft Protection as Part of a Distributed Service Oriented Ecosystem - A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in Internet protocol (IP) multimedia subsystem (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device.09-13-2012
20130174231MEDIA EXPOSURE DATA COLLECTION AND SECURITY - Systems and methods are disclosed for securely transferring research data relating to media exposure data, such as radio, television, streaming media and the Internet. A plurality of portable computing devices seek and bond to a collector via Bluetooth in a specific area, such as a household. The collector authenticates itself with each of the portable computing devices and vice versa where the collector arranges a secure research data transfer session with each respective device using exchanged authentication files. As each secure session is made, each portable computing device transmits stored research data during the session.07-04-2013
20100333184SYSTEM AND METHOD FOR AUTHENTICATION - A system and method for authentication including verifying a password is disclosed. In one embodiment, the authentication system includes a first storage unit to store an authentication sequence, a read-only memory unit to store an authentication algorithm, and a second storage unit. A microcontroller is coupled to the first storage unit, the read-only memory unit, and is configured to be coupled to and uncoupled from a host. The microcontroller is configured to execute the authentication algorithm to verify a password with the authentication sequence, and to send an access request to a web server via the host if the authentication algorithm has verified the password with the authentication sequence.12-30-2010
20080301787IMS NETWORK IDENTITY MANAGEMENT - There is disclosed a manner of enabling secure communications between a UE (user equipment) device operating though a packet-switched network and a 312-04-2008
20080301785SYSTEMS, METHODS AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING ADDITIONAL AUTHENTICATION BEYOND USER EQUIPMENT AUTHENTICATION IN AN IMS NETWORK - A communication network provides access to a network service by providing an additional level of authentication beyond device level authentication. Operations include receiving a message at a Bootstrapping Server Function (BSF) from User Equipment (UE) that additional authentication beyond UE authentication is required for UE access to a network service, and performing an authentication protocol between the BSF and a Home Subscriber System (HSS) to authenticate an identity associated with the UE responsive to receiving the message.12-04-2008
20110131636SECURE TRANSFERENCE OF DATA BETWEEN REMOVABLE MEDIA AND A SECURITY SERVER - A data processing system for securing information transfer from a removable media, comprising a security server and networked devices. Each networked device comprises a first operating system arranged to operate it; a second operating system, substantially differing structurally from the first operating system, and arranged to communicate with the security server over a secure communication link; and an I/O port arranged to allow connecting the removable device thereto. Each networked device is arranged to communicate with the removable device only via the second operating system responsive to the connection of the removable device to the port. The second operating system receives the information from the removable media via the I/O port and sends the information to the security server, which applies thereon operations relating to information security and in reference to predefined security criteria, such that the information is secure for use in the networked devices.06-02-2011
20120240205SELECTIVE INTERNET PRIORITY SERVICE - An Internet Priority Service (IPS) provides to authorized users priority access to communication over the Internet during emergencies. Transmission of data packets from an authorized user that accesses the IPS are given priority for transmission over the Internet. The level of priority given to a data packet depends on the type of application associated with the data packet. Each user or group of users may also be given a respective IPS level of priority. Furthermore, for a particular authorized user, access to the IPS may be limited to a specific number of application types, which for example do not have high bandwidth requirements. Assigning different priority levels as a function of application type and user or group of users, and limiting IPS access to specific application types allows efficient methods of emergency communication to be implemented over the Internet during emergencies.09-20-2012
20120240204System, design and process for strong authentication using bidirectional OTP and out-of-band multichannel authentication - Systems and methods of authentication according to the invention are provided comprising a user, a service client, a service server, a portable communications device and an authentication server, wherein the method comprises use of one time passwords and out-of-band outbound communication channels. This system gives access to authentication seekers based on OTP out of band outbound authentication mechanism. The authentication seeker or system user scans a multi-dimensional barcode or another like encoding mechanism and validates the client and triggers the out of band outbound mechanism. The portable mobile device invokes the client server to request authentication. The client server authenticates the user based on a shared secret key and the user is automatically traversed to the next page.09-20-2012
20120240203METHOD AND APPARATUS FOR ENHANCING ONLINE TRANSACTION SECURITY VIA SECONDARY CONFIRMATION - The need for secure online transaction on inherently insecure platforms such as PCs and mobile devices is increasing with the widespread adoption of e-commerce and online banking. Providing enhanced security on such platforms is challenging as factors of cost and user convenience are significant barrier to adoption rates. The proposed invention does not require special hardware, operating systems or communication links installed on the client devices. Instead, it makes use of the fact that a large number of consumers already have access to multiple independently operating devices such as PCs and cellular phones. Providing secondary confirmation for secure transactions using a plurality of such devices addresses both the cost and ease-of-use factors. In particular, a secure transaction that is originated on one type of consumer device such as a PC is conducted to require a secondary transaction on a different device such as a mobile phone. This way an attacker faces the much harder problem of synchronously compromising two very different systems to gain control of a particular secure transaction.09-20-2012
20110047604COMPUTING INPUT SYSTEM WITH SECURE STORAGE AND METHOD OF OPERATION THEREOF02-24-2011
20110047603Systems and Methods for Obtaining Network Credentials - Systems and methods for obtaining network credentials are disclosed. In some embodiments, a method comprises receiving, with a digital device, a network identifier from a network device, providing a first credential request including the network identifier to another digital device on a network, receiving a request for additional network information from the other digital device, providing a second credential request including additional network information to the other digital device, receiving a credential request response including network credentials from the other digital device, and providing the network credentials from the credential request response to a network device.02-24-2011
20110047602End-of-Session Authentication - Techniques for facilitating an online transaction session with an end-of-session authentication are provided. The techniques include performing a start-of-session authentication to enable an online transaction session, and performing an end-of-session authentication to end the online transaction session, wherein the end-of-session authentication comprises a scope comprising each pre-defined critical transaction from the transaction session.02-24-2011
20120324550Systems and Methods for Combining User Profiles - Certain embodiments of the invention may include systems and methods for combining user profiles. According to an example embodiment, a method is provided for refining group content choices. The method includes identifying that at least two users are accessing media content on a same device, wherein each of the at least two users is associated with a different set of profile attributes; generating a spliced user profile having spliced profile attributes based at least in part on at least a portion of the set of profile attributes associated with at least one of the at least two users; determining at least one content recommendation based on the spliced profile attributes; and delivering the at least one content recommendation over a content distribution channel to the at least two users on the media device.12-20-2012
20120324551Method of Improving Online Credentials - The invention comprises a method of providing additional assurance regarding a websites authenticity, The assurance is provided by using a credential that contains an image of the website operator or the website operator's business operations. The assurance is also provided by scanning the website associated with the credential for changes and alerting the website operator or a website visitor of the changes. The invention includes a method of ensuring the proper operation of the credential and a method of protecting the credential from mis-issuance.12-20-2012
20120272300METHOD AND SYSTEM FOR CONFIGURING LOCAL AND REMOTE RESOURCES TO ACCOMPLISH RENDERING OF MULTIMEDIA CONTENT ON DISSIMILAR FORMAT DEVICES BASED ON USER BIOMETRIC DATA - A system and method is provided for communication of information in a mobile communication device (WMCD) configured to network connection may include discovering via a wireless mobile communication device, available communication resources based on acquired biometric data for a user of the WMCD, and communicating multimedia information between the WMCD and one or more of the discovered available resources. The acquired biometric data may include physical and behavioral biometric data to be authenticated and validated by a pattern recognition database. A connection between the WMCD and one or more discovered available resources may be established through linking the acquired biometric data to resources in available local or remote network. The established connection may enable the WMCD to consume or redirect media from the available resources and may be dynamically adjusted and updated based on dynamic sensing of the acquired biometric data in the available network or available resources.10-25-2012
20120272299INFORMATION PROCESSING SYSTEM, IMAGE PROCESSING APPARATUS, INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR AND COMPUTER-READABLE STORAGE MEDIUM - There are provided an information processing system for providing a user with an authentication screen suitable for an authentication apparatus connected to an image processing apparatus, an image processing apparatus, an information processing apparatus, a control method therefor, and a program. When a user requests a login operation, the image processing apparatus generates a login request containing authentication apparatus information indicating an authentication apparatus for authenticating the user, which is connected to the image processing apparatus, and notifies the information processing apparatus of the login request. On the other hand, when the login request is sent, the information processing apparatus generates screen information of an authentication screen for executing authentication using the authentication apparatus indicated by the authentication apparatus information, and notifies the image processing apparatus of the generated screen information.10-25-2012
20110214166CONNECTION MANAGEMENT - At a mobile internet protocol (MIP) enabled mobile node (MN), an internet key exchange (IKE) security association (SA) message is prepared and an extension is contained in the SA message indicative of an MIP binding related instruction to a home agent (HA). The SA message is then sent to a packet data network. At a network element, the SA message and an IKE SA message are received from the mobile node. The network element determines in the SA message an MIP binding related instruction to the HA and stores an MIP message based on the determined MIP related instruction. The network element also sends the MIP message to the HA of the MN.09-01-2011
20110239282Method and Apparatus for Authentication and Promotion of Services - An approach is provided for authenticating services at a device. An authentication request from a services platform is received at a device. Local credentials to authenticate access to a storage are retrieved. The access to the storage is authenticated based, at least in part, on the local credentials. If authenticated, it is determined that account information for the services platform is in the storage. The account information includes authentication credentials associated with the services platform, a security policy associated with the services platform, or a combination thereof. A response to the authentication request is generated based, at least in part, on the account information.09-29-2011
20120278869REGISTRATION AND CREDENTIAL ROLL-OUT FOR ACCESSING A SUBSCRIPTION-BASED SERVICE - A user may access a subscription-based service via a system comprising one or more devices with one or more separate domains where each domain may be owned or controlled by one or more different local or remote owners. Each domain may have a different owner, and a remote owner offering a subscription-based service may have taken ownership of a domain, which may be referred to as a remote owner domain. Further, the user may have taken ownership of a domain, which may be referred to as a user domain. In order for the user to access the subscription-based service, registration and credential roll-out may be needed. An exemplary registration and credential roll-out process may comprise registration of the user, obtaining credentials from the remote owner and storing the credentials.11-01-2012
20120278868FRAUD DETECTION SYSTEM AUDIT CAPABILITY - Embodiments of the invention are directed to a fraud detection system that records an audit log of modifications made by a user to a selection of fraud detection rules in a merchant profile. The audit log contains details of the modifications and the user associated with the modifications. A search can be conducted on the audit log to determine details of modifications made to a merchant profile within the fraud detection system.11-01-2012
20120090020SIDE LOADING - Side loading of content elements is provided. A selection of a content element from a terminal device may be received and a content format associated with the terminal device may be identified. If the content element is not available in the identified content format, the content element may be transcoded from a current content format to the identified content format and the content element may be transferred to the terminal device in the identified content format.04-12-2012
20110277020AUTHENTICATION TERMINAL AND NETWORK TERMINAL - Responsive to a proxy authentication request from a network terminal, a display for prompting a user to start an authentication operation is performed; authentication data for performing personal authentication are read by a user operation; an authentication request is sent together with the read authentication data to an authentication server; an authentication result is received from the authentication server; the network terminal is notified of the result. When a service requiring personal authentication is used, via a network, a request for proxy authentication can be made from a network terminal lacking an interface for personal authentication to a proxy authentication terminal having an interface for personal authentication, whereby the interface of the proxy authentication terminal can be used to perform the personal authentication.11-10-2011
20120331533Virtualizing Storage for WPAR Clients that Share a Common Operating System of Logical Partition - Systems, methods and media for providing to a plurality of WPARs private access to physical storage connected to a server through a VIOS are disclosed. In one embodiment, a server is logically partitioned to form a working partition comprising a WPAR manager and individual WPARs. Each WPAR is assigned to a different virtual port. The virtual ports are created by using NPIV protocol, between the WPAR and VIOS. Thereby, each WPAR has private access to the physical storage-connected to the VIOS.12-27-2012
20120331532DEVICE-AGNOSTIC MOBILE DEVICE THIN CLIENT COMPUTING METHODS AND APPARATUS - In some embodiments, a non-transitory processor-readable medium stores code representing instructions configured to cause a processor to send, from a sole application stored at a mobile device, a first signal including authentication information of a user. The code can further represent instructions configured to cause the processor to receive, at the sole application, a second signal indicating a set of cloud-based applications associated with the user, the second signal being sent in response to the authentication information. The code can further represent instructions configured to cause the processor to send, to a display of the mobile device, an indicator of the set of cloud-based applications associated with the user, and receive user input including a request to initialize a first cloud-based application from the set of cloud-based applications. The code can further represent instructions configured cause the processor to send a third signal indicating a requested function associated with the first cloud-based application, and receive, in response to the third signal, a fourth signal including information associated with the requested function.12-27-2012
20100229224Web Content Access Using a Client Device Identifier - Systems and methods are provided for controlling access to online services. For example, the system may include an application running on a user computer (09-09-2010
20100229222Peer-to-Peer Video Content Distribution Network Based on Personal Network Storage - A method and system of accessing content in a peer-to-peer network are described including receiving by a peer a content list including content availability from a directory service, requesting content from the directory service and downloading the requested content to a first personal network storage area associated with the requesting peer from a second personal network storage area associated with a second peer, wherein the first and second personal network storage areas are hosted by servers with an access network. A method and system for accessing content in a peer-to-peer network are also described including receiving by a directory service peer information and content availability information, posting the peer information and the content availability information, receiving a request for content from a peer and directing a personal network server having a personal network storage areas associated with peers to transfer the content from a personal network storage area associated with a second peer to a personal network storage area associated with the requesting peer.09-09-2010
20110321141NETWORK DEVICES WITH LOG-ON INTERFACES - A credential provider component receives predetermined identity information (IDINF) from a portable device and controls an information database to provide a predetermined credential if the predetermined IDINF matches content in the information database. A log-on component allows the portable device to log on to a network device using the predetermined credential if the predetermined credential is valid.12-29-2011
20120102552USING AN IMAGE TO PROVIDE CREDENTIALS FOR SERVICE ACCESS - A method for providing at least one credential to access a service includes receiving an image from a camera that is included in a user device that also includes a processor and a communications device. The image is analyzed using an optical character recognition engine coupled to the processor. The analyzing the image includes determining that the image includes potential credential information that includes at least one credential including at least one character string. The at least one credential from the potential credential information is provided, using the communications device, to a service in order to access the service. In an embodiment, the user device may include a limited input device that is free of a physical keyboard having alphanumeric characters, and the determination and use of the at least one credential from the image simplifies the accessing of the service by minimizing or eliminating the need to use the limited input device.04-26-2012
20120291106CONFIDENTIAL INFORMATION LEAKAGE PREVENTION SYSTEM, CONFIDENTIAL INFORMATION LEAKAGE PREVENTION METHOD, AND CONFIDENTIAL INFORMATION LEAKAGE PREVENTION PROGRAM - Provided is a confidential information leakage prevention system in which a client 11-15-2012
20100199334DEVICE AND METHOD FOR IDENTIFICATION AND AUTHENTICATION - A device for identification and authentication of a remote user connecting to a service over a network includes a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a unique authentication code as emulated keystrokes through a standard input, means of a client terminal. The code may be transmitted only by an explicit command of the user.08-05-2010
20130014234DOMAIN ISOLATION THROUGH VIRTUAL NETWORK MACHINES - A method and device for communicating information resources between subscriber end stations and nodes belonging to different network domains is described. The device instantiates different virtual network machines for different network domains using separate independently administrable network databases. Each of the administrable chores of the separate independently administrable network databases includes the assignment of access control and the configuration of the policies for those network databases. The policies include traffic filtering policies to indicate what kind of information payloads can be carried, traffic and route filtering policies to indicate what paths through the network will be used for each payload carried. Each of the network domains includes one of the different virtual network machines and each of the different network domains is virtually isolated from other network domains.01-10-2013
20130014233SYSTEM AND METHOD FOR SECURE VOTING - Methods, systems, and computer-readable media are provided for conducting an election. In one exemplary embodiment, there is provided a method for ensuring integrity of an electronic ballot. The method can include creating electronic ballots for voters based on votes received from the voters; digitally signing the electronic ballots; storing the signed electronic ballots; retrieving the signed electronic ballots from storage; verifying the digital signatures on the retrieved electronic ballots; and presenting the voters with validation pages derived from the retrieved electronic ballots, the validation pages including a user interface element for the voters to confirm that the retrieved electronic ballots accurately reflect their vote.01-10-2013
20130014232CONFIGURATION OF ACCESSORIES FOR WIRELESS NETWORK ACCESS - A portable computing device can enable an accessory to access a wireless network. In particular, the portable computing device can provide a wireless network access credential to the accessory. The accessory can thereafter use the wireless network access credential to access a wireless network. The portable computing device can additionally configure an access point that manages the wireless network to permit the accessory to join the wireless network.01-10-2013
20130014235METHOD FOR DISTINGUISHING A LIVE ACTOR FROM AN AUTOMATION - A computer-implemented method for distinguishing a live actor from an automation is described. A user request to access a service is received, and, in response, the user is presented with a minority set of N objects and a majority set of >N objects. The majority set includes objects sharing at least one common attribute expected to be apparent to a human observer absent among objects associated with the minority set. The user is requested to identify at least one object, from among the objects associated with the minority or majority set, that satisfies a predetermined criterion and in response an indication of a selection of at least one object is received. Whether the user-selected object satisfies the predetermined criterion is determined and as is that the user is a human upon determining that the user-selected object satisfies the predetermined criterion.01-10-2013
20100132018Method, Apparatus, and Computer Program Product for Managing Software Versions - An apparatus for managing software versions may include a processor. The processor may be configured to determine whether a security identifier of a first security certificate matches a trusted security identifier. In this regard, the first security certificate may include software version criteria. The processor may also be configured to determine whether a software version of a software application satisfies software version criteria of the first security certificate. The processor may be configured to make this determination in response to determining that the security identifier of the first certificate matches the trusted security identifier. Further, the processor may also be configured to permit execution of the software application, in response to determining that the software version satisfies the software version criteria. Associated methods and computer program products may also be provided.05-27-2010
20100132017PROCESS FOR AUTHENTICATING A USER BY CERTIFICATE USING AN OUT-OF BAND MESSAGE EXCHANGE - A process for authenticating a user by certificate using an out-of-band message exchange is provided. The authentication of the user may be performed in addition to initial authentication procedures. The certificate-based authentication of the user may provide for a more secure mechanism for confirming the identity of the user and may be used for specific applications requiring such higher security provisions.05-27-2010
20110162052Network-Based Verification and Fraud-Prevention System - A system for authentication has an Internet-connected server providing services and software executing on the server from a non-transitory physical medium. The software provides a function for receiving a request for authentication from a person seeking service at the server, a function for requesting by the server one or more username/password pairs used for log-in for the person at one or more Internet sites remote from the server, a function for logging in by the server at the remote site or sites on behalf of the person, using the username/password pair or pairs provided by the person, and a function for authenticating the person at the server for interaction with the server.06-30-2011
20110162051AUTHENTICATION METHODS - A computer readable storage medium has computer-executable instructions for causing a computer system to perform a method. The method includes receiving authentication information from an electronic device; identifying the electronic device based on device information for the electronic device; locating an entry associated with a combination of the authentication information and the electronic device, the entry including a count of the number of times the authentication information failed authentication during a specified time interval; and locking out the combination if the count reaches a threshold value, thus blocking the authentication information from accessing a target.06-30-2011
20130024916System and Method for Verification, Authentication, and Notification of Transactions - A system and method are provided for verifying, authenticating, and providing notification of a transaction such as a commercial or financial transaction, with and/or to at least one party identified as engaging in the transaction and/or identified as having a potential interest in the transaction or type of transaction.01-24-2013
20130024915Systems and Methods for Authenticating Users Accessing Unsecured WiFi Access Points - Systems and methods system for a user accessing an unsecure Wifi access point are provided. In an embodiment, the present invention requests that the customer perform authentication of the access point to which he is connected. On initial connection to the access point, the customer provides his username/password and chooses a memorable information element (e.g., image or phrase). A site specific cookie is delivered to the customer device after a successful authentication. On subsequent connections, the site specific cookie is validated and the MAC address of the customer device is used to retrieve the memorable information element. If the customer recognizes his memorable image, he confirms that he is on a bona fide access point. In a further embodiment, if the customer connects at a location and/or time of day which breaks a previously observed pattern, MAC authentication is not accepted and a full authentication (e.g., user/password) is required.01-24-2013
20130024917MEMO SYNCHRONIZATION SYSTEM, MOBILE SYSTEM, AND METHOD FOR SYNCHRONIZING MEMO DATA - Provided is a memo synchronization system, a mobile system, and a method for synchronizing memo data. The memo synchronization system includes a storage device, an authentication unit configured to authenticate a user by receiving authentication information of the user from a mobile terminal via a memo application installed in the mobile terminal, and a synchronization unit stored on the storage device and configured to synchronize memo data stored in the mobile terminal with memo data stored in a web storage space of an online memo service based on a request for synchronization transmitted from the mobile terminal through the memo application. The request for synchronization includes a synchronization request generated by the memo application according to an event set by the user.01-24-2013
20090125990WIRELESS E MAIL CONNECTIVITY - A method, system and software enable e-mails to be sent from a mobile wireless device on which an email client application is installed while roaming on any wireless IP network, without limitation due to the home ISP restrictions. This involves the steps of: automatically or manually configuring the roaming user's email client to deliver email locally on the mobile device; so intercepting emails sent by the e-mail client; determining if the currently connected network is on a predefined list; avoiding outgoing email server flooding; routing of the email through a dedicated secure SMTP server with SMTP authentication and encryption; and associating wireless network log-in credentials with SMTP authentication credentials in a secure and hidden manner.05-14-2009
20080250478Wireless Public Network Access - Public access to a network is provided through wireless access points, which may simultaneously support secured network access; in preferred embodiments, the access points are routers (such as “WiFi” routers). Accordingly, a router is configured with a public access profile (or profiles), which may be selectively enabled or disabled. When enabled, the router sends out an identifier that can be used to associate a client device with a public (i.e., unauthenticated) access path through the router to a network. The router also sends out a conventional identifier that can be used to associate another client device with a secured (i.e., authenticated) access path through the router, where the public and secured access paths are usable simultaneously by clients of the router.10-09-2008
20080244716TELECOMMUNICATION SYSTEM, TELECOMMUNICATION METHOD, TERMINAL THEREOF, AND REMOTE ACCESS SERVER THEREOF - Telecommunication system comprises a terminal and a relay device which relays a communication path established on a network by the terminal, wherein the relay device sends certification information based on a demand of the terminal and the terminal checks whether the certification information is correct or not and the terminal establishes a communication path on the network when the certification information is correct.10-02-2008
20080229398FRAMEWORK AND TECHNOLOGY TO ENABLE THE PORTABILITY OF INFORMATION CARDS - When a user connects a pluggable card store to a machine, the machine plugs a pluggable card provider into a card provider registry. The pluggable card store can be an object portable to the user, or can be a remote store available via some connection, such as an FTP connection. The user can then use the information cards stored on the pluggable card store in a transaction.09-18-2008
20110247058ON-DEMAND PERSONAL IDENTIFICATION METHOD - The invention relates to a personal identification method based on requirements. An authentication checking system (10-06-2011
20110247056Method and apparatus for improved connection of wireless devices using third party programming capability - Provided are a method and an apparatus for searching neighboring Bluetooth® devices through an external terminal having programming capability. The inventive method provides for a slave Bluetooth® device to receive, from the external terminal, the MAC address and optional device name from a target Bluetooth® device.10-06-2011
20130174233SERVICE PROVIDER INVOCATION - A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.07-04-2013
20130174232SERVICE PROVIDER INVOCATION - A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.07-04-2013
20110265155SERVICE PROVIDER ACCESS - A method and apparatus for enabling a user to access a service provider is described. The user sends a request from a browser to a proxy server. The proxy server modifies the request by adding data (such as a URL) relating to a location of an identity provider able to provide user credentials for the user and forwards the modified request to the service provider. The modification of the access request may occur before the request is sent to the service provider or in response to an authentication request from the service provider. The data relating to the location of the identity provider may be provided as a header (e.g. an http header).10-27-2011
20080222709Method for verification via information processing - Identification servers are small, perhaps embedded, systems that can be used as subsystems of a tracking and verification system. An identification server can obtain identification data when a trigger, called an identification event, occurs. The identification server can store the identification data in a database module with a key. The identification server can send a message containing the identification data or the key to a set of subscribing clients. Subscribing clients, such as a central database or a graphical user interface, are clients that subscribe to receive messages from the identification server. An identification server can trigger off of an identification message sent by another identification server.09-11-2008
20130145439APPARATUS AND METHOD FOR SECURE STORAGE OF INFORMATION ON A MOBILE TERMINAL - A mobile terminal and method for securely storing private information are provided. The mobile terminal includes a cellular band transceiver for transmitting and receiving radio signals in a cellular band, a controller for controlling operations of the mobile terminal, and a memory for storing programs used by controller for the controlling of the operations of the mobile terminal and data including the private information, the memory including a secure storage area for storing the private information, and a non-secure storage area for storing the non-private information.06-06-2013
20130145440REGULATING ACCESS USING INFORMATION REGARDING A HOST MACHINE OF A PORTABLE STORAGE DRIVE - Described herein are techniques for regulating access to a remote resource using two-factor authentication based on information regarding a host machine of a portable storage drive that stores an operating system that is booted by the host machine. The information regarding the host machine of a portable storage drive may be used as a second factor in a two-factor authentication. Such information regarding the host machine may include, in some embodiments, information retrieved from a secure storage of the host machine, such as from a cryptoprocessor of the host machine. The information may include an identifier for the host machine or may be a user credential pre-provisioned to the host machine to be used in two-factor authentication.06-06-2013
20130145441CAPTCHA AUTHENTICATION PROCESSES AND SYSTEMS USING VISUAL OBJECT IDENTIFICATION - Systems and processes for performing user verification using an imaged-based CAPTCHA are disclosed. The verification process can include receiving a request from a user to access restricted content. In response to the request, a plurality of images may be presented to the user. A challenge question or command that identifies one or more of the displayed plurality of images may also be presented to a user. A selection of one or more of the plurality images may then be received from the user. The user's selection may be reviewed to determine the accuracy of the selection with respect to the challenge question or command. If the user correctly identifies a threshold number of images, then the user may be authenticated and allowed to access the restricted content. However, if the user does not correctly identify the threshold number of images, then the user may be denied access the restricted content.06-06-2013
20130145442SYSTEM AND METHOD FOR PRIVILEGE DELEGATION AND CONTROL - This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.06-06-2013
20130145443APPLICATION SECURITY SYSTEM AND METHOD - According to an aspect, a computing device includes a processor; a computer readable memory; a display screen; a touch sensitive panel overlying the display screen; and computing device application instructions coded in the computer readable memory and executed by the processor to: display a user-selectable photograph on the display screen, the user-selectable photograph including a group of fiducials, generate captured pattern data, the captured pattern data representing coordinate values on the touch sensitive panel where touched by a user, and provide for authentication of the user based on a comparison of the captured pattern data and respective locations of the group of fiducials included in the user-selectable photograph.06-06-2013
20130145444ELECTRONIC RECEIPT SYSTEM, TERMINAL DEVICE AND METHOD OF PROVIDING ELECTRONIC RECEIPT - An electronic receipt system includes a terminal device, a first memory unit which a first user has, and a second memory unit which a second user who is a trading partner of the first user has. The terminal device includes biometric authentication obtaining means to obtain biometric authentication information of the first user and biometric authentication information of the second user; electronic tally generating means to generate electronic tallies based on the biometric authentication information of the both users; electronic receipt generating means to generate electronic receipts including transaction information of the first user and the second user, the electronic receipts including a first electronic receipt having one of the electronic tallies and a second electronic receipt having another of the relevant electronic tallies; means to store the first electronic receipt in the first memory unit; and means to make the second electronic receipt to be stored in the second memory unit.06-06-2013
20120254956Securely Managing Password Access to a Computer System - A method, system or computer usable program product for providing initial access Lo the computer system in response to a user providing a first password, and upon detecting a condition meeting a predetermined criteria, providing subsequent access to the computer system in response to the user providing a second password wherein the first password has stronger security than the second password.10-04-2012
20130091557SYSTEM AND METHOD FOR PROVIDING CLOUD-BASED CROSS-PLATFORM APPLICATION STORES FOR MOBILE COMPUTING DEVICES - A method of accessing an application on an internet computing device includes deploying a cross-platform application store server, and accessing one or more multi-platform applications in either of two modes: a first mode including running in a cloud one or more multi-platform applications in an application container, and remotely displaying the applications using a display protocol, or a second mode including running by proxy one or more local applications on a device in a secure application container.04-11-2013
20130097677Systems, Methods and Computer Program Products Supporting Provision of Web Services Using IMS - A web service request from a device is received at a web service provider. The web service request is authenticated at the web service provider using the IMS network. A requested web service is provided to the device responsive to the authentication of the web service request. The web service request may be received via a path outside of the IMS network, e.g., over a network using HTTP or other non-IMS protocol. The requested web service may also be provided using a web service response communicated to the device via a path outside of the IMS network.04-18-2013
20130097678Portable Identity Rating - Portable on-line identity verification technology includes, for example, portable widgets with an identity rating, and other on-line identification verification icons and identity rating scores.04-18-2013
20130097679AUTHENTICATION SERVER WITH LINK STATE MONITOR AND CREDENTIAL CACHE - An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores. The authentication server receives forwarded credentials for the agreed authentication method from the supplicant and instructs the authenticator to give the supplicant access to the port, if the authentication server can verify the credentials against a credential store or a credential cache.04-18-2013
20130104204MOBILE HOST USING A VIRTUAL SINGLE ACCOUNT CLIENT AND SERVER SYSTEM FOR NETWORK ACCESS AND MANAGEMENT - A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.04-25-2013
20130104201AUTHENTICATION SYSTEM AND RELATED METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for determining a key string adapted to provide a basis for authenticating the identity of the requester; a means for receiving an authentication credential associated with the request for access; and a means for evaluating the authentication credential to authenticate the identity of the requester.04-25-2013
20130104202SYSTEMS AND METHODS FOR AUTHORIZING THIRD-PARTY AUTHENTICATION TO A SERVICE - Systems and method for authorizing third-party authentication to a service are disclosed herein. As exemplary method includes an online service provider subsystem, which is configured to provide a service, 1) receiving a request from a user to use a third-party authentication service to authenticate the user to the service, 2) directing, in response to the request, the user to authenticate to the third-party authentication service, 3) receiving, from a third-party subsystem that provides the third-party authentication service, a third-party user identifier for the user, 4) requiring the user to verify an identity of the user, and 5) authorizing, based on the verified identity of the user, use of the third-party user identifier to authenticate the user to the service. Corresponding methods and systems are also disclosed.04-25-2013
20130104203BEHAVIORAL FINGERPRINT BASED AUTHENTICATION - A computationally-implemented method, for certain example embodiments, may include, but is not limited to: determining that a first user of a computing device is associated with the computing device; and determining a level of authentication associated with the first user via the computing device, the level of authentication at least partially based on a behavioral fingerprint. In addition to the foregoing, other example aspects are described in the claims, drawings, and written description forming a part of the present disclosure.04-25-2013
20130125220METHOD AND SYSTEM FOR AUTHENTICATING INTERNET USER IDENTITY - A method and system for authenticating an Internet user identity, by cross-referencing and comparing at least two independent sources of information. A first geographical location of computer signature of an Internet user is identified and the geographical location of a communication voice device of said Internet user is identified to determine a second location. The first and second locations are compared for geographical proximity to confirm the identity of the Internet user. Based upon geographical proximity of said locations, a score is assigned to the Internet user, and access to a website is allowed or limited based upon said score. Alternatively, additional authentication information can be required or access can be terminated.05-16-2013
20130125219AUTOMATED DEVICE PROVISIONING AND ACTIVATION - A non-transitory machine-readable storage medium storing program code for causing a processor to establish a plurality of links to a plurality of devices communicatively coupled to the processor, a particular link of the plurality of links supporting control-plane communications between the processor and a particular device of the plurality of devices over a wireless access network; receive a server message from a particular server of a plurality of servers communicatively coupled to the processor, the server message comprising message payload for delivery to the particular device; generate an encrypted message comprising the message payload and an identifier identifying a particular agent of a plurality of agents on the particular device; and send the encrypted message to the particular device over the particular link, wherein establishing the plurality of links comprises executing a link initialization sequence associating the particular link with a credential associated with the particular device.05-16-2013
20130125218METHOD, APPARATUS AND SYSTEM FOR REMOTE MANAGEMENT OF MOBILE DEVICES - An apparatus and system for enabling users to remotely manage their devices. Specifically, in one embodiment, in the event of a theft of a device or other such occurrence, a user may send a command to the device to execute a specified command. The command may include actions such as locking the device, shutting down the device, disabling logon's to the device and other such actions that may secure the device and the data on the device from unauthorized access. Upon receipt of an authorized unlock credential, the device may once again be made accessible.05-16-2013
20130133044SELF-PROPELLED HARVESTING VEHICLE INCLUDING A THERMOCHEMICAL REACTOR FOR CARBONIZING HARVESTED CROP MATERIAL - A system and method are provided for employing a hand-held wireless device to assess a vulnerability of a wirelessly-accessible target network to intrusion and/or cyber-attack. The system and method are directed at providing discrete, covert and fully-automated wireless access to the target network via one or more wireless access points and to assessing characteristic of the one or more wireless access points and the target network in support of a vulnerability assessment. The hand-held wireless device is configured to collect appropriate data regarding the wirelessly-accessible network, including network and portal scans, and higher-level programmed data collection. The hand-held wireless device is further configured to analyze the collected data and to produce at least a first level vulnerability assessment of the target network without interaction by the user.05-23-2013
20110219435CONTENT PROCESSING SYSTEM, CONTENT PROCESSING METHOD, COMPUTER PROGRAM, RECORDING MEDIUM, AND PORTABLE TERMINAL - A content processing system includes a content management device storing contents and information associated with the contents, and a plurality of portable terminals capable of accessing the content management device through a network, and performs a process on the contents according to a workflow using the plurality of portable terminals. The content processing system may include a first executing unit that let at least a part of the contents and the associated information be stored in a portable terminal among the plurality of portable terminals to perform a second process when the process to be currently performed in the workflow is moved from a first process to the second process.09-08-2011
20110219434PROVIDING SECURITY SERVICES WITHIN A CLOUD COMPUTING ENVIRONMENT - Embodiments of the present invention allow for the provisioning of security services within a Cloud computing environment by third parties. Specifically, under the present invention, a Cloud provider will publish a set of potential security attributes (e.g., a list), which can be monitored, to the Cloud customer. The Cloud customer will designate/select one or more of those attributes that the Cloud customer wishes to have monitored for one or more Cloud resources that it is using. The Cloud provider will then provide to the Cloud customer a set of third party security service providers capable of monitoring the attributes the Cloud customer designated. The Cloud customer will then select one or more third party providers from the provided set, and the Cloud provider will associate the given Cloud resources with the respective third party providers. Once third party providers have been associated with Cloud resources, a secure relationship between the third party provider(s) and the Cloud providers will be established.09-08-2011
20100275249METHODS AND APPARATUS TO DISCOVER AUTHENTICATION INFORMATION IN A WIRELESS NETWORKING ENVIRONMENT - Example methods and apparatus to discover authentication information in a wireless networking environment are disclosed. A disclosed example method involves transmitting a request message to a network access point requesting identifiers indicative of authentication information required by the network access point to authenticate a wireless terminal. In addition, at least one authentication requirement identifier is retrieved from a response message transmitted by the network access point. The at least one authentication requirement identifier is indicative of an authentication value obtainable using operations performed by the wireless terminal at a media access control layer without providing access to an internet protocol layer to retrieve the authentication value.10-28-2010
20110214165Processor Implemented Systems And Methods For Using Identity Maps And Authentication To Provide Restricted Access To Backend Server Processor or Data - Systems and methods are provided for providing an application access to an external data source or an external server process via a connection server using an authentication server that has access to an identity map. A credential request is received at the authentication server from the connection server. The credential request includes an identification of the external data source or external server process to be accessed and an account identifier associated with the application or a user of the application. The identity map is searched for a set of credentials associated with both the account identifier and the external data source or external server process. The set of credentials are transmitted from the authentication server to the connection server, for the connection server to establish a connection to the external data source or external server process, where the connection is established without transmitting the set of credentials to the application.09-01-2011
20110225633Data Processing Methods and Systems for Processing Data in an Operation having a Predetermined Flow Based on CAPTCHA (Completely Automated Public Test to Tell Computers and Humans Apart) Data, and Computer Program Products Thereof - Data processing methods and systems for processing data in an operation having a predetermined flow based on CAPTCHA (Completely Automated Public Test to tell Computers and Humans Apart) data are provided. First, a server generates a group of CAPTCHA data according to content of the operation. Then, the server transmits the group of CAPTCHA data to a client via a transmission medium. The client receives the group of CAPTCHA data via the transmission medium, inputs a first data corresponding to the operation using the CAPTCHA data and transmits the first data to the server via the transmission medium for verification, wherein the first data contains at least one CAPTCHA data.09-15-2011
20130152175MULTI-INTERFACE MOBILITY - Techniques for providing access to cloud services via a plurality of different network interfaces of a client device. In accordance with one example, during establishment of a communication session between the cloud computing system and the client device, an interface-independent identifier is provided to the client device via a first of the plurality of different network interfaces. Following determination to establish the communication session via the second network interface, the cloud computing system is configured to maintain a virtual environment associated with the communication session for a period of time. A message is received, via a second of the plurality of different network interfaces, from the client device that includes the interface-independent identifier. In response to the received interface-independent identifier, the communication session is re-established with the client device via the second network interface, thereby enabling access to the virtual environment maintained by the cloud computing system.06-13-2013
20130152177Method and Apparatus for Providing Personal Mobility Features in a Telecommunications Environment - Personal mobility, multiparty control, and device augmentation features are provided within a voice-over-Internet protocol environment, such as a distributed feature composition (DFC) telecommunications architecture. The personal mobility features allow a caller to be identified to a callee using a desired identifier in place of an identifier of the device from which a call is made. Such personal mobility features are made available in multiparty calling environments and after mid-call moves. Device augmentation features provide enhanced calling options to a device that may otherwise be unequipped to provide such options, thus enabling personal mobility and multiparty control features across a wide variety of telecommunications devices.06-13-2013
20130152176SECURE AUTHENTICATION - Apparatus, systems, and methods provide a mechanism to enhance the security of operating client devices with systems controlling secure data. Various embodiments include apparatus and methods to authenticate a communication session between a server and a client device without providing authentication tokens to the client device. Additional apparatus, systems, and methods are disclosed.06-13-2013
20100319057Information Processing Apparatus Capable of Authentication Processing with Improved User Convenience, Control Program for Information Processing Apparatus, and Recording Medium Having Control Program for Information Processing Apparatus Recorded Thereon - Whether box access is made or not is determined. When it is determined that a box region is accessed, a box ID entry screen appears. CPU determines whether a box ID is entered or not. If it is determined that a box ID is entered, then device information is obtained. After the device information is obtained, whether a hardware keyboard is present or not is determined. If it is determined that a hardware keyboard is present, a password authentication screen appears. If it is determined that no hardware keyboard is present, an image authentication screen appears.12-16-2010
20100319056DECREASING LOGIN LATENCY - Systems, methods, and computer-storage media for decreasing web service login latency are provided. Upon a user's initial login to the web service from a web browser, the location of user information is identified. A cookie containing information identifying the location of the user information is generated and stored in association with the web browser. Upon a subsequent login to the web service by the same user, the location information included in the cookie is utilized to direct the user request directly to the correct location, without having to repeat the act of identifying the location, thus providing the user with the desired information more quickly.12-16-2010
20120284779ELECTRONIC DEVICES HAVING ADAPTIVE SECURITY PROFILES AND METHODS FOR SELECTING THE SAME - Adaptive security profiles are supported on an electronic device. One or more security profiles may be automatically or selectively applied to the device based on the device's location and one or more geographic zone definitions. The security profiles may be used to determine the level of authentication or number of invalid authentication attempts for a particular feature or application or set of features or applications.11-08-2012
20110307944DISPATCHING METHOD, DISPATCHING APPARATUS AND DISPATCHING SYSTEM - A dispatching method, a dispatching apparatus and a dispatching system are disclosed according to embodiments of the present invention. The dispatching method includes receiving a request initiated by a user terminal, where the request carries address information of the user terminal; obtaining the address information carried in the request and obtaining key information of an access server associated with the address information; searching for a corresponding node based on the key information of the access server and treating the node as a redirected serving node. A dispatching apparatus and a dispatching system are also disclosed according to embodiments of the present invention. The technical solution of the embodiments of the present invention may well solve the dispatching issue and has a more flexible application.12-15-2011
20110314525Method and System for Exchanging Setup Configuration Protocol Information in Beacon Frames in a WLAN - Certain aspects of a method for enabling exchange of information in a secure communication system may comprise configuring at least one 802.11 client station via authentication enablement information comprising data that specifies a time period during which configuration is allowed. The data that specifies a time period during which configuration is allowed may comprise a configuration window open field, which indicates a period when a configuration setup window is open. At least one client station may be configured via the authentication enablement information comprising recently configured data, which indicates whether at least one configurator has configured at least one other client station within the time period during which the configuration is allowed.12-22-2011
20110314524Authentication system and method - An authentication system includes one or more terminals in communication with a server on a network. The server is operable to receive user login information; and generate an authentication data set having: a plurality of decoy data; an anchor data, wherein the anchor data is based on information from a user profile; and target data in a predetermined relationship relative to the anchor data. The server is also operable to generate a decoy data set having: a plurality of second decoy data; and at least one anchor data. The server may then display the authentication data set and decoy data set and determine an authentication result by performing a predetermined manipulation of the target data. The server may receive a user response to an authentication prompt; and authenticate the user if the authentication result and user response are the same.12-22-2011
20110321142AUTHENTICATION METHOD, AUTHENTICATION GATEWAY, AND DATA GATEWAY - An authentication method is applied in a gateway group comprising an authentication gateway and at least one data gateway. The gateway group receives a connection request from a user terminal, and determines whether there is an authentication record on the user terminal in an authentication list. The gateway group provides access service for the user terminal, if there is the authentication record. The gateway group sends an authentication request to an authentication authorization accounting (AAA) server and receives an authentication response from the AAA server, upon no authentication record. The gateway group provides access service for the user terminal, upon receiving a passing authentication response, and storing as the authentication record. The gateway group rejects the access for the user terminal, upon receiving a denying authentication response.12-29-2011
20130191890METHOD AND SYSTEM FOR USER IDENTITY RECOGNITION BASED ON SPECIFIC INFORMATION - The invention relates to a method and a system for user identity recognition based on specific information, which involves identifying user temporary unique identification associated with specific information based on the specific information, which represents user access to the internet; acquiring user temporary unique identification and user identity information from a communication network side; and associating the user identity information with the specific information based on the user temporary unique identification, wherein the associated information is used for providing the user identity information to the external. The method and system can associate specific information with user identity information based on user temporary unique identification so as to provide internet applications with the user identity information corresponding to the specific information. The internet applications can thereby carry on subsequent actions, such as analysis of user behavior and precision marketing, and can also process user positioning against network security events.07-25-2013
20130191891AUTOMATIC PROVISIONING OF RESOURCES FOR MEETING COLLABORATION - A method may comprise maintaining by a computer system connected to a network an indication of availability dates and times of one or more output devices connected to the network. The computer system may receive an output device invitation indicating an output device to reserve for a meeting conducted over a conferencing system and determine whether the output device is available for reservation during a date and time period of the meeting. The computer system may be communicating over the network to the output device activation information indicating that the output device is to become active at a predetermined date and time related to the date and time period of the meeting and login information including a credential for the output device to use for logging into the conferencing system for the meeting.07-25-2013
20130191892SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT FOR SECURITY VERIFICATION OF COMMUNICATIONS TO TENANTS OF AN ON-DEMAND DATABASE SERVICE - In accordance with embodiments, there are provided mechanisms and methods for security verification of communications to tenants of an on-demand database service. These mechanisms and methods for security verification of communications to tenants of an on-demand database service can enable embodiments to allow tenants to selectively implement security measures with respect to inbound communications, etc. The ability of embodiments to provide such feature may allow tenants to efficiently and effectively implement security measures for in-bound emails.07-25-2013
20130191885SECURE MOBILE INTERFACE ACCESS SYSTEM - A method performed by one or more server devices connected to a mobile device via a network, the mobile device being connected to an electronic device is provided that can include sending, by the one or more server devices and to the mobile device, data initiating a session between the one or more server devices and the mobile device; sending a request for information about the electronic device; receiving the requested information about the electronic device; identifying device credentials for the electronic device and communication protocols for communicating with the electronic device; providing the device credentials for the electronic device and the communication protocols for communicating with the electronic device; automatically gathering information about the electronic device from data stored on the electronic device using the communication protocols and the mobile device; and providing support to the electronic device via the mobile device.07-25-2013
20130191886PROTECTING AUTHENTICATION INFORMATION OF USER APPLICATIONS WHEN ACCESS TO A USERS EMAIL ACCOUNT IS COMPROMISED - An email server provided according to an aspect of the present invention protects authentication information of user applications when access user's email account is compromised. In an embodiment, when an email message directed to a user contains content which provides access to authentication information for accessing a user application implemented external to said email server, the email server requires authentication credentials from the user before providing access to the content. As a result, even if the user's email account is compromised, additional controls are provided to reduce the probability of compromise of access to user applications implemented external to the email server.07-25-2013
20130191887Social network based trust verification Schema - A computationally implemented method includes, but is not limited to: for receiving at a computing device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computing device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computing device a decision associated with the authentication request, the decision based on a trust verification schema generated by relationally mapping the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.07-25-2013
20130191888METHOD, APPARATUS, AND SYSTEM FOR SENDING CREDENTIALS SECURELY - A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed.07-25-2013
20130191889Direct Authentication System and Method via Trusted Authenticators - Fraud and identity theft are enabled by two faulty assumptions about the way that the identity of a person is verified in our society. The first is that someone who demonstrates knowledge of certain items of personal or financial information about a particular person is presumed to be that person. The second assumption, which gives rise to the first assumption, is that these items of information can be kept confidential. Because fraudsters and identity thieves often seek to use their victim's personal and financial information, this invention proposes a direct authentication system and method that does not depend on these assumptions. The proposed method enables businesses to determine whether the customer is truly the person who he says he is by adopting a new “two-factor” authentication technique and authenticating customer's identity utilizing customer's trusted authenticator. A customer's trusted authenticator can be found within the financial services community; in particular, a bank or other financial institution with whom the customer has a trusted relationship, such as a bank account.07-25-2013
20120030737SYSTEM AND METHOD FOR AUTHORIZING A PORTABLE COMMUNICATION DEVICE - Systems and methods of authorizing a portable communication device to access a network resource. In an embodiment, a request to access a network resource is received from a portable communication device via a network. A processor is used to dynamically and selectively determine whether the portable communication device is authorized to access the requested network resource. The determination may be based on a unique identifying attribute associated with the portable communication device without the unique identifying attribute being predefined in a user profile database and without querying the portable communication device or its user for information. If the portable communication device is authorized, it may be allowed to access the network resource. Otherwise, it may be redirected to an authentication system where it may be enabled to submit authentication-related information so that it may be authorized to access the requested network resource.02-02-2012
20120030736AUTHENTICATING A DATA ACCESS REQUEST TO A DISPERSED STORAGE NETWORK - A method begins by a data accessing module of a dispersed storage network (DSN) sending a data access request to a data storage module. The method continues with the data storage module sending an authentication request to an authenticating module. The method continues with the authenticating module outputting a verification request destined for the data accessing module, wherein the verification request includes a verification code that is generated based on the authentication request. The method continues with the data accessing module outputting a verification response that includes a modified verification code that is generated based on the verification code and a credential. The method continues with the authenticating module outputting an authentication response to the data storage module, wherein the authentication response is generated based on the verification response. The method continues with the data storage module facilitating the data access request when the authentication response is favorable.02-02-2012
20120030735COMMUNICATION APPARATUS, RELAY APPARATUS, WIRELESS COMMUNICATION SYSTEM, CONTROL METHOD OF COMMUNICATION APPARATUS, CONTROL METHOD OF RELAY APPARATUS, AND STORAGE MEDIUM - A communication apparatus, which is connected to a relay apparatus, and transmits data to a server apparatus connected via the relay apparatus, includes a determination unit which determines whether the communication apparatus or the relay apparatus holds authentication information used in authentication processing required to access the server apparatus, a decision unit which decides, according to the determination result, a transmission method required to transmit the data by controlling an authentication processing unit of the apparatus that holds the authentication information to execute the authentication processing, and a transmission unit which transmits the data by the decided transmission method.02-02-2012
20130198817ENABLING SEAMLESS OFFLOADING BETWEEN WIRELESS LOCAL-AREA NETWORKS IN FIXED MOBILE CONVERGENCE SYSTEMS - Methods and apparatus for facilitating access to public wireless access points in a fixed-mobile convergence system. A mobile terminal is pre-provisioned with one or more security parameters corresponding to one or more WLAN access points that the mobile terminal might need to access should a current WLAN access point fail or otherwise become unreachable. The WLAN access points are similarly pre-provisioned with a security parameter corresponding to the mobile terminal. With these pro-provisioned security parameters, the mobile terminal and any one of the potential target WLAN access points conduct an abbreviated authentication process in the event that a switch-over becomes necessary.08-01-2013
20130198819EFFICIENTLY THROTTLING USER AUTHENTICATION - In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.08-01-2013
20130198820SYSTEM FOR MANAGING USED RESOURCES IN GUEST ROOM - Disclosed is a system for managing a guest room. The system for managing a guest room includes a guest room management server and a terminal The guest room management server, which is connected to the terminal, controls the resource control device in order to provide resources such as electricity, water, gas, and wireless/wired network to the guest room associated with the terminal. The guest room management server checks the connectivity of the terminal, and stops the supply of resources to the guest room when the terminal is disconnected. The terminal receives information on the cost or the volume of the resources used during the period that the terminal was connected. The user can easily see the information on the resources that have been used while using the guest room, which reduces the chance of disputes related to the cost of the resources used.08-01-2013
20130198818Logout From Multiple Network Sites - Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions.08-01-2013
20120304261PUBLICLY AVAILABLE PROTECTED ELECTRONIC MAIL SYSTEM - A secure messaging system provides a secure messaging exchange service to identified users.11-29-2012
20120084843CONVERGED LOGICAL AND PHYSICAL SECURITY - A security management system that includes a hierarchical security platform, converged IT and physical security management, unified credentialing, credential issuance and incident(s) management. An exemplary aspect of the invention also relates to physical and logical security management and information technology/network security management, with a credential issuance and integrity checking system as well as associated readers and printers of the credential. Still further aspects of the invention relate to obtaining, assembling and analyzing one or more of data, video information, image information, biometric information, sensor information, terrorist information, profile information, and/or other types of information to provide a comprehensive platform for all aspects of security management. A toolkit is also provided that allows complete management, integration, scalability, interoperability and centralized control of all aspects of security including personnel credentialing, personnel management, personnel tracking, task management, security system integration, security information exchange and scalability.04-05-2012
20120096524METHOD AND SYSTEM FOR FAST ACCESS TO ADVANCED VISUALIZATION OF MEDICAL SCANS USING A DEDICATED WEB PORTAL - A system for viewing at a client device a series of three-dimensional virtual views over the Internet of a volume visualization dataset contained on centralized databases employs a transmitter for securely sending volume visualization dataset from a remote location to the centralized database, more than one central data storage medium containing the volume visualization dataset, and a plurality of servers in communication with the centralized databases to create virtual views based on client requests. A resource manager load balances the servers, a security device controls communications between the client device and server and the resource manager and central storage medium. Physically secured sites house the components. A web application accepts at the remote location user requests for a virtual view of the volume visualization dataset, transmits the request to the servers, receives the resulting virtual view from the servers, and displays the resulting virtual view to the remote user.04-19-2012
20120096523METHOD AND APPARATUS FOR LINKING MULTIPLE CONTACT IDENTIFIERS OF AN INDIVIDUAL - Techniques for linking multiple contact identifiers of an individual include receiving first data that indicates contacts of a first user at first services. Contact identifiers for a different second user at second services are determined based at least in part on the contacts. Second data that indicates an association among the second user and the candidate contact identifiers is sent to the first user. In some embodiments on a client, techniques include determining to send first data that indicates contacts of a first user at first services; and receiving second data. The second data indicates an association among a different second user and candidate contact identifiers for the second user at second services based at least in part on the contacts. A prompt is presented for the first user to approve an association between the second user and a candidate contact identifier.04-19-2012
20130212653SYSTEMS AND METHODS FOR PASSWORD-FREE AUTHENTICATION - Various systems and methods for implementing password-free authentication are described herein. A request to access a network resource is received at a server, from a client device. The request is verified, and an authentication reservation is created for the device, with the authentication reservation allowing the device to access the network resource. Later, when an attempt to access the network resource is received, the attempt is granted access to the network resource in response to matching information contained in the attempt with information stored in the authentication reservation.08-15-2013
20130212654SYSTEM AND METHODS FOR PROFILING CLIENT DEVICES - Systems and methods are provided for providing generating and managing profiles. Such systems and methods may be implemented to control access to a function of a web server or site based on a level of trust associated with a user or device profile. According to one exemplary method, session information associated with a request to access a function of a web server is identified. At least one processor determines whether the request is associated with a trusted device profile based on the at least the session information. Access to the requested function is provided when the request is associated with a trusted device profile.08-15-2013
20130212655EFFICIENT PREVENTION FRAUD - This disclosure is directed to methods and systems for managing difficulty of use and security for a transaction. A transaction manager operating on a computing device may determining a range of possible steps for a transaction comprising security measures available for the transaction. The transaction manager may identify a threshold for a security metric to be exceeded for authorizing the transaction, the security metric to be determined based on performance of steps selected for the transaction. The transaction manager may select for the transaction at least one step from the range of possible steps, based on optimizing between (i) a difficulty of use quotient of the transaction from subjecting a user to the at least one step, and (ii) the security metric relative to the determined threshold, the optimization including a preference for inclusion of a step for liveness detection or biometric deterrence if available.08-15-2013