Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Usage

Subclass of:

726 - Information security

726002000 - ACCESS CONTROL OR AUTHENTICATION

726003000 - Network

726005000 - Credential

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20120266227VERIFICATION AND AUTHENTICATION SYSTEMS AND METHODS - Embodiments of the present invention provide verification and/or authentication service engines that provide a customizable solution that can be “dialed” based on the risk level assigned to individual or grouped applications. The systems can also incorporate internal and external sources of data used to verify information provided by the user. It is dynamic and can pull information from a myriad of sources during the verification process, enabling credit reporting agencies (e.g., Equifax and others), FSPs, and other service providers to facilitate real-time approval and access to products and services.10-18-2012
20120266225NETWORK SYSTEM OF PROJECTOR - A network system of a projector is provided in which a network connection is established between a plurality of information terminal apparatus and the projector, and an image data file owned by an information terminal apparatus can be commonly used. A network system of a projector is arranged by an information terminal apparatus and a projector connectable to the information terminal apparatus via a network. The information terminal apparatus is arranged by a personal computer which supplies image data to the projector, and personal computers which are connected to this personal computer by a wireless manner When the network connection is established between the personal computer and the projector, and when the network connection between the personal computer and the personal computers is established, the image data is commonly used among these personal computers.10-18-2012
20120266223METHOD AND APPARATUS FOR PROVIDING MACHINE-TO-MACHINE SERVICE - A method and an apparatus for providing service are provided. A method of providing service by a Machine-to-Machine (M2M) device includes transmitting a request for a first authentication to a Network Security Capability (NSEC), the request for the first authentication including an identifier of the M2M device, performing an Extensible Authentication Protocol (EAP) authentication with the NSEC, and generating, if the first authentication is successful, a secret key using at least one of a Master Session Key (MSK) and the identifier of the M2M device.10-18-2012
20130047238METHOD FOR PROVIDING ACTIVE SECURITY AUTHENTICATION, AND TERMINAL AND SYSTEM SUPPORTING SAME - Disclosed herein are a method for providing active security authentication, and a terminal and system for supporting the same. The terminal includes a storage unit, a display unit, an input unit and a control unit. The control unit arranges a plurality of keys through an arrangement of random numbers when a security execution condition is satisfied, outputs, to the display unit, a security authentication screen based on a random-number matrix in which at least some keys in key regions adjacent to an item key among the plurality of keys arranged by the arrangement of the random numbers are set to exception keys that a user must not press, and decide that the terminal is used for an illegal use when the exception keys are included in an input information generated through the input unit.02-21-2013
20130047237PASSWORD SECURITY INPUT SYSTEM USING SHIFT VALUE OF PASSWORD KEY AND PASSWORD SECURITY INPUT METHOD THEREOF - The present invention relates to a password security input system which performs authentication through input of a security password key which is obtained by applying a shift value to an actual password key, and a password security input method thereof. According to the present invention, a password security input system is configured with a user terminal comprising: a password setting module for receiving and storing an actual password which is inputted during the initial setting by a user; an input window generating module for generating an input window in which key buttons are randomly disposed in every instance where a password is inputted; a password input module for receiving keys of a security password which are position-changed by applying the same shift distance to the key positions of the actual password in the input window displayed on a screen; and a password authentication module for comparing a key shift value of the pre-stored actual password with a key shift value of a security password inputted by a user on the basis of the input window, and determining that password authentication is in success when the two key shift values are the same. According to the present invention, even if a security password is exposed to a third person, the user can maintain the actual password with a sound mind.02-21-2013
20130047236AUTHENTICATION SYSTEM AND METHOD THEREOF - The invention relates to a system and method for authentication of subscribers of a system (02-21-2013
20130047235Authenticating a rich client from within an existing browser session - A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.02-21-2013
20130031618Reverse Seamless Integration Between Local and Remote Computing Environments - Methods and systems for transparent user interface integration between remote (“published”) applications and their local counterparts are described, providing a seamless, unified user experience, and allowing integration of a start menu, dock, taskbar, desktop shortcuts, windows, window and application switching, system tray elements, client-to-host and host-to-client file type association, URL redirection, browser cookie redirection, token redirection, status message interception and redirection, and other elements. These methods and systems further enhance theme-integration between a client and remote desktop or virtual machine by remoting all UI elements to a recipient for generation, including text controls, buttons, progress bars, radio buttons, list boxes, or other elements; presenting them with the receiver's product and OS-specific UI; and returning status back to the sender. This may achieve a more unified and transparent UI integration. Furthermore, storage resources, printer resources, and identity-based resources may be integrated using a reverse seamless user interface.01-31-2013
20130031617SYSTEM AND METHODS FOR USE IN COMMUNICATING WITH AN ENERGY MANAGEMENT DEVICE IN AN ENERGY DEVICE NETWORK - System, method, and computer-readable instructions for use in communicating with an energy management device in a network that comprises one or more energy devices. First search results are created by searching for devices associated with a first energy management device identifier using a first discovery protocol. Second search results are created by searching for devices associated with a second energy management device identifier using a second discovery protocol. The first and second search results are combined to create a collection of candidate devices, and at least one candidate device of the candidate devices is validated to determine whether the candidate device is an energy management device.01-31-2013
20100050244Approaches for Ensuring Data Security - Techniques for protecting resources of a client from theft or unauthorized access. A BIOS agent stores policy data within a BIOS of the client. The BIOS agent is one or more software modules operating in the BIOS of the client. The policy data describes one or more security policies which the client is to follow. In response to the client following at least one of the one or more security policies, a persistent storage medium of the client is locked by instructing a controller of the persistent storage medium to deny, to any entity, access to data stored on the persistent storage medium unless the entity supplies, to the controller, a recognized authentication credential. In this way, a malicious user without access to the recognized authentication credential cannot access the data stored on the persistent storage medium, even if the persistent storage medium is removed from the client.02-25-2010
20110191839Image forming apparatus, input control method, input control program, and storage medium - Inputs from multiple input devices including an internal input device 08-04-2011
20100011429Secure on line accounts (SOLA) system using cell phones and other wireless devices - This invention describes a cell phone, or other wireless device (henceforth known as “device”), to transmit sound (audible and inaudible) alphanumeric code in any language, special characters or symbols or graphic or pictures or videos or any combination thereof, to an on-line account at a web server that is equipped with a compatible digital transceiver card and software driver and/or firmware for the operation, management and maintenance of this system. Upon verification of the transmitted code or sound, by the web server, access is granted. The said server then transmits a randomly selected new code of any combination of the codes or sounds stated above to the device for storage. The said transmission from the web server cannot be stored in any other device. The device has a menu item and/or numeric code for each on-line account of the user.01-14-2010
20130086661TECHNIQUES FOR CLIENT CONTRUCTED SESSIONS - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.04-04-2013
20110202986IDENTITY MANAGEMENT SYSTEM - A system comprising an IMS network (08-18-2011
20110202985AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AND SUB-AUTHENTICATION SERVER - An authentication server transmits authentication information used to authenticate the transmission origin of an authentication request, to a sub-authentication server, when receiving the authentication request. The authentication server transmits identification information to identify the sub-authentication server to which the authentication information is transmitted, to a terminal. The terminal includes a transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request and transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit. The terminal updates the identification information using the identification information, when receiving the identification information. The sub-authentication server includes an authentication information storage unit that stores the authentication information transmitted from the authentication server to the sub-authentication server, and authenticates the transmission origin of the authentication request using the stored authentication information, when receiving the authentication request.08-18-2011
20110202984METHOD AND SYSTEM FOR MULTIPLE PASSCODE GENERATION - This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge.08-18-2011
20110202982Methods And Systems For Management Of Image-Based Password Accounts - The invention provides methods and systems for management of image-based password accounts. A password management account may be accessed by a user undergoing image-based authentication. The invention may allow a user to manage parameters relating to image-based authentication. The invention may also allow a user to manage authentication at one or more web site.08-18-2011
20120180118Method and System for Transmitting Authentication Context Information - A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.07-12-2012
20120180115METHOD AND SYSTEM FOR VERIFYING A USER FOR AN ONLINE SERVICE - A system and method for verifying a user of an online or web service. According to an embodiment, a web page is provided to user for capturing an image of the user together with an embedded verification code. The captured image is provided to a verifier agent and the embedded verification code is compared to an original verification code associated with the user. If there is a match, the user is verified and an account can be created for the user. If there is no match, then the user can be rejected or the verification can be escalated to review by a supervisory agent. According to an embodiment, the embedded verification code comprises a visual representation of the code on a substrate that has been mechanically manipulated.07-12-2012
20100115597COMPUTER READABLE MEDIUM, IMAGE PROCESSING SYSTEM, AND IMAGE PROCESSING DEVICE - The present invention is intended to optimize reference data to be used in biometric authentication, and to reduce the incidence of false authentication in actual biometric authentication compared to conventional biometric authentication. In order to achieve this, a computer readable medium on which a program causing said computer to operate as a system is stored comprising: a biometric information acquisition part 05-06-2010
20130086668GROUP SECURITY IN MACHINE-TYPE COMMUNICATION - If the related secure communication method is applied to the system which includes a plurality of the MTC devices, traffic in a network would increase in proportion to the number of MTC devices. A disclosed communication apparatus is connected to a network and a plurality of communication terminals, and includes: a group information sending unit for sending group information, which is received from the network; an access control unit for 1) receiving a reply from the communication terminal(s) which responded to the group information and 2) sending the reply to the network; and a temporary identifier and group key sending unit for sending a temporary identifier and a group key to the communication terminal which responded to the group information, when the communication apparatus received the temporary identifier and the group key from the network.04-04-2013
20130086667METHOD AND SYSTEM FOR PROVIDING LOGIN AS A SERVICE - Systems and methods are provided for providing login as a service. A system receives, via a customer server, a request from a user computer to login to a customer application provided by the customer server. The system outputs a login form to the user computer, receives a modified login form from the user computer, and determines whether the modified login form enables the user computer to login to the customer application. If the modified login form enables the user computer to login to the customer application, the system notifies the customer server that the modified login form enables the user computer to login to the customer application.04-04-2013
20130081123IP Multimedia Subsystem User Identity Handling Method and Apparatus - A method of enabling users of a third party Internet service, who are not necessarily subscribers of an IP Multimedia Subsystem, IMS, network, to access services provided by the IMS network. The method comprises registering a user with said third party Internet service via the Internet using an Internet service identity of the user, and sending to the user, from said third party Internet service and via the Internet, IMS network access information. The access information is then used to register the user with the IMS network, wherein, following IMS registration, the user is able to access IMS network services.03-28-2013
20130081120INCREASED SECURITY FOR COMPUTER USERID INPUT FIELDS - A computer determines whether current location information of the computer indicates that the computer is at a home location. The computer determines a minimum number of characters to be entered by a user into a userID field to cause the computer to automatically display previously entered userIDs based on whether the computer is located at a home location. If fewer than the minimum characters are entered, previously entered userIDs are not displayed. Location information can be based on one or more of: wi-fi signal strengths, cell tower signal strengths and signal arrival timing information, whether the network connection is wireless or Ethernet cable, the wireless protocol, whether a wi-fi connection is secured or public, whether the computer is a mobile device, and satellite navigation system location.03-28-2013
20130081119MOBILE DEVICE-BASED AUTHENTICATION - Mobile device-based authentication is disclosed. A first biometric input corresponding to a first biometric feature of the user is captured on the mobile device. A first set of biometric data is derived from the captured first biometric input. The first set of biometric data is transmitted to a remote authentication server. Thereafter, a secondary authentication instruction is transmitted to the site resource in response. Access to the site resource is permitted based upon a validation of the first set of biometric data, and a second biometric input that is captured on the site resource in response to the secondary authentication instruction received thereon. The first set of biometric data and the second set of biometric data are validated by remote authentication server substantially contemporaneously.03-28-2013
20130081124TRUSTING AN UNVERIFIED CODE IMAGE IN A COMPUTING DEVICE - A method and an apparatus for configuring a key stored within a secure storage area (e.g., ROM) of a device including one of enabling and disabling the key according to a predetermined condition to execute a code image are described. The key may uniquely identify the device. The code image may be loaded from a provider satisfying a predetermined condition to set up at least one component of an operating environment of the device. Verification of the code image may be optional according to the configuration of the key. Secure execution of an unverified code image may be based on a configuration that disables the key.03-28-2013
20130081122A Method, Device and System for Secure Transactions - A method for operating a security device comprises receiving a request for a transaction from a programmable device executing an application obtained from an application controlling institute, and verifying a validity of the transaction. A user is alerted, in which the user indicates an acceptance of the request. A one-time identifier is generated. The one-time identifier comprises a security device identification, a transaction number, a date and a time. The one-time identifier is communicated to the programmable device, in which the application verifies a validity of the security device identification and instructs the programmable device to communicate the one-time identifier and transaction to the application controlling institute for processing. The application controlling institute verifies validity of the one-time identifier and processes the transaction, wherein said security device, application programmable device and application controlling institute securely processes the transaction.03-28-2013
20130081121CONNECTION OF PERIPHERAL DEVICES TO WIRELESS NETWORKS - Methods and an apparatus to connect a peripheral device to a wireless network access point are provided herein. A host device associated with a wireless network access point stores and obtains a set of wireless credentials related to a wireless network formed by the wireless network access point. The host device opens a connection between the host device and the peripheral device to transmit the set of wireless credentials from the host device to the peripheral device. The host device identifies the peripheral device over the wireless network access point.03-28-2013
20130086666METHOD AND COMPUTER SYSTEM FOR PROVIDING TIME RATIO-BASED PASSWORD/CHALLENGE AUTHENTICATION - Providing registration for password/challenge authentication includes receiving an access code or pattern inputted by a user, recording a time message associated with each component of the access code or pattern via a processor, generating a data record in combining each component of the access code or pattern with the associated time message, and storing the data record.04-04-2013
20130086665SYSTEM AND METHOD FOR CLONING A Wi-Fi ACCESS POINT - Systems and methods for cloning a Wi-Fi access point. A determination is made by a network monitoring device to transition communications between a Wi-Fi device and a first access point (AP) to a second AP. The SSID and the security configuration information, and, optionally, network address translation (NAT) information of the first access point are acquired and provided to a second AP. The second AP instantiates the SSID and the security configuration information and, optionally, the NAT information. The networking monitoring device directs the first AP to cease using the SSID and the security configuration information and, optionally, the NAT information in response to receipt of confirmation that the second AP has instantiated the SSID and the security configuration information and, optionally, the NAT information of the first AP.04-04-2013
20130086664SYSTEM AND METHOD FOR AUTHENTICATING A REQUEST FOR ACCESS TO A SECURED DEVICE - A method for authenticating a request for access comprises monitoring one or more ambient transmissions present in a local environment, analyzing the one or more ambient transmissions to create a characterization thereof, and transmitting information configured to instruct a security token regarding characteristics of an adapted transmission protocol based on the characterization. The adapted transmission protocol is configured for decreasing a likelihood of interference by the one or more ambient transmissions with reception of an authentication transmission from the security token. An authentication transmission comprising authentication information is received from the security token, and the security token is authenticated based on the authentication information. In response to a request for access, a signal is transmitted to a controller indicating the request is authentic. A system for authenticating a request for access comprises a secured device configured for use with a security token and for monitoring one or more ambient transmissions.04-04-2013
20130086663KEY DERIVATION TECHNIQUES - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.04-04-2013
20130086662PARAMETER BASED KEY DERIVATION - Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information that, as a result of being used to generate the keys, renders the generated keys usable for a smaller scope of uses than the secret credential. Further, key generation may involve multiple invocations of a function where each of at least a subset of the invocations of the function results in a key that has a smaller scope of permissible use than a key produced from a previous invocation of the function. Generated keys may be used as signing keys to sign messages. One or more actions may be taken depending on whether a message and/or the manner in which the message was submitted complies with restrictions of the a key's use.04-04-2013
20090172794LOCATION BOUND SECURE DOMAINS - A method, apparatus, and electronic device with secure operation based on geography are disclosed. A positioning mechanism 07-02-2009
20130042310METHOD AND SYSTEM FOR AUTOMATIC AUTHENTICATION - A system and method for automatic authentication includes automatically calculating a security code on a computer running a security program. The security program resides on the same computer as a web browser. In response to a user signing into a web based account on a web site accessed by the web browser, automatically verifying that the security program is registered with the web based account. In response to a second factor security code entry request on the web based account, automatically entering the security code into the web based account. The security code is transmitted to the web site transparently to the user for login.02-14-2013
20130042313KEY DERIVATIVE FUNCTION FOR NETWORK COMMUNICATIONS - Systems, methods, and other embodiments associated with deriving group keys used to securely communicate in a wireless mesh network are described. According to one embodiment, a controller, for calculating group keys used to secure communications to a plurality of remote devices in a network, includes a key logic configured to calculate a group key by using a group master key and unique information about a remote device of the plurality of remote devices. The plurality of remote devices are configured in a mesh topology. The group key is for securing communications with the remote device. The controller also includes a communication logic configured to secure a communication by using the group key. The communication is to be transmitted to the remote device.02-14-2013
20130042312AUTHENTICATION IN A SMART THIN CLIENT SERVER - In a first embodiment of the present invention, a method for starting a session between a user and a smart thin client server is provided, wherein the smart thin client server permits users to create, manage, and deploy enterprise applications, the method comprising: receiving a request to initiate a session from a user, wherein the request does not include log-in credentials; selecting an anonymous account from a pool of anonymous accounts; obtaining credentials from the anonymous account; and establishing a session for the user using the credentials from the anonymous account.02-14-2013
20130042311MULTI-STEP CAPTCHA WITH SERIAL TIME-CONSUMING DECRYPTION OF PUZZLES - A system and method for implementing a multi-step challenge and response test includes steps or acts of: using an input/output subsystem for presenting a series of challenges to a user that require said user to correctly solve each challenge before a next challenge is revealed to the user; receiving the user's response to each challenge; and submitting a last response in the series of challenges to a server for validation. The method further includes: using a processor device configured to perform for each challenge in the series of challenges: internally validating the response by comparing the user's response to a correct response; and using the user's response, decrypting the next challenge to reveal the next challenge; wherein the next challenge remains obfuscated until a previous challenge is correctly solved.02-14-2013
20130139239DUAL CODE AUTHENTICATION SYSTEM - A verification method and system are disclosed that verify a user. The user is provided a verification code via, for example, a website, to be communicated to a provided electronic contact via a secondary mode of communication, such as through an SMS-enabled device. If the correct verification code is communicated by the user, the user receives a return message (e.g., a return SMS message) containing a second verification code, which the user submits to a website or on-line form or to another verification system for authentication.05-30-2013
20100043064Method and system for protecting sensitive information and preventing unauthorized use of identity information - This invention features a method and system for protecting sensitive information and preventing the unauthorized use of identity information by third parties. Virtual identifiers that identify an information holder whose sensitive information is involved in the process, are dynamically created by an entity called processing entity. The virtual identifiers are usually linked to a static identity of the information holder through a data management mechanism, such as a database system. A virtual identifier could serve for multiple functions. Usually, validity attributes that indicate when and for how long a virtual identifier is valid for the different functions, are associated with the virtual identifier. When the information holder interacts with a third party in a process that involves the information holder's sensitive information, the information holder uses virtual identifiers. Then, through a device connected to a network including wireless devices, telephone or a mail service, the party either passes along the virtual identifiers to other parties or submits requests along with the virtual identifiers to the processing entity which could map the virtual identifiers to the static identity information and uses the static information to realize the requests.02-18-2010
20100325709Method to store and distribute digital entertainment media data on a portable non-volatile solid-state storage device with a customer pre-selected security indentifier and content management system - A new method for storing and distributing Digital Entertainment Media Data like movies, (or indeed, other media content such as games, software, electronic books, audio books, documents, educational material and other formats of binary or source code), on a portable non-volatile solid-state storage device in a permanent or non-permanent state.12-23-2010
20090158411Method and system for enabling remote access to a computer system - Method and systems configured for allowing a non-local remote user to access a computer system with a particular authorization level. Such access is facilitated by examining non-local directory services group memberships of the user and performing a mapping of the user's identity to a corresponding universal local user account that have the proper authorization level or levels. Such methods and systems allow any number of non-local remote users access to the computer system in such a way that the remote user assumes the identity of (i.e., is mapped to) a corresponding universal local user account of an appropriate privilege level. All non-local remote users that the computer system determines to be of the same privilege level will share the identity of the same universal local user account.06-18-2009
20090158410NETWORK SYSTEM, ITS CONTROL METHOD, AND PROGRAM - The invention provides a network system which can prevent an illegal access to a network or the like set in a specific area and improve security of the network. The network system permits the entering of the user into a security area in accordance with security information (user ID) read out of a contactless IC in a carrying ID card by an entering/leaving room managing apparatus and registers an MAC address of a notebook computer carried by the user when he enters the security area to a managing server as ID information corresponding to the user ID. When a leaving request of the user is received through the entering/leaving room managing apparatus, the network system deletes the registered ID information and restricts connection between the notebook computer and the network on the basis of a registration situation of the ID information to the managing server.06-18-2009
20100107233METHOD, SYSTEM, AND APPARATUS FOR IDENTIFICATION NUMBER AUTHENTICATION - A computer based method of authentication including the steps of displaying a field operatively arranged for entry of data representative of a mathematical function of digits in a person's Social Security Number and displaying instructions to the person indicating a specific mathematical function to be performed by the person to arrive at the representative data, performing the specific mathematical function of digits in the person's Social Security Number, and comparing a result of the performing the specific mathematical function of digits in the person's Social Security Number with the received data representative of the mathematical function of digits in the person's Social Security Number to authenticate the person's identity.04-29-2010
20100107232COMMUNICATION PROTOCOL SYSTEM AND METHOD FOR A DISTRIBUTED-ARCHITECTURE HEATING, VENTILATION AND AIR CONDITIONING NETWORK - The disclosure provides an HVAC data processing and communication network and a method of manufacturing the same. In an embodiment, the network includes a user interface and a system device. The user interface is configured to publish a privilege request message to a data bus. The system device is configured to receive messages via the data bus and to store configuration data in nonvolatile memory. The system device is further configured to enable a privileged operating mode not normally available to a user of the network in response to the privilege request message.04-29-2010
20100107231FAILURE INDICATION - Methods and network node in a network for receiving a network access request related to a subscriber via at least one external network interface and treating the network access request by using at least a first function and second function. A failure indication related to the subscriber is obtained from at least one of the first function or the second function. The network access request is thereafter denied by sending an access result via the external network interface. The access result comprises a cause of failure indicating the at least one of the first function or the second function as a source for the failure. The first and second functions may be, for instance, an AAA function and a DHCP function.04-29-2010
20100024019Authentication - User authentication is based on a home network user database that authenticates users to external service providers. A user logs into home network and starts accessing the external service by clicking on a link labelled for the external service provider. The link is directed to script at a home server. The script causes the home server to obtain details related to the user from a home network user database. The home server passes information related to the user to a foreign server associated with the service provider. Based on the passed information, the foreign server grants or denies authentication of the user to the external service. If granting, the foreign server provides the home server with access data and the home server forwards the access data to the user so that the user can initialise an authorised external service session using the access data.01-28-2010
20100095361Signaling security for IP multimedia services - An apparatus in one example has: a predetermined tunnel that operatively couples a UE and a firewall; and the predetermined tunnel structured to convey at least signaling messages. The embodiments according to the present method and apparatus provide a solution for signaling security of IP multimedia services that is compatible with firewalls. For example, such embodiments establish an IPsec or SSL/TLS tunnel between the UE and the firewall, instead of an end-to-end IPsec or SSL/TLS connection between the UE and the CSCF.04-15-2010
20120167189PSEUDONYMIZED AUTHENTICATION - An OT or Oblivious Transfer protocol is used to output pseudonym tokens from a list of pseudonym tokens to user entities such that it is possible to obtain pseudonymized authentication by a preceding verification of proof of identity of the respective user entities and marking pseudonym tokens as used as soon as the same are used for authentication by means of the OT protocol after the output.06-28-2012
20120167188USER IDENTITY ATTESTATION IN MOBILE COMMERCE - A method, apparatus, system, and computer program product for user identity attestation in mobile commerce. The method may include obtaining a photograph of a user of a mobile device via a camera integrated with the mobile device; identifying a first set of fiducial points from the photograph; causing the first set of fiducial points from the photograph to be compared to a second set of fiducial points associated with an authorized user of the mobile device; and determining that the user is the authorized user if the first set of fiducial points matches the second set of fiducial points.06-28-2012
20130047233DATA MANAGEMENT WITH A NETWORKED MOBILE DEVICE - A tool for establishing a wireless connection from a mobile device to another device in proximity to the mobile device. The mobile device receives requests for data, such as a user profile, medical records, etc. from the device. The mobile device has the ability to register/preapprove the requesting device allowing the device to access the requested data. The mobile device also has the ability to give varying devices different authorization levels. The mobile device has the ability to store the data on another system, and in response to the request, validate the requesting device and the device's authorization level, request the data from the other system through a network, and return the data to the requesting device.02-21-2013
20130047234METHOD AND DEVICE FOR PROPAGATING SESSION MANAGEMENT EVENTS - A method for propagating session management events between a plurality of machines forming a machine cluster includes generating, with a session management user interface, a session management event on a first machine of the machine cluster; detecting, with an installment of the interface, the generated event; sending, from the installment to a first security service related to the first machine, a set of specific information that is related to the detected event; determining, with the first security service, a set of target machines; sending the specific information from the first security service to target security services that are related to the target machines; and processing the specific information at each target security service of the target machines so as to execute, on each target machine that has received the specific information, the session management event generated on the first machine.02-21-2013
20130047231METHOD AND APPARATUS USING A CAPTCHA HAVING VISUAL INFORMATION RELATED TO THE CAPTCHA'S SOURCE - Disclosed is a method for visual verification a Captcha's source. In the method, a Captcha is served to a user. The Captcha includes visual information related to a characteristic of a source of the Captcha and related to a puzzle question of the Captcha. The visual information is for visual verification by the user of the Captcha's source. A response is received from the user based on the served Captcha. A determination is made as to whether the received response is a solution of the puzzle question of the served Captcha.02-21-2013
20130047232MULTIPLE AUTHENTICATION MECHANISMS FOR ACCESSING SERVICE CENTER SUPPORTING A VARIETY OF PRODUCTS - A service center receives first media data from a mobile device over a network, the first media data including at least one of an image and a voice stream presenting an identity of a user associated with the mobile device. The first media data was captured via at least one of a camera and a voice recorder of the mobile device. The user is authenticated by matching the first media data against second media data stored in the service center. The second media data has been previously registered with the service center, where the service center provides support services for a plurality of products on behalf of a plurality of product providers. Upon having successfully authenticated the user, support services are provided to the user for a product that has been registered with the service center by the user on behalf of a vendor.02-21-2013
20130047230BUILDING DATA SECURITY IN A NETWORKED COMPUTING ENVIRONMENT - In general, embodiments of the present invention provide an approach for providing a multi-tenant/customer partition group separator and securer in a shared cloud infrastructure (e.g., as an extension to DB2®, Label-Based Access Control (LBAC), and/or an independent tool). Among other things, embodiments of the present invention provide cloud administrators with an easy to use customizable, configurable security constraint builder/tool with a built-in multi-tenant/customer enabled security model. Moreover, embodiments of the present invention enable cloud administrators to set up, configure, and manage tenants/customers and their private shards with their own security constraints. The output of this tool greatly eases the time to create an invisible (e.g., software) wall of separation for multiple tenants/customers in a shared cloud infrastructure.02-21-2013
20130047229PLAY TIME DISPENSER FOR ELECTRONIC APPLICATIONS - Systems, methods, devices, and computer program products are described for controlling access to electronic applications by a user. A request may be received (e.g., from a user) to access an electronic application. The availability of points, credits, or time for the particular user may be determined, and access to the electronic application granted or denied based on the determination. User identity may be verified through biometric data, with such verification repeated at periodic or random intervals. Access may be restricted based on a permission level of a particular authority that has responsibility for all or a portion of the user's activities during a particular time period. Access may also be restricted based on the location of the user at the time of the access request.02-21-2013
20130047228METHOD AND APPARATUS FOR TOKEN-BASED ATTRIBUTE AGGREGATION - According to one embodiment, an apparatus may store a plurality of tokens. The apparatus may receive a subject token indicating an attempt to authenticate a user. The apparatus may determine at least one token-based rule based at least in part upon a token in the plurality of tokens and the subject token. The at least one token-based rule may indicate a plurality of attributes required to access a resource. The apparatus may determine a second plurality of attributes represented by the plurality of tokens and the subject token. The apparatus may determine at least one missing attribute, which may be in the plurality of attributes but not in the second plurality of attributes. The apparatus may then request the at least one missing attribute, and in response, receive at least one token representing the at least one missing attribute.02-21-2013
20130047227METHOD AND SYSTEM FOR AUTOMATED USER AUTHENTICATION FOR A PRIORITY COMMUNICATION SESSION - An approach is provided for automated user authentication for a priority communication session. An authentication platform receives a session request for establishing a priority communication session over a data network between a user device and a service platform. The authentication platform determines network information and device information associated with the session request and the user device, respectively. The authentication platform further determines user history information regarding one or more prior communication sessions of a user of the user device. The authentication platform authenticates the user based on the network information, the device information, and the user history information for establishing the priority communication session.02-21-2013
20090313685Method and System for Instant Messaging - The present invention provides an instant messaging method to establish a corresponding relationship between a browser application and a message port of an instant messaging server; start the browser application to establish a session with the message port of the instant messaging server; and, through the session, send to the instant messaging server an instant message intended to a communication party and receive from the instant messaging server an instant message sent by the communication party. Using the instant messaging server to provide a message port to a browser application enables a user who does not have instant messaging tools installed to do instant messaging with another party which has instant messaging tools installed, by simply starting the browser application. The invention significantly improves the convenience and user participation in instant messaging. Especially in electronic commerce, the present invention increases the extent of instant messaging between sellers and buyers while keeps it quick and easy for buyers, and expedites the electronic transactions.12-17-2009
20090165105METHOD AND APPARATUS FOR COMMUNICATING BETWEEN A USER DEVICE AND A USER DEVICE LOCATING MODULE TO ALLOW A PARTNER SERVICE TO BE PROVIDED TO A USER DEVICE - A system and method for communicating between a user device locator module and a user receiving device includes forming a secure connection with the user device locator module. The user receiving device communicates user identifier data and port data to the user device locator module. An authentication module authenticates the user data from the user device locator module and generates an authentication signal. The user device locator module registers the port data at the user device locator module in response to the authentication signal.06-25-2009
20090307765AUTHENTICATING USERS AND ON-LINE SITES - A method and system enables a user and/or an on-line site to be authenticated by comparing a received password with an expected password, transmitting a new password if the received and expected passwords match, and authenticating a communication if the new password matches what is expected by the on-line site. The initially received password may be distorted, such as with CAPTCHA.12-10-2009
20090307764Biometric Authenticaton System and Method with Vulnerability Verification - A biometric authentication device has a threat of an attack of pretending to be someone else by such as forgery. The present invention supports a service provider to appropriately decide the level of such threat.12-10-2009
20090113532LOCATION-TARGETED ONLINE SERVICES - Described are various implementations of location-targeted online services. When a user accesses the Internet from a supported location, he'll be able to use premium or exclusive online services (premium content, member-only discounts etc.) for free and without going through an elaborate subscription process. The location owner may promote these services before the user enters the location. Example: in addition to mentioning “free Internet”, the hotel owner can attract new customers by mentioning “free Netflix movies” or “free access to premium content, from Zagat reviews to stock reports”. It allows the location owner to utilize a network (WIFI) service provider as a means of increasing its core business and not just as a source of incremental advertisement income.04-30-2009
20090106828DEVICE ADMINISTRATION APPARATUS, DEVICE ADMINISTRATION METHOD AND RECORDING MEDIUM - A device administration apparatus includes an apparatus information obtainer that obtains via a network, apparatus information stored in a device, a judger that judges whether or not the device is an administration object based on the obtained apparatus information, and an administrator that administers use of the device, if the judger judges that the device is an administration object.04-23-2009
20090106827SYSTEM AND METHOD FOR USER PASSWORD PROTECTION - A system and method are disclosed for protecting a password assigned to a user, the method comprising: providing a password entry screen having a virtual keyboard, the virtual keyboard including a plurality of character keys arranged in a non-QWERTY format; authenticating the user if a password submitted by the user accessing the password entry screen matches a user password retrieved from a password database; and denying access to the user if the submitted password does not match the retrieved user password. The system comprises a storage module and a computer program for performing the method.04-23-2009
20120192258HOTSPOT NETWORK ACCESS SYSTEM AND METHOD - A system and method are disclosed for providing wireless network access to a user of a remote device at a hotspot. In general, wireless communication is established by the system with the remote device to enable wireless transmission therefrom of social networking credentials associated with a social network profile maintained by a third party social network service provider. Using these credentials, the user is authenticated with the third party social network service provider, and, upon authentication, is provided wireless access to the network.07-26-2012
20120192257IMAGE PROCESSING APPARATUS, ACCESS CONTROL METHOD, AND STORAGE MEDIUM - An image processing apparatus includes a request determining unit receiving an operation event indicating a request to use an image processing function and determining whether the request is from a guest user based on the received operation event; a guest login processing unit generating guest login information including a guest user identifier and access right information of the guest user if the request is from the guest user and sending a login request to request a login process for the guest user based on the guest login information; an access control unit disabling access control on the image processing function in response to the login request based on the access right information in the guest login information; and a usage history recording unit recording a usage history of the image processing function in association with the guest user based on the guest user identifier in the guest login information.07-26-2012
20120192256DISCONNECTED CREDENTIAL VALIDATION USING PRE-FETCHED SERVICE TICKETS - One or more user service tickets are obtained (i.e. pre-fetched) from an authentication server and stored in a ticket cache. The user service tickets facilitate a login device communicating with one or more users or group members associated with the login device. Login credentials for the users or group members may be subsequently authenticated against the user service tickets within the ticket cache thereby eliminating the need for immediate access to the authentication server or a previous login session by the users or group members. The user service tickets within the ticket cache may be refreshed as needed. In one embodiment, the user service tickets are refreshed daily and also in response to login attempts if the authentication service is readily accessible.07-26-2012
20090094689AUTHENTICATION METHOD AND SYSTEM - A codebook, comprising a number of groups of symbols in a predetermined pattern printed on a card or the like is issued to a user. The user is attributed or selects an extraction pattern representing an order of progression through the symbols in each group of symbols. When the user wishes to make an authentication action an authentication party challenges the user to submit the symbols found at selected positions in the extraction pattern. The user applies the extraction pattern to the codebook and retrieves the symbols found at the selected positions, and submits these to the authenticating party. The authenticating party applies the same extraction pattern to the same codebook, and determines whether the results match those submitted by the user, and in a case where the two sets of symbols match, authenticates the user.04-09-2009
20090094688METHOD AND SYSTEM FOR SYNCHRONIZING USER SESSIONS - Method, system and storage medium encoding a computer program for synchronizing a first user session and a second user session in a client-server system. The first user session is between a first Web service and a client and the second user session is between a second Web service and the same client. A request is received with a first session value by the second Web service. an indicator of the first session value is assigned to a shadow, and the shadow is sent in a response to the client. A subsequent request with the shadow and a subsequent session value is received from the client. The indicator is used to verify the subsequent session value at the second Web service. The second user session is terminated if the indicator in the shadow does not correspond to the subsequent session value.04-09-2009
20130074171AUTOMATED LOGIN INITIALIZATION ON DETECTION OF IDENTIFYING INFORMATION - A system for automating a data device login procedure having a network, a system backend communicable with the network having a backend processor configured to control a simplified login procedure and a database of login information accessible by the backend processor, a data reader communicable with the system backend configured to receive a credential data from an identification device, and a fungible portable data device communicable with the backend configured to receive a login information from the system backend for completing a login procedure. The data reader is configured to initiate the login procedure upon receipt of the credential data from the identification device and communicate the credential data to the backend. The backend is configured to determine the login information associated with the credential data comprising personalization information for the fungible portable data device and the system backend completes the login procedure to the fungible portable data device.03-21-2013
20130074170AUTHENTICATING A USER OF A SYSTEM USING NEAR FIELD COMMUNICATION - A system and machine-implemented method for providing a username and password to a system using a device, via establishing a near field communication link with the system; retrieving a username and password from storage on the device; and transmitting the username and password to the system via the near field communication link, wherein the username and password are configured to be used by the system to authenticate the user on the system.03-21-2013
20130074169Restrictive Access of a Digital Object Based on Location - The present disclosure involves a method including: receiving a request to access an object from a user; prompting the user to go to a target location; receiving feedback from the user with respect to the user's location; determining, electronically by a processor, whether the user has reached the target location; granting access of the object to the user in response to the determining. The present disclosure involves a system including: a storage storing an electronic item; an electronic communications interface that: detects a request to access the item from an entity and prompts the entity to go to a target location in response to the request; a computer processor that: analyzes feedback from the entity with respect to the entity's location, determines whether the entity's location is sufficiently close to the target location, and grants or denies access of the item to the entity based on the determination.03-21-2013
20130074168STREAMING VIDEO AUTHENTICATION - One or more devices transmit, to a user device, an application for secure mobile streaming, and receive, from the user device, a registration request for the application. The registration request includes a user ID and a unique device identifier (UDID) for the user device. The one or more devices initiate a validation procedure for the user ID or UDID. When the user ID or UDID is validated, the one or more devices generate a device-token for the user device. The device-token includes a hash value based on information in the registration request and an expiration date for the device-token. The one or more devices send the device-token to the user device via a private network. The device-token is required to permit the user device to receive a secure content stream via a public network.03-21-2013
20130061304PRE-CONFIGURED CHALLENGE ACTIONS FOR AUTHENTICATION OF DATA OR DEVICES - An authentication system is enhanced by prompting an individual to perform a challenge action. For example, the individual may be requested to move the device in a particular motion, after entering a username/password combination. The challenge action is known only by the individual, such that an imposter, even with authentication information, does not know the challenge action. The challenge action improves security by preventing attackers from spoofing an individual's authentication information. The enhanced authentication system may be used on mobile devices, such as mobile phones and laptop computers, to provide access to secure data, such as bank account information.03-07-2013
20130061306HYBRID CLOUD IDENTITY MAPPING INFRASTRUCTURE - In various exemplary embodiments, a system and associated method for providing a hybrid cloud computing environment are disclosed. For example, a system may authorize an enterprise user based on an enterprise identity. Once authenticated, embodiments may use mapping data and a cloud role to determine an identity to use when the enterprise user accesses a cloud.03-07-2013
20130061305RANDOM CHALLENGE ACTION FOR AUTHENTICATION OF DATA OR DEVICES - An authentication system is enhanced by prompting an individual to perform a randomly-selected challenge action. For example, the individual may be requested to move the device in a particular motion, after entering a username/password combination. The randomly-selected challenge action verifies the individual is located at the device, which prevents automated attacks to steal the individual's identity. The challenge action improves security by preventing attackers from spoofing an individual's authentication information. The enhanced authentication system may be used on mobile devices, such as mobile phones and laptop computers, to provide access to secure data, such as bank account information.03-07-2013
20110067093USAGE PERIOD MANAGEMENT SYSTEM FOR APPLICATIONS - A method of managing downloading contents in a network system including a terminal device, a management server and a downloading site includes three phases of procedures. In a first phase procedure, the management server receives a request for downloading contents from the terminal device and performs a predetermined registration operation. In a second phase procedure, the management server transmits attribution data corresponding to the contents to be downloaded by the terminal device, the attribution data including information of the downloading site. In a third phase procedure, the terminal device accessed the downloading site in accordance with the information included in the attribution data and downloads the contents.03-17-2011
20130061307Method and Apparatus for Accessing Corporate Data from a Mobile Device - A computer-implemented communication method performed by a computerized device and a computerized communication apparatus, the method comprising: receiving by a buffer server a first communication request and a device key from a mobile device; verifying the device key and a buffer server key; sending a request with details associated with the device key and the buffer server key, to a corporate server; receiving a response from the corporate server; removing data from the response, and sending a reduced response to the mobile device; receiving a user identification and a second communication request from the mobile device, for the data that has been removed; and sending the data that has been removed to the mobile device, upon verifying the user identification.03-07-2013
20090055914SOFTWARE UPDATE METHOD - A method of updating first software in at least one apparatus in which a first password is set and which determines, when receiving a second password and second software, whether or not the received second password matches the first password set in the apparatus and whether or not the received second software is for the apparatus, when the second password matches the first password and the second software is for the apparatus. The method includes; causing a user to select the apparatus from among a plurality of apparatuses; causing the user to input the second password; causing the user to designate an update file pertaining to the second software; storing information of the apparatus selected by the user, the second password input by the user and the update file designated by the user; and performing update processing to transmit the second password and the second software in the update file to the apparatus selected by the user in accordance with the stored information.02-26-2009
20120227097Providing Subscriber Consent in an Operator Exchange - A method and system for providing a record of consent in scenarios in which the user and a device may have to perform a function that involves two entities that don't trust each other or are not necessary interested in cooperating. In one such example, a user wants to switch services from an “old” operator to a “new” operator. An operator switch without explicit user consent may have legal or business ramifications for both the “old” and “new” operators. The ramifications are even more severe if the switch is the result of actions of, for example, a hacker maliciously causing this switches in order to cause monetary or other damage to either operators or denial of service to the users. In such cases it is useful for both operators to be on record and have an archive of proof of user consent should future disputes arise.09-06-2012
20120227096METHOD AND APPARATUS FOR TRANSFERRING DATA - A method and apparatus for transferring data to a mobile device is described. Authentication information associated with a user is received and used to authenticate the user. A one-time-use password is determined and an identity of a mobile device and/or a mobile device operator is verified. Encrypted data is transmitted to the mobile device, where the encryption is based, at least in part, on the one-time-use password. On receipt of the password at the mobile device, the data may be decrypted for use by the mobile device.09-06-2012
20120117634SYSTEMS AND METHODS FOR FACILITATING DISTRIBUTED AUTHENTICATION - A method for facilitating distributed authentication includes the step of requesting, by a user of a client machine residing in a first domain, access to a resource residing in a second domain. The client machine authenticates the user to an intermediate machine. The intermediate machine impersonates the client machine. The intermediate machine impersonating the client machine requests access to the second domain from a domain controller residing in the second domain. The domain controller authorizes the requested access, responsive to a determination that the impersonated client machine is trusted for delegation. The domain controller transmits to an application server residing in the second domain, authentication data associated with the impersonated client machine. The application server transmits, to the intermediate machine, a launch ticket uniquely identifying a logon token. The client machine provides, to the application server, the launch ticket to access the resource residing in the second domain.05-10-2012
20130067549Cloud-Based Broker Service for Digital Assistants - A cloud-based broker service may be provided for computing devices in a distributed computing environment. The broker service may aggregate user accounts and user account credentials utilized for accessing online services by the computing devices. The broker service may monitor a context of the computing devices associated with the user accounts. The broker service may then utilize the context, data associated with the user accounts and data associated with the user account credentials to automate tasks and/or provide alerts associated with the data.03-14-2013
20130067546TRANSACTION AUTHENTICATION MANAGEMENT SYSTEM WITH MULTIPLE AUTHENTICATION LEVELS - An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine the user's type and invokes a user personal profile and application profile information that pertains to the transaction. The security tool may use the user personal profile and application profile information during user authentications. The security tool determines an initial authentication level and may modify that authentication level during user-to-user transaction operations. The security tool may perform substantially continuous user authentication during transaction operations by employing learned behavior, historical knowledge, and other information that the security tool maintains in a security information store.03-14-2013
20130067554METHODS, DEVICES AND COMPUTER PROGRAM SUPPORTS FOR PASSWORD GENERATION AND VERIFICATION - During log-on of a user to an entity protected by a password, the password is verified by iteratively receiving a password character; and verifying that the received character complies with a predefined property (α) that sets at least one requirement for allowable passwords. If this is not the case, then this can indicate a brute force attack and appropriate action may be taken. The property α may be dependent on the user. Also provided are a corresponding device and a computer program product.03-14-2013
20130067553CONTROL APPARATUS AND METHOD FOR EXECUTING APPLICATION - A mobile terminal to execute an operation of an application includes an application framework to determine a reliability level of the application, to assign a first secure key value to the operation, and to pack a second secure key value to an event packet generated by the application; and a modem layer to extract the second secure key value from the event packet, to determine whether the second secure key value corresponds to the first secure key value of the operation, and to determine whether to execute the operation. A method for executing an operation of an application includes assigning a first secure key value to the operation; receiving an event packet corresponding to the operation; extracting a second secure key value from the event packet; comparing the second secure key value with the first secure key value; and determining whether to execute the operation.03-14-2013
20130067552AUTHENTICATION IN SECURE USER PLANE LOCATION (SUPL) SYSTEMS - A particular method includes storing, at a mobile device, at least one security credential that is specific to the mobile device. The method also includes transmitting the at least one security credential to a secure user plane location (SUPL) location platform (SLP) to authenticate the mobile device as associated with a SUPL user based on a comparison of the device identifier to a stored device identifier.03-14-2013
20130067550PRIVATE CLOUD SERVER AND CLIENT ARCHITECTURE WITHOUT UTILIZING A ROUTING SERVER - A method and system for use with a public cloud network is disclosed, wherein the public cloud network includes at least one private cloud server and at least one smart client device in communication therewith. The method and system comprise setting up the at least one private cloud server and the at least one smart client device in a client server relationship. The at least one private cloud server includes a message box associated therewith. The first message box is located in the public network. The at least one smart client includes a second message box associated therewith. The second message box is located on the public network. The method includes passing session based message information between the at least one private cloud server and the at least one smart client device via the first message box and the second message box in a secure manner. The session base information is authenticated by the private cloud server and the at least one smart client device. The smart client device and the private cloud server can then communicate with each other after the session based information is authenticated.03-14-2013
20110023102Image forming apparatus, image processing apparatus and image delivery system - An image forming apparatus connected to plural authentication servers includes an acquiring unit configured to acquire user identifying information identifying a user and a password; a selecting unit configured to select server identifying information identifying two or more of the plural authentication servers; an authentication process unit configured to transmit the user identifying information and the password to the two or more authentication servers, identified by the selected server identifying information, and acquire an authentication result from the two or more authentication servers. The authentication process unit determines that authentication is successful upon reception of the authentication result indicating successful authentication by at least one of the two or more authentication servers. The image forming apparatus further includes a process unit configured to process image data upon determination of successful authentication by the authentication process unit.01-27-2011
20110023101SINGLE LOGIN PROCEDURE FOR ACCESSING SOCIAL NETWORK INFORMATION ACROSS MULTIPLE EXTERNAL SYSTEMS - A social networking system contains information describing users of the social network and various connections among the users. A user can access multiple external systems that communicate with the social networking system to access information about the users of the social networking system. Login status of the user account on the social networking system is maintained. If the login status of the user account on the social networking system indicates that the user is not logged in, the user is required to provide authentication information. If the login status of the user account indicates that the user is logged in, social network information is provided to the user via an external system, subject to the privacy settings of users of the social networking system. If the user logs out from an external system, the user is also logged out from the social networking system.01-27-2011
20130067551Multilevel Authentication - In an exemplary embodiment, a system includes a memory operable to store a user account identifier associated with a user account and a mobile device identifier associated with a mobile device. The memory is also operable to store a first user credential and a second user credential, the second user credential, wherein the second user credential comprises user input data captured by a sensor. The system includes a network interface operable to receive a request to authenticate a requesting user. The system also includes a processor operable to determine information included in the request to facilitate authentication of the requesting user and whether the information included in the request matches the information associated with the user account. The processor is further operable to authenticate the requesting user if the request is associated with the user account and information included in the request matches the information associated with the user account.03-14-2013
20130067548Database Access Using A Common Web Interface - Methods and systems for accessing databases using a common web interface are provided. A method for transmitting data retrieved from an endpoint device to a client device using a common web interface includes providing the common web interface to the client device. The common web interface allows access to a plurality of endpoint devices, each endpoint device comprising a unique endpoint address. The method further includes receiving, by a computer, identification data from the client device, retrieving an endpoint address for one of the plurality of endpoint devices based on the identification data, connecting to the endpoint device corresponding to the endpoint address, retrieving data from the endpoint device, and transmitting the retrieved data to the client device.03-14-2013
20130067547TRANSACTION AUTHENTICATION MANAGEMENT INCLUDING AUTHENTICATION CONFIDENCE TESTING - An operating system of an information handling system (IHS) initializes a security tool to provide security management during user-to-user transactions. The security tool may determine a relationship between the users and, in response, invoke a user personal profile and application profile information that pertains to the users and the transaction. The security tool determines an initial observed confidence level that indicates a degree of certainty with respect to the accuracy of user authentication. The security tool may continuously determine observed confidence levels from current user actions, learned behavior, and other information within a security information store. The security tool may compare a currently observed confidence level to a predetermined confidence threshold. The tool may halt the transaction if the observed confidence level does not exceed the predetermined confidence threshold thus indicating a breach in security confidence.03-14-2013
20090265771System and method for hosting multiple kerberos service principal names - An authentication system and method for allowing an administrator to host a plurality of service principal names (SPNs) over a common network port of a backend server. The authentication system includes a client computer, a backend server, and a service principal name (SPN) apparatus. The client computer sends an authentication request to the backend server. The backend server performs an authentication procedure in response to a reception of the authentication request from the client computer. The SPN apparatus configures a plurality of service SPNs for the web service application over the common network port.10-22-2009
20090265770SECURITY SYSTEM BASED ON QUESTIONS THAT DO NOT PUBLICLY IDENTIFY THE SPEAKER - A method and system for authenticating a user seeking access to a secured system in a public area. Access is granted when a user demonstrates sufficient knowledge of the user's personal characteristics stored in the system. The user initiates the access process by tapping into the stored characteristics without overtly stating information that may be overheard. The user statements reflect an awareness about the categories of user uniqueness without divulging details. The system response statements act to elicit further information from the user for response and the response statements are scored. After a cumulative score threshold is met, the user is granted access.10-22-2009
20090235345AUTHENTICATION SYSTEM, AUTHENTICATION SERVER APPARATUS, USER APPARATUS AND APPLICATION SERVER APPARATUS - An authentication system having a user apparatus that performs authentication using first authentication data and a second authentication server that performs authentication using second authentication data is provided. The user apparatus acquires the second authentication data from a user and requests authentication of the user by sending the acquired second authentication data to the second authentication server. The second authentication server performs authentication of the user on a basis of the second authentication data received from the user apparatus and sends the user apparatus a result of the authentication and when the authentication is successful, first authentication data stored being associated with the user. The user apparatus acquires a result of authentication based on the first authentication data received from the second authentication server and performs login processing when the acquired result of the authentication based on the first authentication data indicates success.09-17-2009
20090235344INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND INFORMATION PROCESSING PROGRAM PRODUCT - In an information processing apparatus that includes a master agent and a subagent for SNMP and performs communication between the master agent and the subagent using an AgentX packet conforming to a standard stipulated by AgentX protocol, an authenticating unit determines whether a manager is legitimate based on authentication data included in the data acquisition request received from the manager by an authentication-data acquiring unit; a session-data creating unit creates session data including at least a result of authentication; a session-data providing unit provides to the subagent the session data; and an access control unit performs access control for data requested in the data acquisition request based on the session data received by the subagent.09-17-2009
20090235342REMOTE DESKTOP ACCESS - A method of accessing a first computing device from a second computing device using a remote desktop service is disclosed. The first and second device register are authenticated and registered with a remote access gateway. In some embodiments, the remote access gateway stores a copy of the first computer and changes made to the copy are synchronized with the actual first computer when it access the remote access gateway. A virtual operating system experience on the second computer is virtually the same as the real operating system experience on the first computer.09-17-2009
20100017861APPARATUS AND METHOD FOR MOBILE VIRTUAL NETWORK OPERATOR (MVNO) HOSTING AND PRICING - A method and apparatus facilitating access to a communication session for a client is provided. The method may comprise receiving, at a mobile virtual network operator (MVNO), an access request from a client, wherein the MVNO is associated with a set of mobile network operators (MNOs), receiving, from the client, client connection parameters associated with at least one of the set of MNOs, formulating at least one option for a communication session over a network associated with at least one of the set of MNOs, the at least one option based on the client connection parameters and MVNO-connection parameters associated with the set of MNOs, and establishing a selected communication session based on the at least one option.01-21-2010
20120233683System and Method to Support Identity Theft Protection as Part of a Distributed Service Oriented Ecosystem - A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in Internet protocol (IP) multimedia subsystem (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device.09-13-2012
20120233677Communication device, method for providing a data service, communication terminal, and method for requesting a data service - A communication device is described comprising a receiver configured to receive a message from a communication terminal indicating that the communication terminal requests a data service and indicating that a cost of providing the data service is to be associated with a provider of the data service and including security information; a determining circuit configured to determine, based on the security information, whether the communication terminal is authorized to be provided with the requested data service with a cost of providing the data service being associated with a provider of the data service; and a controller, configured to establish a communication connection for providing the data service and to associate a cost of the communication connection with the provider of the data service if the authorization has been successful.09-13-2012
20090013393METHOD AND SYSTEM FOR PERFORMING SECURE LOGON INPUT ON NETWORK - A trusted input technique in which switching is made between an OS environment unreliable in security and a BIOS reliable in security. Rapid switching to a secure environment, such as BIOS mode, upon request for secure input, is enabled. An OS environment of a user can be quickly resumed after the user completes the input of a cryptogram. The technique does not and will not have any influence on secure transaction architecture. The identification of a server is authenticated in a trusted secure environment, and thus it is possible to prevent such problem as “phishing” websites. The user cryptogram is present as plaintext only in a BIOS environment and server and as encrypted during intermediate transmission. Thus, it is impossible to be intercepted by any virus such as a “Trojan horse”.01-08-2009
20090013392Network Information Protection Method and Storage Medium - Biological certification information of a user A and access certification information for each user are stored in a memory in an electronic circuit that is installed on a disc. At the time of driving the disc, the user's biological certification information and the biological certification information stored in the electronic circuit are compared and access certification information is sent out to a network when both information agree to each other. At the network, connection of the user's terminal to a service community is permitted when the user is determined to be an authorized one based on the received access certification information. Determined in the service community are an on-duty concierge who takes care of the service request by the user's terminal and an administration concierge who monitors communication information between the user and the on-duty concierge. Then, the administration concierge keeps monitoring communication information between the terminals used by the user and the on-duty concierge for generating a warning or compulsively interrupting the communication when the monitoring information meets the predetermined condition.01-08-2009
20130167216CLOUD IDENTIFICATION PROCESSING AND VERIFICATION - A system and method are provided for identification of a user collecting enrollment data from the user including dwell times for each of an enrollment series of login attempts; creating an iterative unified identification score for the user from the dwell times of login attempts; establishing an iterative average of identification score; establishing a standard deviation of the iterative identification score; deleting the dwell times and other data of the enrollment series of login attempts; prompting and collecting login specific dwell times; calculating a login identification score; comparing the login identification score to the iterative unified identification score, and updating the iterative scores and the iterative standard deviations and storing between login attempts only an iterative average dwell time, an iterative average flight time, the unified identification score and iterative standard deviation of the unified identification score.06-27-2013
20130167214INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND COMPUTER PROGRAM - An information processing apparatus includes a first session managing unit configured to manage a transaction including a request and a response over a network and a second session managing unit configured to manage authentication identification information of an authenticated user. The information processing apparatus also includes a token generating unit configured to acquire authentication identification information of a requesting user and generate a token value to be included in a first response using an internally managed value, in response to a first request, and a token validating unit configured to acquire the authentication identification information of the requesting user in response to a second request and validate correctness of a token value included in the second request by comparing the token value with a token value calculated using the managed value.06-27-2013
20130167215USER AUTHENTICATION APPARATUS, METHOD THEREOF AND COMPUTER READABLE RECORDING MEDIUM - A user authentication apparatus, a user authentication method, and a computer readable recording medium are provided. The user authentication apparatus includes: an information collection unit which collects authentication information on a plurality of portable devices of a user through a communication network; and a control unit which identifies whether each of the plurality of portable devices is registered for the user or not based on the collected authentication information, determines whether an amount of information collected from the plurality of portable devices that are identified is greater than a threshold value, and authenticates the user.06-27-2013
20130167211RE-AUTHENTICATION - In one example, a method of managing access to a network includes receiving a network access request including one or more credentials via an edge device. The one or more user credentials are authenticated, and a database record for a user associated with the one or more user credentials is identified. A re-authentication duration value is obtained from the database record for the user, wherein the re-authentication duration value is pre-assigned to the user or pre-assigned to a group associated with the user. A response comprising the re-authentication duration value is then sent to the edge device.06-27-2013
20080295161OPERATION SUPPORT SYSTEM11-27-2008
20080295160Biometrically controlled personal data management system and device11-27-2008
20130167212SYSTEM AND METHOD FOR PROVIDING SECURE ACCESS TO AN ELECTRONIC DEVICE USING BOTH A SCREEN GESTURE AND FACIAL BIOMETRICS - A system and method for providing secure authorization to an electronic device by combining two or more security features of authentication processed at substantially the same time where at least one of the factors is a “tolerant” factor. By combining two factors such as facial recognition and a screen gesture, these can be analyzed at substantially the same time such that the tolerance match required by the tolerant factors for providing a better user authentication experience without reducing the overall security accuracy.06-27-2013
20130167213METHOD AND SYSTEM FOR VERIFYING USER INSTRUCTIONS - A method for verifying instructions communicated from a user to a relying entity is described. A trusted entity receives a request from the relying entity to verify instructions received from the user wherein the request includes verification information corresponding to the instructions communicated to the relying entity from the user. The trusted entity sends a request to the user to provide verification information corresponding to the instructions. The trusted entity receives the verification information from the user and compares it to the verification information received from the relying entity. The trusted entity then verifies the instructions based on the comparing.06-27-2013
20120124654System and method for a secure user interface - In accordance with embodiments, there are provided mechanisms for methods and systems for inputting information, such as authentication and verification information, which are meant to thwart keylogging and phishing, while also assisting in a user's recall of the required input information. In at least one embodiment, a secure virtual keyboard is generated that has less buttons or entry keys than choices for input entry.05-17-2012
20080301791Single sign-on system, method, and access device - A system, method, and access device enabling a user to securely access a plurality of password-protected servers with a single entry of the user's User ID and associated password. When the access device receives the User ID and password from the user, it sends only the User ID to each of the password-protected servers. The servers each return a unique index value to the access device. The access device uses each index value to retrieve different password modification information from a database or lookup table. The access device then creates a plurality of modified passwords based at least in part on the password modification information. The access device then transmits each of the modified passwords to the corresponding password-protected server.12-04-2008
20120192259METHOD, DEVICE AND SYSTEM FOR INFORMATION DOWNLOAD PROCESSING AND INFORMATION DOWNLOAD INDICATION - The present invention provides a method, device and system for information download processing and information download indication. In the present invention, because an imaging device has been registered with paid web sites successfully when leaving the factory, a user can access the paid web sites only by installing drivers. According to a protocol, the user can access the paid web sites and acquire data by means of the imaging device, and correspondingly, manufacturer of the imaging device pays a fee to the paid web sites. Thereby, after purchasing the imaging device, the user can access the paid web sites to acquire the free data as long as the imaging device is connected to a computer capable of being connected with the Internet and the driver of the imaging device is installed on the computer. The present invention eliminates need for the user to register and pay to obtain paid data.07-26-2012
20100269165INTERACTING WITH INTERNET SERVERS WITHOUT KEYBOARD - A system and method which may allow users to interact with Internet servers with graphical mouse movements. The invention is especially useful to enhance online transaction security. A user may use a mouse to draw a pattern and store the pattern as his password to an online account, and draw the pattern with a mouse to log in the online account. The password may include a drawing, one or more letters, one or more numbers, or one or more characters.10-21-2010
20110283346OVERLAY HUMAN INTERACTIVE PROOF SYSTEM AND TECHNIQUES - The overlay human interactive proof system (“OHIPS”) and techniques described herein operate in conjunction with any known or later developed computer-based applications or services to provide secure access to resources by reliably differentiating between human and non-human users. Humans have a generally superior ability to differentiate misaligned characters or objects from correctly aligned ones. As such, the OHIP splits an image including one or more visual objects into two or more partial images to form a HIP. The partial images may also be further split into groups of sub-partial images, and/or the partial images (or the sub-partial images) may be moved, so that at any given alignment position, a user can recognize only some visual objects. A user is instructed to reassemble the partial images at one or more predetermined alignment positions using a GUI, and the user is asked to identify information regarding one or more visible objects.11-17-2011
20090320112Method of Gaining Access to a Device - The method is for activating a device. A communication device (12-24-2009
20090094690Person oneself authenticating system and person oneself authenticating method - There is provided person oneself authenticating means for authentication of a user, which is mainly used for person oneself authentication in Internet banking or the like and is high in security, and is realizable by functions ordinarily provided in a PC, a mobile phone, or the like, the authenticating means being less in burden required for user authentication key management and authentication operations. Sound or an image is adopted as an authentication key for person oneself authentication. Authentication data is edited by combining an authentication key, which is selected by a registered user, and sound or an image that is other than the authentication key, and the authentication data is continuously reproduced in a user terminal. A time in which a user has discriminated the authentication key from the reproduced audio or video is compared with a time in which the authentication key should normally be discriminated, which is specified from the authentication data. When both times agree, the user is authenticated as a registered user.04-09-2009
20110302645Multi-Channel Multi-Factor Authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication.12-08-2011
20110302642IMAGE FORMING APPARATUS, CONTROL METHOD THEREOF, AND STORAGE MEDIUM - In an image forming apparatus of the present invention, authentication information necessary for a user to log in to the image forming apparatus and address information of a mobile terminal are stored associated with each other, and upon receiving from a mobile terminal a search request for searching for a device with which to establish wireless communication, and the address information of the mobile terminal, it is determined, based on the address information and the stored information, whether the address information is associated with authentication information of the user that has logged in to the image forming apparatus. As a result, if it has been determined that the address information is associated with the authentication information of the user that has logged in to the image forming apparatus, information indicating that the image forming apparatus has been logged in to is transmitted as a response to the search request.12-08-2011
20110302644Multi-Channel Multi-Factor Authentication - Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication.12-08-2011
20110302641METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE - A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one-time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said networks, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collected information provides information enabling the user to detect a compromised identity through a mismatch between presented information and the information representing the user and the passcode protects against fraudulent access.12-08-2011
20110289574SOCIAL NETWORK WITH MULTIPLE LOGINS - A method, apparatus, and system are directed towards seeding a user's contacts for their online social network. The invention is arranged to automatically recommend to the user a set of seed contacts that the user may employ to invite to join their social network. The set of seed contacts may be harvested from the user's existing portal activities, as well as other sources. In one embodiment, the invention analyzes portal activity, such as email exchanges with the user, and the like, to determine a frequency of contact with the user. Other sources may include but not be limited to emails, names within an address book of the user, names within an address book of another person, a buddy list, an instant messaging list, an activity, a mailing list, an online discussion group, a membership in a category, chat group, and the like.11-24-2011
20110289570SYSTEM AND METHOD FOR INTEGRATING REMOTELY ACCESSED DATA - A system for integrating remotely accessed data includes a source end for providing data; a conversion device for converting the data from the source end into at least a preset format; a remote storage device for storing the data in the at least a preset format; a server connected to the remote storage device, and a user device connected to the server. A user end logs in to the server through the user device via a user account and/or password to remotely access the data in the at least a preset format stored in the remote storage device, and the remote storage device provides the data in the at least a preset format to the user device through the server, thereby integrating data of various formats into preset formats and providing preferred formats of data to various user devices so as to save costs for system configuration, increase usage efficiency of the system and increase data readability in the user devices.11-24-2011
20110289573AUTHENTICATION TO AN IDENTITY PROVIDER - An arrangement for authenticating a user at a service provider is described. The arrangement makes use of the fact that a user of a mobile communication device can be readily and securely identified by a telecommunications provider and re-uses that authentication to identify the same user when accessing the service provider from a different client. The client instructs the mobile communication device to contact an identity provider at the telecommunications provider and shared secrets are exchanged between the identity provider, mobile communication device and client to confirm that the same user is at the client and the mobile communication device.11-24-2011
20110289571INFORMATION PROCESSING APPARATUS, USER AUTHENTICATION METHOD, AND STORAGE MEDIUM - When a first MFP that manages first and second conversion values of user authentication information accesses a second MFP, the first MFP queries about which conversion value is used by the second MFP to execute user authentication processing. The first MFP transmits information based on a conversion value in accordance with the query result to the second MFP. Then, the second MFP executes user authentication processing using information based on a conversion value in accordance with the query result and a conversion value managed by the second MFP.11-24-2011
20090282466User Authentication System, Terminal Used in the Same, Authentication Verification Device, and Program - The user authentication system includes a profile generation unit 11-12-2009
20120017268ENHANCED MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.01-19-2012
20110296511Secure Fax with Passcode and Recipient Notification - A system and a method of processing faxes are disclosed. The method includes receiving page(s) to be transmitted by a first fax device coupled to a fax transmission network. An address of a recipient is encoded in a field of a fax transmission. The fax transmission, including the page(s) and the encoded recipient address, is transmitted to a second fax device. The received page(s) of the fax are stored at the second fax device and a passcode is generated. The fax is not released for printing until the passcode is submitted to the second fax device.12-01-2011
20110296510PROTECTING USER CREDENTIALS USING AN INTERMEDIARY COMPONENT - An access component sends an access request to an intermediary component, the access request being a request to access a service or resource without credentials of a current user of the intermediary component being revealed to the access component. The intermediary component obtains user credentials, for the current user, that are associated with the service or resource. The access request and the user credentials are sent to the service or resource, and in response session state information is received from the service or resource. The session state information is returned to the access component, which allows the access component and the service or resource to communicate with one another based on the session state information and independently of the first component.12-01-2011
20110296509SECURING PASSWORDS WITH CAPTCHA BASED HASH WHEN USED OVER THE WEB - A password security system, hosted by a server, sends a web page over a network to a client, that includes a CAPTCHA challenge, a request for a CAPTCHA answer, a graphical user interface for receiving a user identifier and a password, and a security script. The security script is to be executed by the client to generate a client hash value from password data and a CAPTCHA answer that is received from a user. The system receives the client hash value and computes a server hash value for password data for the user and a CAPTCHA answer that is stored in a data store that is coupled to the server. The system determines whether the server hash value matches the client hash value, and grants data access to the user when the values match and denies data access to the user when the values do not match.12-01-2011
20110296508DIGITAL HANDSHAKE FOR AUTHENTICATION OF DEVICES - This is directed to a digital handshake for establishing a secure communications path between two electronic devices. Each device can capture an image of the other device using a camera (e.g., a front facing camera or a back facing camera) and extract, from the captured image, a key or seed associated with the other device. For example, each device can display a seed to be identified from an image taken by the other device. Using the extracted keys or seeds, each device can generate, using a same process, an identical digital handshake key. The digital handshake key can then be used to define a secure communications path between the two devices and share information securely. In some embodiments, a digital handshake key can be shared among several devices to create a multi-device secure communications path. Once a communications path has been established, the devices in the path can be identified and authenticated from the digital handshake key to receive access to secured goods, services or information.12-01-2011
20110296507Providing an Electronic Document Collection - In one implementation, a computer-implemented method includes receiving a request to access an electronic document collection that integrates a plurality of electronic sub-documents that are each of one of a plurality of defined document types. The method also includes retrieving information that is associated with the document collection, wherein the retrieved information identifies a first sub-document of the plurality of sub-documents using a first non-address identifier, and identifying a first software application that is configured to provide access to the first sub-document. The method additionally includes initiating a first connection with a first server that causes execution of the identified first software application and that, using the first non-address identifier, provides access to the first sub-document. The method further includes integrating access to the first sub-document into the document collection through the initiated first connection with the first server that causes execution of the first software application.12-01-2011
20090271854System for Performing Web Authentication of a User by Proxy - A data gathering system is guided by an Internet-capable appliance associated with a user, which has a Pin Vault software instance executing from a digital memory media coupled to the appliance and a Pin Vault file stored in a data repository coupled to the appliance. The Pin Vault file comprises data for authenticating the user to one or more web sites storing information of interest to the user, and the Pin Vault software cooperates with an Internet service to provide, from the Pin Vault, data as needed by the Internet service to log onto and authenticate as the user at the one or more web sites storing information of interest to the user, to gather information on behalf of the user. The data for authentication is never kept at the Internet service.10-29-2009
20080250482Network invitation arrangement and method - Method and arrangement for enabling communications between an entity operating a network including a first user, and a second user includes sending a message from the first user to the entity informing the entity of identification information of the second user interested in joining the network, sending from the entity to the first user a key to allow the second user to communicate with the entity, providing a message from the first user directly to the second user containing the key, sending a message from the second user to the entity using the key, determining whether the key sent by the second user corresponds to the key provided by the entity to the first user, and if so enabling communications between the second user and the entity. The ability of the first user to obtain a key to enable the second user to join the network is time-limited.10-09-2008
20130219480Online Pseudonym Verification and Identity Validation - Methods, systems, and computer program products for authenticating an online user. Authentication involves sending a code from a server to a user device equipped with a source of illumination and a camera capable of capturing video imagery of the online user. The user device receives the code, modulates the source of illumination in accordance with the code, and captures video imagery of the user while the source of illumination is being modulated according to the code. The captured video imagery of the online user is sent to the server where it is analyzed to detect evidence of changes in illumination that correspond to the code. If good correspondence is found, the user may be authenticated. Similar methods may be applied to other biometric data. Applications of the authentication include identify validation, pseudonym verification, and distinguishing human from non human access attempts.08-22-2013
20100269166Method and Apparatus for Secure and Reliable Computing - In one embodiment, the invention is a method and apparatus for secure and reliable computing. One embodiment of an end-to-end security system for protecting a computing system includes a processor interface coupled to at least one of an application processor and an accelerator of the computing system, for receiving requests from the at least one of the application processor and the accelerator, a security processor integrating at least one embedded storage unit and connected to the processor interface with a tightly coupled memory unit for performing at least one of: authenticating, managing, monitoring, and processing the requests, and a data interface for communicating with a display, a network, and at least one embedded storage unit for securely holding at least one of data and programs used by the at least one of the application processor and the accelerator.10-21-2010
20090125999User Authorization Technique - Described are a system and method for invisible authorization of a visitor to a web site. A system uses a specially formed URL that provides visitors access to secure content without requiring a sign-in and/or sign-up step, yet, if the URL is forwarded to others the content is not accessible. The URL can be delivered in an electronic message.05-14-2009
20120110653MEASUREMENT DEVICE AND METHOD FOR LOGGING USE OF THE MEASUREMENT DEVICE - In a method for managing use information of a measurement device, an operating interface of the device is locked before the device is operated. When a user starts to use the device, the method provides a login interface to verify whether the user is authorized to login the operating interface. If the user is authorized to login the operating interface, the operating interface is unlocked and the method records first information of starting to operate the device. After finishing the operation or when an elapsed time of the device not in use is greater than a predetermined time, the method controls the user to log out the operating interface, records second information of finishing the operation, and the operating interface is locked. The first information and the second information are saved in a text file.05-03-2012
20120110652DYNAMIC QUERY SERVICES AND METHODS - A system has a network and a data source communicatively coupled to the network. Further, the system has logic configured to discover the data source available on the network and store metadata indicative of the discovered data source in memory, the logic further configured to generate a release parcel, in response to a user input, for performing operations on the data source, the logic further configured to deploy the release parcel to a dynamic query service computing device wherein operations on the data source can be performed through the release parcel.05-03-2012
20110271334METHOD, SYSTEM, AND DEVICE FOR IMPLEMENTING DEVICE ADDITION IN WI-FI DEVICE TO DEVICE NETWORK - A method, a system, and a device for implementing device addition in a Wireless Fidelity (Wi-Fi) Device to Device (D2D) network are provided, which belong to the field of communication. The method includes: receiving, by a first D2D client device, a first add request message forwarded by a D2D master device, in which the first add request message carries an identifier of a new device to be added to the D2D network; receiving a first Personal Identification Number (PIN) code of the new device; and forwarding the received first PIN code to the D2D master device, in which the first PIN code of the new device is used for implementing that the D2D master device performs Wi-Fi Protected Setup (WPS) security configuration of the new device according to the first PIN code. Therefore, in the Wi-Fi D2D network, when a new device is to be added, a PIN code of the new device inputted by a user is received by the D2D client device, and the PIN code is forwarded to the D2D master device, so that the addition of the new device through the recommendation of the D2D client device is implemented, and the work continuity of the user using the D2D master device is ensured.11-03-2011
20110271332Participant Authentication via a Conference User Interface - Various embodiments of systems, methods, and computer programs are disclosed for authenticating a participant in an online conference via a graphical user interface. One such method comprises: determining a conference event requesting authentication of a participant by a conferencing system hosting a conference via a communication network; in response to the conference event, presenting a signature capture area to the participant in a conference interface via a graphical user interface; monitoring location coordinates of an input device in the signature capture area; converting the location coordinates into a participant electronic signature; determining that the participant electronic signature matches a stored electronic signature associated with the participant; and in response to determining the match, authenticating the participant for the conference event.11-03-2011
20090150983SYSTEM AND METHOD FOR MONITORING HUMAN INTERACTION - A method and system to authenticate human interactive proof (HIP) are described here. In response to a request from a web server, a motion random HIP in the form of motion-captcha is generated. The web server can then display the generated the motion random HIP in a requested web page. The web page is accompanied with a request from the user to provide the response for the generated motion captcha. After evaluation and verification of response received from the particular user, the authentication system determine whether the response to the HIP challenge is from human or from other source like computer software scripted agent.06-11-2009
20110197270Biometric Pressure Grip - According to one embodiment, a method of authenticating a user includes receiving login credentials identifying a user. A plurality of pressure readings are received from a plurality of pressure sensors coupled to a biometric grip device. The plurality of pressure readings comprise a first biometric pressure reading from a first pressure sensor coupled to the biometric grip device and a second biometric pressure reading from a second pressure sensor coupled the biometric grip device. The first and second biometric pressure readings measure a first pressure exerted at the first pressure sensor and a second pressure exerted at the second pressure sensor. A neurological number is generated from the plurality of pressure readings. The user is authenticated by comparing the neurological number with a registered neurological number. If the neurological number matches the registered neurological number, the user is authorized to access a computer system coupled to the biometric grip device.08-11-2011
20110131641System and Method for Monitoring Usage of a User Device - A server includes a limitation database, a monitor module, and a notification module. The limitations database is configured to store control limits for a user device. The monitor module is in communication with the limitations database. The monitor module is configured to monitor usage of the user device and to determine that one of the control limits for the user device has been exceeded. The notification module is in communication with the monitor module. The notification module is configured to notify a master device that the one of the control limits for the user device has been exceeded, to receive a request to disable the user device, and to disable the user device in response to the request.06-02-2011
20090328174Method and system for providing internet services - A service integration platform system for providing Internet services includes: an interface configured to receive a service request message that is initiated by a user of an application provided by an Independent Software Vendor (ISV), the service request message being implemented according to an Application Programming Interface (API) type and including a plurality of platform-level parameters that conform to the API type. The system further includes one or more processors coupled to the interface, configured to: locate a set of authentication checks that are appropriate for the API type, based at least in part on the plurality of platform-level parameters included in the service request message and a mapping of predefined combinations of platform-level parameters and corresponding sets of authentication checks; perform authentication of the service request according to the set of authentication checks; and route the service request to a service address of the Internet Service Provider (ISP) in the event that the service request is authenticated.12-31-2009
20090328173Method and system for securing online identities - Various methods, systems and apparatus for associating fictitious user identities (e.g. screen names, user names, handles, etc.) used in electronic communications (e.g. over the internet via instant messenger, e-mail, social networks, eCommerce and auction websites, etc.) with real personal information (e.g. the true identity of an individual such as their name, address, credit score, driving record, etc.) are disclosed. One such method may include storing real personal information, associated with fictitious user identities, in a CGI, hosted by a GICS. The CGI may be a unique record for an individual person and may contain real personal information verified with proper authorities (e.g. a name, address and driving record of the individual verified with a department of motor vehicles), as well as fictitious user identities used by the individual, feedback receiving from other users, etc. The method may further include allowing a remote user to submit a query to the GICS requesting information associated with a fictitious user identity, whereby the GICS may search for a CGI associating information with the fictitious user identity; and, transmit some or all of the information to the remote user. One apparatus, according to aspects of the present invention, may include means of associating real personal information, submitted by a user, with fictitious user identities, means of verifying the real personal information and the ownership of the real personal information by the submitting user, means of receiving a request for some personal information associated with a fictitious user identity, from a remote user, means for identifying the CGI associated with the fictitious user identity, means of retrieving some of the personal information from the CGI and means of transmitting some of the information to the remote user. The system may further include means of limiting the information transmitted to the remote user. (e.g. the remote user may be transmitted the credit score of the person owning a fictitious screen name, without being transmitted any further information identifying the person.)12-31-2009
20100281526Methods and Devices for Pattern-Based User Authentication - Methods, devices, and systems are presented that facilitate pattern-based user authentication. In a first embodiment, a user may request registration from an authentication server. The authentication server may provide at least one image to the user, wherein the image may comprise a matrix of cells. The user may choose a sequence of cells in the matrix as his or her secret, and may provide a userid and this secret to the authentication server. The authentication server may then validate and store the userid and/or secret. After this registration step, the user may request authentication from the authentication server. The authentication server may provide another image of a matrix of cells to the user. The user may then enter a sequence of symbols associated the sequence of cells that comprise his or her secret. The authentication server may compare the entered sequence of cells to the sequence of cells represented by the stored secret. If the two sequences match, then the user may be authenticated.11-04-2010
20090165109CONTROLLED AND CLIENT-SIDE AUTHENTICATION MODULE - A computerized method of accessing a secure resource using an application associated with a user's computing device is provided. The application is programmed, in part, to monitor user browsing activity and wherein the application has associated therewith one or more predefined Uniform Resource Locaters (URLs) to trusted sites, each having an associated trusted root certificate and security key. The method includes the application detecting a user attempt to log into a secure resource, the application scanning in-process browser processes to identify a browser process that is in a login state, the application associating the browser process in a login state with one of the trusted sites, the application initiating a new browser session with the trusted site using the associated predefined URL, the application obtaining a login password from the user, the application supplying to the trusted site the associated security key and login password, and the user's computer displaying subsequent browsing activity.06-25-2009
20120036568PROVISIONING DEVICE - There is provided a provisioning device which provides, in advance, setting information necessary for joining in a wireless network to a first field device which is to newly join the wireless network to exchange data with an existing field device that is installed in a plant. The provisioning device includes: a storage unit that stores a white list which contains unique information of the first field device and the setting information such that the unique information and the setting information are correlated with each other; a device information acquiring unit that acquires the unique information from the first field device by wireless communication; an extracting unit that extracts, from the white list, the setting information that is correlated with the acquired unique information; and a setting unit that sends the extracted setting information to the first field device by wireless communication.02-09-2012
20120036566AUTOMATIC CONFIGURATION AND CONTINUATION OF FEDERATION RELATIONSHIPS - Embodiments are directed to establishing the integrity of a portion of data on at least one level of a plurality of network stack levels and automatically continuing an established federation relationship between at least two federation computer systems. In an embodiment, a first federation computer system receives a digital signature corresponding to a computer system signed by a digital signature which includes the computer system's identity and other federation relationship information configured to establish a trusted federation relationship between a first federation computer system and a second federation computer system. The first federation computer system attempts to validate the received digital signature at a first level of a network stack and determines that the validation at the first network stack layer was unsuccessful. The first federation computer system then validates the received digital signature at a second, different level of the network stack.02-09-2012
20100125898USE OF AUTHENTICATION INFORMATION TO MAKE ROUTING DECISIONS - Methods and systems for utilizing authentication attributes to determine how to direct traffic flows are provided. According to one embodiment, a program storage device readable by a network device associated with a service provider is provided. The program storage device tangibly embodies a program of instructions executable by a processor of the network device to perform method steps for authenticating users and establishing appropriate service sessions. An end user from whom a connection request is received is caused to be prompted for login credentials. The received login credentials are then caused to be authenticated by an authentication server. Responsive to successful authentication, a service session is established for the end user and customer separation is maintained among the multiple customers by creating a routing entry, according to which subsequent packets associated with the service session are routed, based on authentication attributes returned by the authentication server.05-20-2010
20100146608Multi-Level Secure Collaborative Computing Environment - In some embodiments, a collaborative computing environment includes a federated identity manager coupled to a multi-level secure computing network and a client having a biometric reading device. The multi-level secure computing network includes multiple data repositories that store information according to a ranked classification system comprising multiple security levels. The federated identity manager has a storage device that is operable store a plurality of identity tokens each associated with a corresponding one of a plurality of users. In operation, the federated identity manager receives, from the biometric reading device, a biometric signature associated with a particular one of the users, initiates a login session with the client according to the received biometric signature associated with the particular user, and restricts access to the information stored in the data repositories according to one or more security levels associated with the particular user as specified by the identity token associated with the particular user.06-10-2010
20100146605METHOD AND SYSTEM FOR PROVIDING SECURE ONLINE AUTHENTICATION - Methods and systems for authenticating website users without exposing passwords or other sensitive information to potential theft are provided. When the user's computer connects to a website server all communications are routed through a secure authentication device. When the authentication device identifies the need for user information to be submitted to the website server, the application retrieves the required information from memory and inserts the information into the appropriate location in the website forms. Since the secure connection to the website server is established in the secure boundary of the authentication device, the information is protected from being obtained by any malware that may reside in the user's computer.06-10-2010
20110185410METHOD FOR PERSONALIZED MEETING AND RELATIONSHIP ESTABLISHING - A method for personal online/offline meeting comprising the steps of an initiator developing a profile/account with a central organization; the central organization providing the initiator with a number of cards on which are printed at least a website designation and a code; the initiator giving a card to at least one recipient; the recipient going to the website designated on the card; the recipient entering the code at the designated website; the recipient being given access to the initiator's profile with the central organization; and the recipient sending the initiator a message through the designated website.07-28-2011
20110202987SERVICE ACCESS CONTROL - An arrangement for providing users with access to services is described. Access requests received from users are monitored by a gateway and, where appropriate, user credentials for a service that is being accessed are inserted by the gateway. The gateway monitors packets of data in order to check user credentials. The gateway is also able to modify packets of data to insert user credentials, if necessary.08-18-2011
20110202983REMOTE FUNCTIONALITY SELECTION - A network interface device providing a set of functions in hardware and being operable in first and second modes: in a first mode, the network interface device being configured to operate with a selected configuration of the set of functions; and in a second mode, the network interface device being operable to select a particular configuration of the set of functions in accordance with configuration instructions received at the network interface device; the network interface device being configured to, on receiving a network message having one or more predetermined characteristics and comprising an authentication key and one or more configuration instructions defining a particular configuration of the set of functions: verify the authentication key; and if the authentication key is successfully verified, select the particular configuration of the set of functions defined in the configuration instructions of the network message.08-18-2011
20100083360PORTABLE AUTHENTICATION DEVICE - In one aspect, a disclosed portable authentication device (PAD) includes a processor, storage media, an interface for enabling communication with an external information handling system (IHS), e.g., a computer or a telephony device, and executable instructions embedded in the storage media, for automated authentication. The embedded instructions include instructions for enabling a user to store authentication information, e.g., use ID and password information, corresponding to an IHS destination, e.g., a telephone number of an interactive voice response system or an IP address of a web server. If the PAD recognizes the current destination, the PAD may respond to an assertion of a keypad control element by making authorization information corresponding to the current destination available to the user or providing the authorization information directly to the current destination. The PAD may include one or more telephony interface(s), e.g., RJ-11 jack(s) and one or more computer interfaces, e.g., USB connector(s).04-01-2010
20100083359TRUSTED DATABASE AUTHENTICATION THROUGH AN UNTRUSTED INTERMEDIARY - A method, system and computer-usable medium are disclosed for validating user credentials submitted to a data source by an untrusted intermediary. An untrusted intermediary attempts to access a data source on behalf of a user. The untrusted intermediary challenges the user to provide credentials of the type and format required to access the data provided by the data source. The user's trust client connects to an authentication service and identification credentials of the required type and format are generated. The identification credentials are conveyed to the user's trust client, which then provides them to the user's client, which in turn conveys them to the untrusted intermediary. The untrusted intermediary then presents the identification credentials to an authentication plug-in of the data source. The authentication plug-in validates the authenticity of the provided credentials with their associated authentication service. Once the credentials are successfully validated, the requested data is provided to the user's client by the untrusted intermediary.04-01-2010
20110173687Methods and Arrangements for an Internet Multimedia Subsystem (IMS) - The present invention relates to provisioning of IMS parameters in an automated fashion. This is according to the present invention achieved by introducing a provisioning server providing an application, to be used on a user terminal, IMS parameters such that the application on the user terminal can utilize IMS services even if the user terminal is non-IMS capable or if the operator of the user has not deployed IMS. The provisioning of the IMS parameters may be triggered by a downloading of said application on the user terminal. Further, the application on the user terminal is configured with an address to the provisioning server in order to be able to send the request to the provisioning server.07-14-2011
20120291111BIOMETRIC AUTHENTICATION SYSTEM AND BIOMETRIC AUTHENTICATION METHOD - A biometric authentication method is executed by a biometric authentication system comprising a server device to store biometric data of a plurality of users in a registering unit; and a client device to retain the biometric data sampled from the user and authenticated by the server device in a retaining unit together with user information. The method comprises verifying the biometric data sampled from the user with the cache biometric data retained in the retaining unit when in authentication; acquiring synthesized information of the cache biometric data of which the verification gets successful and the biometric data sampled from the user; and authenticating the synthesized information by use of the biometric data specified by the user information of the biometric data of which the verification gets successful in plural sets of biometric data registered in the registering unit.11-15-2012
20120291110PRESENTING MESSAGES ASSOCIATED WITH LOCATIONS - A user may express an interest in a set of individuals represented in a set of individual stores (e.g., friends in a social network and colleagues in an academic directory). Such individuals may send to the individual stores messages that are associated with a location, and the user may request, from respective individual stores, a presentation of the locations. According to the techniques presented herein, the messages from the individual stores may be aggregated, and the locations associated with the aggregated messages may be presented in a map, thereby presenting to the user the locations of the messages of the individuals irrespective of from which individual store each message was received. Additionally, the map may present the messages to the user, and upon receiving form the user a reply to a message, may send the message to the individual store from which the message was received.11-15-2012
20100138905Token-Based Client To Server Authentication Of A Secondary Communication Channel By Way Of Primary Authenticated Communication Channels - The disclosure relates to authenticating a secondary communication channel between a client application and a server application when an authenticated primary communication channel has already been established between the client application and a resource application, on which the server application can store a generated authentication token that only privileged users including the client application user can read-access and send back to the server application by way of the secondary communication channel.06-03-2010
20090089868INFORMATION PROCESSING DEVICE AND COMPUTER IMPLEMENTED METHOD FOR INFORMATION PROCESSING DEVICE - An information processing device that causes a router to open a new communication port and permits an active access from a terminal when the terminal connected to an outer network requires is provided. A multi function device (an information processing device) accesses to a POP server and acquires a mail. In a case where the mail from an outer terminal describes an access request, the multi function device transmits to a router a port-open-command that requests the router to open a new communication port. The multi function device transmits to the outer terminal a port identifier of the new communication port that was opened by the router. The outer terminal transmits data to the multi function device with the received port identifier designated therein. The multi function device, triggered by the mail from the outer terminal, can cause the router to open a new communication port that permits an active access from the outer terminal. Therefore, the outer terminal can actively access to the multi function device through the new communication port that has been opened by the multi function device.04-02-2009
20090144815ACCESS TO DOMAIN - The invention relates to a method of allowing access to an authorized domain (06-04-2009
20090100509EMERGENCY NOTIFICATION SYSTEM - The emergency notification system includes a plurality of client devices operatively connected to a server through a communication network for communication of threats. The server administers a monitoring program that permits an administrator to monitor the user client device and communicate with users of the user client device regarding threats. Specifically, alert information and instructions is communicated to a discrete subset of client devices regarding a threat.04-16-2009
20090288154Security System and Method for a Remote Device in a Wireless Wide Area Network - The present invention provides a security system and method for a remote device in a wireless wide area network which particularly provides a remote use authority according to a system unique code and a network identification code. The present invention is characterized in that, when the remote processing device is connected to a network server, a network connecting module and a basic input output module of a remote processing device produce the network identification code and the system unique code, which the network server receives, and after verifying the network identification code and the system unique code, then a use authority is produced and transmitted back to a control module of the remote processing device, thereby controlling authority management when the operating system within a storage module is executing application programs.11-19-2009
20100138904METHOD AND SYSTEM FOR NOTARISING ELECTRONIC TRANSACTIONS - The invention relates to a system comprising: a first computerised system, or emitter, connected to a communication network; a second computerised system, or receiver, connected to said network; and a server connected to said network. Said server operates as a trusted third party for electronic transactions, is adapted in such a way as to offer a custody service and to vouch for the existence and content of an electronic document sent by the emitter, and communicates with a timestamping entity.06-03-2010
20120297468TECHNIQUES FOR ACCESSING A BACKUP SYSTEM - A technique accesses a backup system. The technique involves receiving a logon command to logon a user to a website of the backup system. The backup system includes (i) a backup server and (ii) a web server which hosts the website to enable the user to control settings of the backup server. The technique further involves, sending, in response to receiving the logon command, a token request to the backup server through a pre-established secure data pathway to the backup server. Data is periodically backed up to the backup server through the pre-established secure data pathway. The technique further involves acquiring, in response to sending the token request, a logon token from the backup server through the pre-established secure data pathway. When the website receives the logon token during a logon operation, the website communicates with the backup server to determine whether the logon token is authentic.11-22-2012
20090276838PASS-THROUGH HIJACK AVOIDANCE TECHNIQUE FOR CASCADED AUTHENTICATION - A hijack avoidance technique avoids presenting an access to more than one of a chain of authentication objects, such as a chain of Lightweight Directory Access Protocol (LDAP) authenticators. A pre-filter determines whether an authentication object should be presented with the access by comparing either all or a portion of a domain suffix, an IP address, or other identification other than the user ID with predetermined values. If the filter criterion is met, the associated authentication object accepts or rejects the access. Otherwise, the access is passed to the next authentication object in the chain. The first authentication object may be associated with a hosting entity and successive authentication objects each associated with different customers of the hosting entity. By virtue of the filtering, each authentication object is presented only with a particular subset of all of the possible access identifiers, which avoids presenting all of the previously unauthenticated accesses to each authentication object in the chain.11-05-2009
20090282467METHOD AND SYSTEM FOR CONTROLLING ACCESS TO NETWORKS - A method of providing access to both a first and a second network (11-12-2009
20100275252Software management apparatus and method, and user terminal controlled by the apparatus and management method for the same - A software management apparatus and method are disclosed. A software installation attempt made in one of multiple user terminals connected through a corporate network is detected, and a management operation is performed to permit software installation, to block the use of the user terminal, or to provide a popup notification according to the rights assigned to the user terminal. In addition, unlike existing approaches to prevention of unauthorized software installation that may not handle already installed software, the software management apparatus and method enable the system manager to handle and remove software that is already installed in a user terminal before installation of the apparatus and method. As a result, unauthorized installation of software in corporate computers can be effectively prevented.10-28-2010
20110271333ADMISSION OF A NODE TO THE NETWORK - In at least one implementation a method includes receiving an identifier associated with a device, entering the identifier into a network controller device, inviting the device associated with the identifier to join a network, admitting the device associated with the identifier to the network, sending the device associated with the identifier a name of the network, and confirming that the device has joined the network as a device recognized by the network controller device.11-03-2011
20120297470ACCESS AUTHENTICATION METHOD FOR MULTIPLE DEVICES AND PLATFORMS - An access authentication method for multiple devices and platforms. Upon receipt of a multiple access request, a source device that has initially registered a user account to a subscribed site requests an authentication key for a target device to a server of the subscribed site, the target device receives an access authentication request together with an authentication key from the source device, when the source device receives the authentication key from an account authentication system, the authentication key being generated in response to an authentication key request from the subscribed site server by the account authentication system, the subscribed site server determines whether there is the registered user account and performs access authentication with the account authentication system, upon receipt of the authentication key from the target device, and the target device receives an access authentication completion notification from the subscribed site server, when the access authentication is completed.11-22-2012
20120297469Security Indicator Using Timing to Establish Authenticity - The subject disclosure is directed towards authentic timing indicators, comprising data (e.g., an animation) that are output to a user to convey security-related information to the user, using timing to call attention to the authentic timing indicators. For example, a browser program may select and output a particular authentic timing indicator based upon whether a connection to a site is unsecure, secure, or secure and the site has an extended validation certificate; an email program may use authentic timing indicators to highlight signed versus unsigned messages. The authentic timing indicator appears before the content is allowed to control the content pane, increasing the difficulty of spoofing a site, or email message.11-22-2012
20090119762WLAN Access Integration with Physical Access Control System - A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.05-07-2009
20110209206ACCESS RESTRICTION FOR COMPUTING CONTENT - Access restriction for computing content is provided by operating a computing device with a first profile, recognizing an attempt to log off of the first profile, and requesting a user to supply a log off credential. If the log off credential is not correct, the computing device continues to operate with the first profile, and if the log off credential is correct, the computing device operates without the first profile.08-25-2011
20080216162NETWORK DEVICE MANAGEMENT APPARATUS AND NETWORK DEVICE MANAGEMENT METHOD - A network device management apparatus according to this invention is directed to a network device management apparatus, which is connected to a network and manages a network device connected to the network, acquires status information indicating the status of the network device from the network device, saves the acquired status information in a storage unit, randomly generates an address required to access the storage unit, and notifies a pre-registered destination of the generated address, and provides, when an access is made to the address, the status information saved in the storage unit to an accessing party.09-04-2008
20100287606METHOD AND SYSTEM FOR AUTHENTICATING A USER OF A MOBILE DEVICE - A method and system for authenticating a user of a mobile device is provided. A first message is received from a mobile device, the message including a mobile device identifier identifying said mobile device. An association between the mobile device identifier in the first message and a registered user is confirmed. A second message is generated and transmitted to the mobile device. The second message includes a user identifier identifying the registered user. A request for a service is received, the request including the user identifier.11-11-2010
20100146610NODE AUTHENTICATION AND NODE OPERATION METHODS WITHIN SERVICE AND ACCESS NETWORKS IN NGN ENVIRONMENT - Provided are node authentication and node operation methods within service and access networks for bundle authentication between the service and access networks in a next generation network (NGN). A method of authentication processing of a node (S-CSC-FE/I-CSC-FE (Serving Call Session Control Functional Entity/Interrogating Call Session Control Functional Entity)) within a service network for bundle authentication between service and access networks, the method including: receiving first authentication information about access authentication of a terminal from a first node within the service networks; requesting to receive second authentication information from a second node within the service network based on the first authentication information; and comparing the first authentication information with the second authentication information to authenticate the terminal.06-10-2010
20110209208SECURITY DEVICE PROVISIONING - The provisioning of a security token object to a user is disclosed. The security token object is used for accessing a computing resource through a client computer system. A security token object provisioning request may be received from the client computer system. In response, an authentication request may be transmitted. The user is authenticated against a user identity based upon a set of received identity credentials provided by the user. The extraction of a unique token identifier from the security token object is initiated, and completed without intervention from the user. The unique token identifier received from the client computer system is associated with to the user identity in a data store. By providing the security token object, the user can gain access to the computing resource.08-25-2011
20110209207SYSTEM AND METHOD FOR GENERATING A THREAT ASSESSMENT - A method and system for quantifying a threat associated with a sender of a message. A threat assessment module receives a message from a sender directed toward a recipient. The threat assessment module accesses a behavioral data source to obtain an activity record identifying an activity of the sender. The activity record is analyzed to determine if the content of the activity record contains non-preferred content. A threat assessment quantifier is generated based on the analysis and sent toward the recipient.08-25-2011
20100100949IDENTITY AND POLICY-BASED NETWORK SECURITY AND MANAGEMENT SYSTEM AND METHOD - A system and method for providing security for a network connecting a source and a destination. The system and method provide a security and management system between the source and the destination which is configured to apply rules and policies which are specific to the user to the connection between the source and the destination. The user-specific policies are used to govern.04-22-2010
20080235775SYSTEM AND METHOD FOR CONTROLLING ACCESS TO MULTIPLE PUBLIC NETWORKS AND FOR CONTROLLING ACCESS TO MULTIPLE PRIVATE NETWORKS - A system and method for controlling access to multiple public networks and for controlling access to multiple private networks is provided. Authentication is used with unique public shared secrets and unique private shared secrets to control access to the networks. The invention includes a user device for communicating with at least a public network and/or a private network. The device may be capable of accessing multiple networks through one or more private networks with multiple access control servers. The user device must provide a correct response to each access control server, before access to the network may be granted. The device generates a one-time password, or response, to gain access to a controlled network server. The response generated by the device is matched to a response generated by an access control server that may have generated a challenge that prompted the response. If the two responses match, the device is authenticated and a user of the device is granted access to the network server.09-25-2008
20090265772Secure Key Distribution to Internet Clients - A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network.10-22-2009
20090265774Method and Apparatus for Tracking Functional States of a Web-Site and Reporting Results to Web Developers - A software tool for enabling automated tracking of activity related to the status and usage statistics of a plurality of Web sites on a data packet network is provided. The software tool comprises a network communication capability for establishing network communication between the software tool and the tracked Web sites; a plurality of data-reporting modules for obtaining and reporting data about tracked Web sites; a data input function for excepting data from the reporting modules and from external sources; a data recording function for recording and logging the data received from the reporting modules and from the external sources; and a data management function for organizing and storing the received data and rendering the data accessible for use in software development. A software engineer or developer accesses the site-tracking software and connected database through a Web browser from a network-connected workstation in order to utilize data mined from Web sites for the purpose of creating routines enabling automated navigation and site manipulation by proxy for subscribed users.10-22-2009
20090265773SYSTEM AND METHOD FOR PASSWORD-FREE ACCESS FOR VALIDATED USERS - A new approach is proposed that first validates identity of a user/individual who is initiating a request for a web service for the first time. Once validated, the user is allowed to access the web service, to register securely with the provider of the web service, and to create a series of personalized questions to be used for future validation purposes. During the user's subsequent request for the web service, the user will be asked, in addition to his/her user name, one or more of the personalized questions he/she created on rotation basis in place of a PIN or password.10-22-2009
20080235774Authentication Apparatus and Authentication Method Using Random Pulse Generator - This invention provides an authentication apparatus and an authentication method using a random pulse generator for generating completely random pulses and using a completely random signal as an authentication signal. The authentication apparatus includes: a random pulse generator (hereinafter referred to as the RPG), arranged in a body or a partner side or in both the body and the partner side which generates random pulses; a unit which outputs an authentication signal based on the random pulses generated by the RPG; a unit which stores the authentication signal; a communication unit which transmits/receives an authentication signal; and a control unit which controls the communication of an authentication signal and collate an authentication signal, whereby a complete security can be maintained and safety can be established on the part of the user.09-25-2008
20100146606AUTHENTICATION METHOD AND SYSTEM - An authentication method and system. A computing system generates an authentication table associated with a user. The computing system receives first authentication data and second authentication data differing from the first authentication data. The first authentication data and the second authentication data are placed in the authentication table. The authentication table comprising the first authentication data and the second authentication data is stored in the computing system. The computing system generates an action table. The computing system receives first action data and second action data and places the first action data and the second action data in the action table. The action table comprising the first action data and the second action data is stored in the computing system.06-10-2010
20080289016SYSTEM AND METHOD FOR CONFIGURING A CUSTOMER PREMISES EQUIPMENT IN A SERVICE PROVIDER NETWORK - A system and method for authentication for configuring a customer premises equipment (CPE) in a service provider network. In a multiple dwelling unit (MDU) a customer device (e.g., voice over Internet protocol (VOIP) phone) can be configured with CPE functionality, thereby enabling the customer device CPE to support the provision of service to multiple additional customer devices in a customer premises. A dedicated CPE device is thereby eliminated from the service provider network. The customer device CPE can be designed to support a form of authentication (e.g., Layer 2, Layer 3) that would be sufficient for access by the multiple additional customer devices to various network services.11-20-2008
20120144470USER AUTHENTICATION METHOD USING LOCATION INFORMATION - A user authentication method includes transmitting a number of the mobile communication terminal, a user identifier (ID), and a unique number (PW); at the web server, storing the number of the mobile communication terminal, the user identifier (ID), and the unique number (PW); at a mobile communication terminal registered in the web server, transmitting location information of the mobile communication terminal; at the web server, storing a table in which the location information is mapped together with the number of the mobile communication terminal, the user identifier (ID), and the unique number (PW); and when the web server receives an access request from the mobile communication terminal registered in the web server, at the web server, confirming location information of the mobile communication terminal and comparing the location information of the mobile communication terminal with the table.06-07-2012
20120297471APPROACH FOR SECURELY PROCESSING AN ELECTRONIC DOCUMENT - A method and apparatus for processing an electronic document in a secure manner is provided. A scanner may verify that the configuration state of a file server has not changed since a prior configuration state by issuing a request to a security server. The security server may process the request to determine whether the configuration state of the file server has changed since the file server was registered with the security server. The security server may also verify that the scanner issued a request to store an electronic document using a file server or that the file server received the request. A storage medium of a file server may be protected against unauthorized removal of the storage medium by storing, separate from the storage medium, a password required to access the storage medium, and when the file server is powered on, the password is provided to the storage medium.11-22-2012
20120297467AUTHENTICATION PLATFORM AND RELATED METHOD OF OPERATION - An authentication platform comprises an authentication unit configured to authenticate the user based on received input data, and a control unit configured to enable communication between a client device and an authentication host as a consequence of successful authentication of the user by the authentication unit.11-22-2012
20120297466METHOD, DEVICE, AND SYSTEM TO SHARE INFORMATION BETWEEN MOBILE COMPUTING DEVICES - A mobile computing device comprising a first application adapted to provide information to a server. The information is adapted to be shared by the server with at least one additional mobile computing device when the at least one additional mobile computing device is located within a specified range of the mobile computing device. Additionally, a password entered through a second application located on the additional mobile computing device may be required to correspond to a password received from the mobile computing device in order to share the information. Furthermore, the additional mobile computing device may be required to access the information within a specified time period.11-22-2012
20080289015Resetting of Security Mechanisms - The security mechanism of a product is realized in such a manner that the data, which is assigned thereto, cannot, in contrast to the remaining data of the product, be accessed from outside the product. The resetting is effected by deleting the data following an intervention from inside the product. The data D11-20-2008
20080271128Method and System for Retaining and Protecting Sensitive User-Related Information - A method, device and system for managing and altering a plurality of sensitive information are disclosed. The device comprises a memory for storing the sensitive information, an interface device for enabling communication between the memory and an external device, and a timer for providing a time-based value associated with the storing of each of the sensitive information. The device may communicate with a processor-based system that includes an input device via a wired or wireless communication media. The processor-based system receives selected sensitive information from the device and may provide altered sensitive information to the device.10-30-2008
20100146609METHOD AND SYSTEM OF SECURING ACCOUNTS - A method and system of securing account is provided. When a client computer requests access to an account accessible via a server, the server determinates a mac address associated with the client computer and compares it to a mac address associated with the account. If the mac address of the client computer is not the same as the mac address associated with the account, the server initially denies access to the client computer, but may allow access after verification of the client computer by the user associated with the account.06-10-2010
20090031407Method and system for security check or verification - An security check or verification method includes generating at least one verification code or number for each user at a security check/verification server, sending the generated verification code or number to user's dedicated mobile device though a secured connection, entering the verification code when user login to a web site, sending the verification code or number to the security check server from the web site server, allowing the user access based on the correct user name, password, and the confirmation form the security check server.01-29-2009
20090031406AUTHENTICATION INFORMATION PROCESSING DEVICE, AUTHENTICATION INFORMATION PROCESSING METHOD, STORAGE MEDIUM, AND DATA SIGNAL - An authentication information processing device includes a receiving unit that receives an authentication request containing user identification information and a password from a terminal; an attack determination condition information storage unit that stores attack determination condition information for determining whether or not the received authentication request is made by an attacker; an attack determination unit that determines, by comparing the received authentication request and the attack determination condition information stored in the attack determination condition information storage unit, whether or not the authentication request is made by an attacker; and a transmission unit that transmits, when the attack determination unit determines that the authentication request is made by an attacker, input instruction information asking for input of an authentication request to the requesting terminal.01-29-2009
20090089869TECHNIQUES FOR FRAUD MONITORING AND DETECTION USING APPLICATION FINGERPRINTING - Techniques for fraud monitoring and detection using application fingerprinting. As used herein, an “application fingerprint” is a signature that uniquely identifies data submitted to a software application. In an embodiment, a plurality of historical application fingerprints are stored for data previously submitted to a software application. Each historical application fingerprint is associated with one or more contexts in which its corresponding data was submitted. When new (i.e., additional) data is subsequently submitted to the application, a new application fingerprint is generated based on the new data, and the new application fingerprint is associated with one or more contexts in which the new data was submitted. The new application fingerprint is then compared with one or more historical application fingerprints that share the same, or substantially similar, context(s). Based on this comparison, a risk score is generated indicating a likelihood that the new data was submitted for a fraudulent/malicious purpose.04-02-2009
20090064300APPLICATION NETWORK APPLIANCE WITH BUILT-IN VIRTUAL DIRECTORY INTERFACE - An application network appliance with a built-in virtual directory interface is described herein. According to one embodiment, a network element includes a virtual directory interface (VDI) coupled to multiple directory servers, and an authentication and authorization unit coupled to the VDI. In response to a packet of a network transaction received from a client over a first network for accessing a server of a datacenter over a second network, the authentication and authorization unit obtains user attributes from the directory servers via the VDI and performs authentication and authorization using the user attributes to determine whether a user of the client is eligible to access the server of the datacenter, where the network element operates as a security gateway to the datacenter. Other methods and apparatuses are also described.03-05-2009
20110271335SYSTEM AND METHOD FOR BINDING A SUBSCRIPTION-BASED COMPUTING SYSTEM TO AN INTERNET SERVICE - A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.11-03-2011
20120036567METHODS FOR ESTABLISHING A SECURITY SESSION IN A COMMUNICATIONS SYSTEM - A security gateway and an initiating device perform methods for establishing a security session. The methods includes the security gateway: receiving a first message from an initiating device, the first message including a first message authentication code; validating the first message using the message authentication code; and responsive to the validating, sending a second message to the initiating device, the second message including a timestamp and further including a second message authentication code for authenticating of the timestamp by the initiating device, wherein the first and second messages are used to establish the security session, and the authenticated timestamp is used for subsequent replay protection of messages between the security gateway and the initiating device. The method further includes the security gateway validating a dynamically assigned IP address for the initiating device to use in authorizing VPN traffic between the two devices.02-09-2012
20100154044MULTI-TRANSPORT MODE DEVICES HAVING IMPROVED DATA THROUGHPUT - A method for transmitting data between a client and a server is provided. The method comprising the following steps. The data is segmented into a plurality of data packets, which are scheduled to be transmitted via different ones of a plurality of access points. Each of the plurality of access points is configured to communicate with the client using a different protocol and communicate with the server using a different network path. Each of the plurality of data packets is transmitted between the client and the server via the scheduled access point. A client device and proxy server configured to implement the method are also provided, as is a computer readable medium having stored thereon instructions for implementing the method.06-17-2010
20090183247SYSTEM AND METHOD FOR BIOMETRIC BASED NETWORK SECURITY - Systems and methods of securing access to a network are described. Access to the network is secured using multifactor authentication, biometrics, strong encryption, and a variety of wireless networking standards. Biometrics include fingerprints, facial recognition, retinal scan, voice recognition and biometrics can are used in combination with other authentication factors to create a multi-factor authentication scheme for highly secure network access. Requests that require access to secured network resources may be intercepted and a captive portal page returned to challenge a user. Biometric information returned in response to the portal page is used to authenticate the user and determine access rights to the network.07-16-2009
20090178128NETWORK SYSTEM, DIRECT-ACCESS METHOD, NETWORK HOUSEHOLD ELECTRICAL APPLIANCE, AND PROGRAM - A network system includes a first device, a second device, and a server device capable of registering the first and second devices in correlation and establishing an always-on connection session with the second device. The first device includes a callback request transmission section for transmitting a callback request containing designation information on the first device on a network to the server device. The server device includes a callback request relay section for transmitting the callback request from the first device to the second device through the connection session. The second device includes a direct-access session establishment request section for connecting with the first device through the network based on the designation information in the callback request received from the server device and transmitting a request for establishment of a session for direct access, and a direct-access communication section for communicating with the first device through the session for direct access.07-09-2009
20090138951Dynamic Cache Lookup Based on Dynamic Data - A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup05-28-2009
20090165108METHOD FOR VERIFYING SERVER END APPARATUS - A method for verifying a server end apparatus, suitable for verifying the identity of a server end apparatus from a client end apparatus, is provided. In the present invention, authentication data is sent to the server end apparatus by the client end apparatus, such that the server end apparatus verifies the authentication data. Afterwards, the server end apparatus must return an initial number, which is preset by the user, to the client end apparatus to verify whether the initial number is correct or not. If the initial number is incorrect, the connection with the server end apparatus is shut down. Therefore, the efficiency for verifying the server end identity is strengthened, so as to enhance the security.06-25-2009
20090165107IDENTIFICATION MANAGMENT SYSTEM FOR ELECTRONIC DEVICE AUTHENTICATION - The conventional vertical integration system management form has a problem that a first user cannot receive a service provided by a second user belonging to another service system. To cope with this, a following system is suggested. That is, according to a second judgment server use request from a first electronic device used by a first user, an identification management server which has received a guarantee request outputted from a first judgment server searches for master-slave relationship information based on a common identifier. According to the search result, a guarantee is outputted. According to the guarantee, the first judgment server outputs a guaranteed service request to the second judgment server. Thus, the first user can receive the service used by the second user belonging to other vertical integration type system.06-25-2009
20090165106Network Security Management for Ambiguous User Names - A method of managing network security can include receiving a user input comprising a user name and a password, determining whether the input user name potentially corresponds to a plurality of user accounts, determining whether the password is valid, and determining whether each of the user accounts is locked. The method can include selecting a security response to the user input based upon whether the input user name potentially corresponds to the plurality of user accounts, whether the password is valid, whether each of the user accounts is locked, and outputting the security response.06-25-2009
20090172796DATA PLAN ACTIVATION AND MODIFICATION - A method, implemented by a router device, for guiding a user in establishing access privileges for a data exchanger includes causing the data exchanger to establish a remote link with a data service provider. Access content is obtained from the data service provider and presented to a client device. Access data provided in response to the presenting of the access content is received. The access content when presented by the client device enables a user to supply the access data. The access data is useable by the data service provider to set access privileges associated with the data exchanger that enable the data exchanger to be utilized to perform a desired function. The access data is returned to the data service provider via the remote link. The data exchanger is utilized to implement the desired function.07-02-2009
20120198533METHODS FOR REMOTE MONITORING AND CONTROL OF HOME DEVICES OVER A COMPUTER NETWORK - Methods are provided to access of home devices over the Internet and to control and/or set states of devices over the Internet. One method includes providing, at a server connected to the Internet, code for enabling access to networked devices at a remote location using a networked computing device. The method can enable receiving a status request to view status of one or more of the networked devices. The method can also enable receiving a control request at the server, via the networked computing device, to operate one or more utility controls at a remote location. The utility controls can be used for any of a variety of purposes. The method is operable for any computing device that has access to the Internet, including wireless hand-held networked devices.08-02-2012
20120198531MULTI-DEVICE SESSION PAIRING USING A VISUAL TAG - One or more techniques and/or systems are disclosed for joining two or more devices in a multi-device communication session. A request is received from a first device, such as at a session hosting service on a remote server, to initiate a multi-device communication session, such on the session hosting service. A visual tag is sent to the first device, such as from the session service, where the visual tag comprises device-session pairing information, such as session service identification and session authorization. A multi-device communication session joining request is received from a second device, where the request from the second device comprises the device-session pairing information retrieved from the visual tag displayed by the first device, and captured by the second device.08-02-2012
20090187981FILE DOWNLOADING SERVER AND METHOD - A method for downloading files from a server is provided. The method includes the steps of: receiving a registered account and a password; determining whether the current user is an authorized user of the server; reading a terminal ID of a terminal when the user is an authorized user; displaying files whose download status are to-be-downloaded status when the read terminal ID matches the corresponding terminal ID of the registered account; recording the selected files and delivering the selected files to the corresponding terminal; and updating information in relation to the files that are viewed by the registered account in the file list and updating the download status of the viewed files to the to-be-downloaded status when the read terminal ID does not match the corresponding terminal ID of the registered account, and updating the download status of the files to the downloaded status when the files are downloaded to the terminal.07-23-2009
20090025073CLIENT AUTHENTICATION DEVICE AND METHODS THEREOF - A method of authenticating a data processing device includes receiving a request to authenticate the data processing device. In response, an authentication key is accessed an authenticated at an authentication module. The authentication key is stored at a storage module that is located within the same integrated circuit package as the authentication module, so that the authentication key can be communicated to the module without exposing the key to unauthorized probing. The integrated circuit package also includes a tamper detection module to determine whether a memory of the data processing device has been accessed. In response to determining the memory has been accessed, the tamper detection module instructs the authentication module to not authenticate the data processing device.01-22-2009
20090025071PROCESS AND ARRANGEMENT FOR AUTHENTICATING A USER OF FACILITIES, A SERVICE, A DATABASE OR A DATA NETWORK - A process for authenticating a user to control remote access to a service, data base or data network is provided, in which during an enrolment step, an initial voice sample provided by the user is analyzed to obtain an initial user-specific voice profile and, in a later verification step, a current voice sample of the user is analyzed and compared to the initial voice profile to generate an access control signal. An additional user-dedicated authentication is generated in a pre-enrolment period, and the additional authentication is used to authenticate the user in the enrolment step and/or in an access control step prior to and independent on the enrolment step, in a provisional or supplementary authentication procedure.01-22-2009
20110225638SECURE RANDOMIZED INPUT - A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.09-15-2011
20110225637AUTHENTICATION AND AUTHORIZATION OF USER AND ACCESS TO NETWORK RESOURCES USING OPENID - A method includes receiving by an OpenID network device a user log in; logging in, by the OpenID network device, the user to an OpenID account; receiving, by the OpenID network device and from a third party service provider network device, a request to authenticate the user and a request to receive user data associated with the user; providing, by the OpenID network device, a user interface to an end device to allow the user to confirm his/her sign-in to the third party service provider network device and release of the user data; receiving, by the OpenID network device, a confirmation with regard to the user's sign-in to the third party service provider network device and release of the user data; and sending, by the OpenID network device and to the third party service provider network device, a message indicating that the user is authenticated and the user data.09-15-2011
20110225636Method For Automating Onboarding Application Developers To Sales Distribution Channel - A method for automating an onboarding process for a developer onto a service delivery hub operated by a network operator includes providing the developer with information relating to use of the service delivery hub, receiving data relating to the developer, approving the developer, certifying an application provided by the developer, and configuring the application for use. A method for synchronization with the service delivery hub is also provided.09-15-2011
20090031405AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - A portable terminal possessed by a user of a client personal computer is capable of being connected to a server independently. The server has a function of transmitting identifier-including challenge data to the client personal computer for an authentication process, receiving identifier-including response data from the client personal computer, extracting corresponding challenge data and authenticating the client personal computer based on the extracted challenge data and the received response data. The client personal computer has a function of receiving the identifier-including challenge data from the server and displaying the identifier-including challenge data. The portable terminal has a function of acquiring the identifier-including challenge data received by the client personal computer, generating identifier-including response data from the acquired identifier-including challenge data and transmitting the identifier-including response data to the server.01-29-2009
20110145907E-MAIL BASED USER AUTHENTICATION - E-mail based user authentication is described herein. A user can access resources of a service provider by submitting only an e-mail address to which the user has access. The service provider generates an authentication ticket corresponding to the user's login request, and transmits the authentication ticket to the e-mail service provider indicated by the submitted e-mail address. The e-mail service provider processes the authentication ticket, and enables either approval or denial of the authentication ticket, whether by explicit user action or by automated processing.06-16-2011
20090199281METHOD AND APPARATUS FOR VIRTUAL WI-FI SERVICE WITH AUTHENTICATION AND ACCOUNTING CONTROL - A method of providing virtual Wi-Fi service with accounting and authentication control via a virtual Wi-Fi access network is provided. The method comprises: connecting a subscriber to the virtual Wi-Fi access network, wherein the virtual Wi-Fi access network comprises a plurality of individual Wi-Fi access points in communication with at least one virtual Wi-Fi access server; prompting the subscriber for an account ID and password; performing subscriber authentication at the virtual Wi-Fi access server; where the subscriber has been authenticated, establishing a Wi-Fi session for the subscriber in the virtual Wi-Fi access network and applying an accounting function to the Wi-Fi session; and notifying the virtual Wi-Fi access server when the subscriber exits from the virtual Wi-Fi network.08-06-2009
20090199283WIRELESSLY RECEIVING BROADCAST SIGNALS USING INTELLIGENT CARDS - The present disclosure is directed to a system and method for wirelessly receiving broadcast signals using intelligent cards. In some implementations, a service card includes a physical interface, a communication module, memory, and a service module. The physical interface connects to a port of a mobile host device. The mobile host device includes a Graphical User Interface (GUI). The communication module wirelessly receives broadcast signals encoding content. The memory stores user information used to decrypt the encoded content independent of the mobile host device. The stored information is associated with a content provider. The service module decrypts the encoded content in response to at least an event and presents the content through the GUI of the mobile host device.08-06-2009
20090049533USER AUTHENTICATION METHOD AND APPARATUS - A user authentication method and apparatus, the user authentication method including: performing a user authentication using user information transmitted by a host through a protocol supporting user authentication; generating user authentication information from the transmitted user information if the user authentication is performed successfully; and determining whether a service requested from the host using a protocol that does not support user authentication is permitted by using the generated user authentication information. Thus, the method can be used to selectively provide a service even when a service using a protocol that does not support user authentication is requested.02-19-2009
20090070864Image forming apparatus, image forming method, recording medium, and image forming system - An image forming apparatus receives authentication information about a user who requests a function and determines whether the user needs to be authenticated before executing the requested function. The image forming apparatus then transmits the authentication information to an authentication device that performs authentication of the user, and receives an authentication result from the authentication device indicative of whether the user is authentic. The image forming apparatus executes the function specified in the request only when the authentication result shows that the user is authentic.03-12-2009
20110145906INFORMATION PROCESSING APPARATUS CAPABLE OF OPERATING IN ADMINISTRATOR MODE, CONTROL METHOD THEREOF AND RECORDING MEDIUM - An information processing apparatus includes an executing unit executing information processing, a control unit controlling an operation of the executing unit, a storage unit for storing specific information for executing an administrator mode and a communication unit for communicating with a smart card. When information matching the PIN code stored in the smart card and information matching the information stored in said storage unit are received, the control unit executes the administrator mode.06-16-2011
20110145908System and Method for Data and Request Filtering - Data and data requests of users of applications are filtered using a client-resident agent. A user profile may contain data pertaining to restrictions on content the user is permitted to view or types of requests the user is permitted to make. within one or more applications. Data in the user profile may be used to grant or deny access to applications, filter particular content from the user's view, or filter particular data requests made by the user.06-16-2011
20090064299History-based downgraded network identification - Some embodiments of the invention are directed to increasing security and lowering risk of attack in connecting automatically to networks by enabling client devices to verify the identity of the networks by, for example, confirming the identity of networks and network components such as wireless access points. In some embodiments, a client device may maintain a data store of characteristics of a network—including, for example, characteristics of a wireless access point or other portion of the network and/or characteristics of a connection previously established with the wireless access point and/or network. Stored characteristics may include characteristics other than those minimally necessary to identify a wireless access point and/or wireless network. The stored characteristics may be compared to known good characteristics of a network (including characteristics of a wireless access point or other portion of the wireless network) prior to connection to the network to determine whether the characteristics match.03-05-2009
20120079582AUTHENTICATING AN AUXILIARY DEVICE FROM A PORTABLE ELECTRONIC DEVICE - This document discusses, among other things, a method for authenticating a browser executing on an auxiliary device with a web service executing on a portable electronic device. The method includes receiving a request for a resource from the browser, determining whether the request identifies a protected resource, and selectively authenticating the request based on whether the request identifies a protected resource.03-29-2012
20120079581Method and System Using Universal ID and Biometrics - A universal ID and biometrics systems and methods are disclosed. A method includes receiving an authentication request message originating from a user. The authentication request message includes a first identifier and a second identifier, where the second identifier includes biometric data. The method further includes determining a third identifier based on the first identifier and sending the second and third identifiers to a first server computer to determine if the second and third identifiers have a predetermined correlation. The method further includes receiving confirmation of user authentication if the identification system determines that the second and third identifiers have the predetermined correlation.03-29-2012
20120079580SYSTEM AND METHOD FOR FACILITATING PROTECTION AGAINST RUN-AWAY SUBNET MANAGER INSTANCES IN A MIDDLEWARE MACHINE ENVIRONMENT - A system and method can support a middleware machine environment that includes a set of subnet manager instances, which reside on one or more nodes in the middleware machine environment and cooperate to provide a highly available subnet manager service within a subnet, wherein each said subnet manager instance is associated with a different private secure key. The subnet manager instances can negotiate with each other and elect a master subnet manager responsible for configuring and managing the middleware machine environment using the private secure key associated with the master subnet manager. The subnet can be reconfigured to be associated with a different private secure key, when a new subnet manager instance is elected as the master subnet manager. An old master subnet manager can be automatically prevented from resuming normal operations as the master subnet manager, in order to avoid undesired consequence such as a “split brain” scenario.03-29-2012
20120079578WEB BROWSER PLAYBACK FOR A VIDEO PROVISIONING SYSTEM - A method, performed by a video provisioning system, may include receiving a request for a first digital rights management (DRM) token, associated with a video asset purchased via the video provisioning system, from a browser application associated with a user device and providing the first DRM token to the browser application. The method may further include receiving a license authorization request to issue a DRM license for the video asset, where the license authorization request is received from a license server, where the DRM license is to be used by the user device to decrypt the video asset, and where the license authorization request includes a second DRM token; determining whether the second DRM token matches the first DRM token; and authorizing the license server to issue the DRM license for the video asset, when the second DRM token matches the first DRM token.03-29-2012
20120079577VIDEO BROADCASTING TO MOBILE COMMUNICATION DEVICES - A device receives login information and a content stream request from a user device connected to a wireless access network, and authenticates, via a backend server device, the user device based on the login information. The device also provides, when the user device is authenticated, a content link and a license key to the user device, and the user device provides the content link and the license key to a content delivery device. The device further verifies the license key for the content delivery device, and the content delivery device establishes a secure connection with the user device via the wireless access network, retrieves the requested content stream based on the content link, and provides the content stream to the user device via the secure connection.03-29-2012
20120079576Authentication Method and Apparatus - An identity authentication method is provided. The method comprises obtaining records information of a valid user, where the records information indicates behaviors having been executed by the valid user; mapping, based on an orthogonal behavior model having multiple mutually orthogonal dimensions, records information to the multiple dimensions, wherein behaviors indicated by records information mapped to different dimensions do not overlap therebetween and have no logical cause and effect relationship; sampling records information mapped to different dimensions, respectively, so as to generate an authentication questionnaire including a plurality of authentication questions; computing, responsive to answers of a client to the authentication questionnaire, a total confidence P for the client being a valid user; outputting a positive authentication result, responsive to the total confidence probability P falling into a confidence interval; and outputting a negative authentication result, responsive to the total confidence probability P failing to fall into a confidence interval. The present invention further provides a corresponding identity authentication apparatus.03-29-2012
20120079575System Architecture and Method for Secure Web Browsing Using Public Computers - A secure web browsing method and web browsing security system architecture for a mobile device that has initiated an internet communication session via a local area network (LAN) are provided. The architecture establishes a communication link between the mobile device and a computer having an internet browser capable of internet communication via the LAN. A routine is transmitted from the mobile device to the computer via the communication link. The routine synchronizes page content of the mobile device to the computer's internet browser. The architecture (i) detects user-supplied inputs to the page content on the computer's internet browser, (ii) generates a verification request at the mobile device when at least a portion of the user-supplied inputs are so-detected, and (iii) transmits the user-supplied inputs from the mobile device as an internet communication via the LAN only when the verification request is confirmed by the user at the mobile device. The architecture also processes each new page loaded at the mobile device to perform at least one of removal and obfuscation of selected information associated with the new page in order to generate a modified page that is transmitted to the computer using the communication link. The page content of the computer's internet browser is updated to the modified page using the routine previously transmitted to the computer via the communication link.03-29-2012
20080263648SECURE CONFERENCING OVER IP-BASED NETWORKS - Methods and systems for secure conferencing over an IMS network or other networks include sending request by at least one user to access to an application server. The user is validated using a validation coupon provided by the user equipment followed by identifying and allowing the user equipment to download a valid media client. Conference data is encrypted and transmitted to the user equipment, and processed by the media client. Typically, the encrypted conference data is decrypted by the media client and communicated to a user interface presentation to the user. In some examples, the conference data is validated prior to downloading to the user equipment.10-23-2008
20090100510System and Method for Representing Multiple Security Groups as a Single Data Object - A system and method for representing multiple security groups as a single data object are provided. With the system and method, a complex group object is created that consists of a group set value and a mask value. The complex group object represents a plurality of groups by the group set value. The mask value is used to apply to group identifiers received during an authentication process to generate a value that is compared against the group set value to determine if the group identifiers are part of the complex group. For example, in a first step of authorization processing, the group identifier received in an authorization request is bit-wise AND'd with the mask value for the complex group data object. In a second step, the masked group identifier from the received request is compared to the group set value of the complex group object. Such comparison may take the form of masking the group set value and comparing the masked group set value to the masked group identifier from the received request, for example. If the two values match, then access is granted. If the two values do not match, then access is denied.04-16-2009
20110231915SYSTEMS AND METHODS OF CONTROLLING NETWORK ACCESS - A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.09-22-2011
20110231916SYSTEMS AND METHODS OF CONTROLLING NETWORK ACCESS - A new approach to network security includes manipulating an access point such that an initial communication from an external device is passed to a restricted subset of a computing network including a gatekeeper. The gatekeeper is configured to enforce a security policy against the external device before granting access to a less-restricted subset of the computing network. If requirements of the security policy are satisfied, then the gatekeeper reconfigures the access point such that further communication from the external device may be received by elements of the less-restricted subset. Enforcement of the security policy optionally includes performing a security audit of the external device.09-22-2011
20110231911METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction, inputting information in a workstation, and determining whether the inputted information is known. Moreover, the method includes determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to a workstation when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.09-22-2011
20090205032IDENTIFICATION AND ACCESS CONTROL OF USERS IN A DISCONNECTED MODE ENVIRONMENT - The present invention provides identification and access control for an end user mobile device in a disconnected mode environment, which refers generally to the situation where, in a mobile environment, a mobile device is disconnected from or otherwise unable to connect to a wireless network. The inventive method provides the mobile device with a “long term” token, which is obtained from an identity provider coupled to the network. The token may be valid for a given time period. During that time period, the mobile device can enter a disconnected mode but still obtain a mobile device-aided function (e.g., access to a resource) by presenting for authentication the long term token. Upon a given occurrence (e.g., loss of or theft of the mobile device) the long term token is canceled to restrict unauthorized further use of the mobile device in disconnected mode.08-13-2009
20090205031NETWORK SYSTEM, SERVER DEVICE, UNAUTHORIZED USE DETECTING METHOD, RECORDING MEDIUM, AND PROGRAM - A log-in information receiving unit (08-13-2009
20120144467Network Selection from a Menu - Methods and systems for connecting to a network, such as a wired or wireless network, are provided. A method may include displaying a menu with one or more menu options in response to a user indication. Each menu option may indicate an available network and the status of the available network. Upon receiving a user menu selection indicating a selected available network, an authentication input field may be provided with the corresponding menu option in the displayed menu. The user may enter authentication information in the authentication input field in order to be connected to the selected available network. The corresponding menu option may display further status information upon successful connection to the selected available network.06-07-2012
20090205033BIOMETRIC FINANCIAL TRANSACTION SYSTEM AND METHOD - Tokenless biometric authorization of transaction between a consumer and a merchant uses an identicator and an access device. A consumer registers with the identicator a biometric sample taken from the consumer. The consumer and merchant establish communications via the access device. The merchant proposes a transaction to the consumer via the access device. The access device communicates to the merchant associated with the access device. After the consumer and merchant have agreed on the transaction, the consumer and the identicator use the access device to establish communications. The access device communicates to the identicator the code associated with the access device. The identicator compares biometric sample from the consumer with registered biometric sample. Upon successful identification, the identicator forwards information regarding the consumer to the merchant. These steps accomplish a biometrically authorized electronic financial transaction without the consumer having to present any personalized man-made memory tokens.08-13-2009
20090210935Scanning Apparatus and System for Tracking Computer Hardware - Apparatus and system for tracking computer hardware consisting of a network interface card configured in promiscuous mode capable of passively listening for OSI layer 2 network traffic on a medium for use in the recovery or location of lost or stolen devices. The device of interest, one located, can then be tracked via signal strength. GPS may also be used to track locations where devices of interest have been located.08-20-2009
20090210934Systems and Methods for Secure Handling of Secure Attention Sequences - A method for authenticating, by a trusted component, a user of a desktop appliance to a remote machine includes executing, by a desktop appliance, a user interaction component, responsive to receiving a secure attention sequence from a user. The user interaction component receives authentication credentials associated with the user. The desktop appliance transmits, to a broker service, the received authentication credentials. The broker service authenticates the user, responsive to the received authentication credentials. The broker service transmits, to a remote machine, authentication data associated with the received authentication credentials. The remote machine authenticates the user, responsive to the received authentication data. The remote machine provides, to the desktop appliance, access to a resource requested by the user. In another aspect, a trusted component provides, to a user of a desktop appliance, access to secure desktop functionality provided by a remote machine.08-20-2009
20090222898METHOD FOR SECURE TRANSFER OF MEDICAL DATA TO A MOBILE UNIT/TERMINAL - A method is described for secure transfer of medical data to a mobile unit/terminal, where encoded medical data from a patient's regular doctor are made available via a central server in a network. The method comprises the following steps: to order transfer of encoded information to the mobile unit/terminal, in that a request is sent to the central server; to generate encoded information containing medical data in the central server; to transfer information in encrypted and encoded format from the server to the mobile unit/terminal, after the user has authenticated himself; to store and protect the encoded information in the mobile unit/terminal; to transform the encoded information to a readable format in that the user authenticates himself with a personal code that is sent from the mobile unit/terminal to the server, whereupon the ID is verified in the server, and that encoded information is sent to the server for decoding; and to transfer from the server a picture in clear text to the mobile unit/terminal.09-03-2009
20090249458Systems and methods of network operation and information processing, including user engagement and profiling features - Embodiments of a system and method for network operation and information processing, including user engagement and profiling features are described. A method includes transmitting a request for authorization to use a public-access network from a computer, including, with the request, identifier information regarding the user. Data including additional information, such as a terms and conditions page, a splash page, relevant information based on user-specific information such as user location, and other like information is then transmitted over the network. The data to be transmitted is determined by processing software as a function of the identifier information regarding the user. A network connection is then opened up for the user of the computer.10-01-2009
20090249459SYSTEM AND METHOD FOR RECEIVING REQUESTS FOR TASKS FROM UNREGISTERED DEVICES - Embodiments of a system and method for receiving task requests from unregistered devices are described. Embodiments may include a communication interface service configured to receive from a communication device a message indicative of a request to perform a task. The communication interface service may determine that the communication device is not registered with an existing account that provides information for performing said task. The communication interface service may obtain identification and authentication information for an existing account via a communication channel. The existing account may be an account for that is accessible via a network-based interface. The communication channel through which the identification and authentication information is received by the communication interface service may be any communication channel that does not include the network-based interface of the existing account. Additionally, the communication interface service may use the identification and authentication information for performance of the task using the existing account.10-01-2009
20090235343RESOURCE SERVER PROXY METHOD AND SYSTEM - A resource request method and system. The method includes receiving by resource server software application, session key life data. The resource server software application receives from a requester, an authentication request, a session ID, and an address associated with the requestor. The resource server software application transmits the session ID and a request for groups associated with the request. The resource server software application receives group IDs. The resource server software application generates a session key associated with the requester. The resource server software application calculates a specified lifetime associated with the session key. The resource server software application stores the session key, the session ID, the address, the group IDs, and the specified lifetime. The resource server software application transmits to the requester, the session key.09-17-2009
20090260068Efficient, Peer-to-Peer Captcha-Based Verification and Demand Management for Online Services - A system and method configured that may allow performing a human-computer verification including crediting a verified task from a first user to a second user. In additional embodiments, may allow the user to perform a computer operation that require human-computer verification based upon an amount of credits that the user has been provided.10-15-2009
20090260067Method and system for legitimate lending and sharing of digital copyrighted content items over a data network - The present invention relates to a method of enabling concurrently lending at least one digital copyrighted content item from one user's terminal to a certain number of other users' terminals over a data network, according to a number of copyright users' licenses of each of said at least one digital copyrighted content item, said method comprises: (a) indexing at least one digital copyrighted content item provided from at least one user's terminal over a data network, giving rise to an items index; (b) receiving a request to lend a digital copyrighted content item to user's terminal over said data network; (c) conducting a search for the requested digital copyrighted content item by means of said items index; (d) if said requested digital copyrighted content item is found by means of said items index, checking whether it is available for lending to said user's terminal, according to a number of available copyright users' licenses of said requested digital copyrighted content item; (e) if said requested digital copyrighted content item is available for lending, then enabling lending it to said user's terminal; and (f) upon receiving another request to lend said digital copyrighted content item, repeating steps ‘d’ and ‘e’, and enabling concurrently lending said copyrighted content item to a certain number of users' terminals until said certain number does not exceed said number of available copyright users' licenses of said digital copyrighted content item.10-15-2009
20090241175METHODS AND SYSTEMS FOR USER AUTHENTICATION - The present invention relates to authentication, and in particular, to methods and systems for authenticating a user using electronic readable identifiers, networks, and data terminals. The user experience in accessing private accounts is enhanced while keeping such access secure from unauthorized individuals.09-24-2009
20110145905APPARATUS AND METHOD FOR MANAGING WEB BASED SERVICE ACCOUNT - Provided is a method and apparatus for managing a web based service account. The web based service account management apparatus may select, from among web based service accounts, an account undesired to be exposed to others, and may display an account set with a hiding indication only when a user authenticated through a user authentication process desires to read the account.06-16-2011
20110145904ENTERPRISE BIOMETRIC AUTHENTICATION SYSTEM FOR A WINDOWS BIOMETRIC FRAMEWORK - An enterprise biometric authentication system for use with a network of client computing devices, each client computing device executing Windows® 7 operating system with Windows® Biometric Framework components including a client biometric service and a client engine adapter, comprises a client engine wrapper and a server subsystem further including a server database, a server storage adapter, a server engine adapter, and a server component. The client engine wrapper resides on a client computing device and is operable to intercept requests from the client biometric service to the client engine adapter and to transmit the requests. The server storage adapter may store and retrieve biometric templates from the server database. The server engine adapter may generate and compare biometric templates. The server component may receive the requests from the client engine wrapper, forward the requests to the server engine adapter, and transmit results of the requests to the client engine wrapper.06-16-2011
20080313723AUTHENTICATION METHOD OF INFORMATION TERMINAL - One embodiment of the present invention provides an information terminal that includes: a first receiver for receiving trust information from a trust information provider, the trust information including identification information of a terminal belonging to an authenticatee and showing that the terminal belonging to the authenticatee is authenticated by the trust information provider; a storage device for storing the trust information; a second receiver for receiving an identification tag of the terminal belonging to the authenticatee from a server; and an outputting device for outputting information for performing an identification judgment of the terminal belonging to the authenticatee based on the identification tag of the terminal belonging to the authenticatee and the trust information stored in the storage device.12-18-2008
20090249460SYSTEM FOR MONITORING THE UNAUTHORIZED USE OF A DEVICE - The invention is directed to systems and methods for detecting the loss, theft or unauthorized use of a device and/or altering the functionality of the device in response. In one embodiment, a device monitors its use, its local environment, and/or its operating context to determine that the device is no longer within the control of an authorized user. The device may receive communications or generate an internal signal altering its functionality, such as instructing the device to enter a restricted use mode, a surveillance mode, to provide instructions to return the device and/or to prevent unauthorized use or unauthorized access to data. Additional embodiments also address methods and systems for gathering forensic data regarding an unauthorized user to assist in locating the unauthorized user and/or the device.10-01-2009
20110145902SYSTEM AND METHOD FOR PROVIDING SEAMLESS ON-DEMAND APPLICATION SERVICE USING DPI IN COMMUNICATION NETWORKS - Provided is a system and method of providing a seamless on-demand service using a Deep Packet Inspection (DPI) function. A system for providing an on-demand service may include: a switch to recognize a signature of media, and to convert a resolution of media based on information associated with a resolution of media included in the recognized signature, a terminal resolution of a terminal held by a user, and a user requirement; an authentication management server to perform a terminal authentication or a user authentication; and a policy control server to set a path based on a terminal function, a media characteristic, and the user requirement.06-16-2011
20110145901SYSTEMS AND METHODS FOR AUTHENTICATING A SERVER BY COMBINING IMAGE RECOGNITION WITH CODES - A system and method is provided for authenticating a first device to a second device. This involves providing images to the second device, receiving an indication of selected ones of the images as authenticating images, and identifying an authenticating code associated with the second device. This also involves receiving a transaction request from the second device, the first device providing a display page to the second device, the display page including the authenticating images at locations identified by the authenticating code.06-16-2011
20110145900DELEGATING AUTHENTICATION USING A CHALLENGE/RESPONSE PROTOCOL - A method for delegating authentication using a challenge/response protocol is provided. The method may initiate with a challenge/response sequence between a client application and a server application to authenticate the client application. Then the server application authenticates to a second server application using the credentials associated with the client application by acting as a conduit between the client application and the second server application.06-16-2011
20110145899Single Action Authentication via Mobile Devices - A method for authenticating a user includes receiving a user identification, confirming the user identification, sending a request to the user to perform a single action on a communication device, creating a session to receive the single action from the communication device, receiving an identifier from the communication device, using the identifier to verify that the user has the communication device, and authenticating the user based on the confirmed user information and the verification that the user has the communication device. The identification can include a username and a password or can be a one time password.06-16-2011
20100162374COST EFFECTIVE UPDATING OF MOBILE COMPUTING DEVICES AND COMMUNICATING WITH MOBILE COMPUTING DEVICES - A system and a method for updating mobile computing devices with an update package and for exchanging information on an exclusive channel between the mobile computing device provider and the mobile computing device user. The method comprises publishing a first update package available for the first group, updating the first group, then publishing a second update package available message for the second group and updating the second group. The method also comprises establishing a private channel between the mobile computing device and the mobile computing device provider, and exchanging information on the private channel.06-24-2010
20090260069IMAGE FORMING SYSTEM AND IMAGE FORMING APPARATUS - An image forming system comprising: a server device including user information, for performing a user authentication via a computer network and for receiving and adding up count data on a user basis; and an image forming apparatus including: a storage unit to which a data area for storing therein the count data including a count value of an occurrence of a predetermined event can be allocated; a login processing unit for determining whether or not to permit a user to log in; a count unit for updating, when the predetermined event occurs based on an operation performed by the user permitted to log in, the count data for the user; and a transmission unit for transmitting, when the user logs out, the count data for the user to the server device.10-15-2009
20080307514AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND COMPUTER PROGRAM PRODUCT - A monitoring unit monitors a client terminal used by a user, and when there is a predetermined access operation to a resource from the client terminal, acquires identification information from the client terminal. A verifying unit verifies whether the identification information matches stored identification information. When it is verified that the identification information matches the stored identification information, a referring unit refers to an access management system to check an entry status of the user to a facility. A determining unit determines whether to allow the access operation based on a check result from the referring unit.12-11-2008
20080307515System and Method For Dynamic Multifactor Authentication - A method of authenticating a user. The method comprises the step of sending an authentication request to a remote authentication device and generating a first piece of authentication information. A mobile device receives the first piece of authentication information from either an access terminal or the remote authentication device. The mobile device of the user generating a second piece of authentication information which is at least partially based on the received first piece of authentication information. The second piece of authentication information is sent to the remote authentication devices and the second piece of authentication information validated. If the second piece of authentication information is successfully validated an authentication signal is generated.12-11-2008
20090083841Apparatus and method for performing hosted and secure identity authentication using biometric voice verification over a digital network medium - Apparatus, methods, and machine-readable articles of manufacture enable a means of performing vocal tract based authentication and vocal tract based enrollment via the Internet or similar computing network as a communication medium. A protocol and process is outlined which enables Internet or similar network based authentication among three parties; a party wishing to prove a claimed identity, a party requesting to authenticate the claimed identity, and a party performing the authentication or enrollment process. Further, the party requesting authentication is a separate entity from the party performing authentication or enrollment. In such an arrangement, the party performing the authentication or enrollment is termed “hosted” or “software as a service”. The protocol and process is suitable for execution by distinct software components installed and running on computers located at the location of each of the three parties.03-26-2009
20100162375MULTIMEDIA AGGREGATION IN AN ONLINE SOCIAL NETWORK - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages.06-24-2010
20100263032Web to IMS Registration and Authentication for an Unmanaged IP Client Device - Systems and methods are for registering and authenticating an unmanaged IP device to an IP multimedia subsystem (IMS). An exemplary method includes implementing a system from which an unmanaged IP device retrieves IMS credentials needed to register and authenticate to the IMS. The system is remote to the unmanaged IP device and is accessible to the unmanaged IP device through an IP access network. The method further includes permitting the unmanaged IP device to register and authenticate to the IMS with the IMS credentials received from the system.10-14-2010
20100192210METHOD AND SYSTEM FOR VERIFYING ENTITLEMENT TO ACCESS CONTENT BY URL VALIDATION - Aspects include a mechanism of entitling users to transacted-for digital content access, indicating download authorization with discrete authentication URLs, and validating download attempts using each such URL. The authentication mechanism comprises producing an encrypted string included in a URL provided to a user. The encrypted string comprises transaction identifier information, and information about the transacted-for entitlement. When a user wishes to exercise the transacted-for entitlement, the user activates the URL, which is resolved to a location that has/can obtain access to the key(s) used in producing the encrypted string, decrypt the string, and use the information in it to validate the URL and the entitlement. The validation can use data retrieved from a database, using the transaction identifier as a key. The entitlement information included in the now-decrypted string can be compared with the prior download information. A byte range of requested by a browser using the URL can be used in validation, as well as how a particular authorization/validation should count for entitlement fulfillment.07-29-2010
20100186074Authentication Using Graphical Passwords - An authenticator may include graphical passwords. An authenticator may include a password image, which may include one or more clickable areas, and/or a key image, which may include click point data. An authenticator may include a mobile computing resource, a terminal computing resource and/or a challenger, which may be configured to communicate with each other. A mobile computing resource may be configured to receive and/or display a key image, such that click point data may be presented, determined, and/or input to a password image. A challenger may be configured to compare input click point data and a key image.07-22-2010
20100186073Multi-media remote data access terminals and system - In a public internet access terminal, the combination comprising an access station, and computer apparatus at the station and including a user keyboard and data display means, and a user credit card reader at the station, and the computer apparatus including circuit means operatively connected to the card reader to be responsive to reading of user credit card data to enable user access to the internet via the computer apparatus at the access station.07-22-2010
20100263035METHOD AND SYSTEM FOR PROVIDING SECURE ACCESS TO PRIVATE NETWORKS - Improved approaches for providing secure access to resources maintained on private networks are disclosed. The secure access can be provided through a public network using a standard network browser. Multiple remote users are able to gain restricted and controlled access to at least portions of a private network through a common access point. The solution provided by the invention is not only easily set up and managed, but also able to support many remote users in a cost-effective manner.10-14-2010
20100263033METHOD FOR AUTHENTICATING A USER ACCESSING A REMOTE SERVER FROM A COMPUTER - The invention relates to a method for authenticating a user accessing a remote server from a computer. The method comprises connecting to the remote server from the computer; logging into the remote server using a user-specific identifier; authenticating the remote server in the computer; sending an unpredictable message from the remote server to the computer; establishing communication between the remote server and a terminal belonging to the user; authenticating the remote server in the terminal; authenticating the terminal in the remote server; inviting the user to enter the unpredictable message in the terminal; using the terminal to send the message entered by the user in the terminal to the remote server; and if the message entered by the user in the terminal matches the unpredictable message, authenticating the user in the remote server.10-14-2010
20100263031COMMUNICATION DEVICE AND COMMUNICATION SYSTEM - A communication device enabling a user to perform authentication by simple action with the use of physical information and to perform communication via user's body. An authentication device (10-14-2010
20110107408METHOD AND DEVICE FOR SECURING DATA TRANSFERS - The method for securing data transfers comprises: A transmission of a document from a document sender to a least one document recipient, by implementing at least one step of processing of said document, by implementing at least one step of processing of said document, for at least one said step of processing of the document, a step of measuring a probative value of said processing step, a step of aggregating the probative values of the steps of processing of said transmission to provide a measure of the overall probative value of said document transmission, and a step of association of said overall probative value with said transmission of said document.05-05-2011
20100192209PASSIVE SECURITY ENFORCEMENT - Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels.07-29-2010
20100192213SYSTEM AND METHOD FOR DYNAMIC BANDWIDTH PROVISIONING - Embodiments disclosed herein provide a control device and a method executing thereon for allocating network bandwidth to users accessing a controlled network. In response to a user connecting to the control device using a user device, the control device obtains a user bandwidth allocation profile for that user based on user credentials. The user bandwidth allocation profile may be stored local or remote to the control device. A provisioning module running on the control device can map attributes in the user bandwidth allocation profile to a traffic control rule and associate the traffic control rule with the user based on the user credentials and considering information identifying the user device used by the user to connect to the control device. A traffic conditioning module running on the control device can regulate the network bandwidth usage by the user utilizing the traffic control rule associated with the user.07-29-2010
20100192212Automated device provisioning and activation - Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a communications device stores a set of device credentials for activating the communications device for a service on a network; and sends an access request to the network, the access request including the set of device credentials.07-29-2010
20100192211Revocable Object Access - Techniques are described to provide revocable object access. In an implementation, a user may provide content and an object (e.g., a picture) to be published with the content. The object is uploaded to a storage location, and a uniform resource locator (URL) that includes a token is generated for the object. The token is registered in an access control list (ACL), and token permission settings in the ACL are utilized to control access to the object. The URL may be embedded in the content. When a viewer requests the content, the object may be retrieved from the storage location using the URL. The user may revoke access to the object by changing the token permission settings in the ACL.07-29-2010
20100186075METHOD AND SYSTEM FOR ACCESSING DEVICES IN A SECURE MANNER - The present disclosure is concerned with a secure and trustable way of accessing devices in an embedded device environment with no network connectivity to outside service. This type of access to access-critical embedded devices by a user or service technician is controlled by way of a mobile memory or access-ticket storage i.e., such as a physical token. The token can, for example, be a smartcard or USB stick with appropriate memory for storing a user credential(s) or user identification such as a password or fingerprint. In an exemplary embodiment, a user can acquire an electronic access ticket with a suitable expiration period from a centralized ticket or access authorization server before travelling to the access-critical device, or to a location communicatively connected to the latter. The access ticket can contain access rights of the user with respect to one or several access-critical devices, and can be stored on the mobile memory. The access rights can be evaluated by the access-critical devices upon authentication of the identity of the user, based on the user credential(s), by an authenticating device to which the mobile memory can be coupled.07-22-2010
20100218244GENERALIZED METHOD FOR AUTHENTICATING SUBSCRIBERS OF A SERVICE VIA A GRAPHICAL USER INTERFACE OR TELEPHONE USING THE SAME USER NAME AND PASSWORD - A method and system for authenticating a subscriber of a user using a graphical user interface or telephone using the same user name and password is provided. As a result, subscribers need to memorize only one user name and/or password, saving precious time and energy to the subscriber because of the low risk of forgetting the user name and/or password. In addition, with the advent of cross-category products such as web phones (Web user interface integrated in a telephone) and soft phone (software on a personal computer reproducing the function of a telephone), it can become confusing for subscribers to remember which passwords and user name to use for which device. Having one password and one user name to remember makes the situation simpler.08-26-2010
20120198532User Authentication for Social Networks - Systems and methods are provided for social networks that can verify that enrolled users are not misrepresenting facts about themselves such as age and gender. Verification can be performed, for example, by reference to biometric templates stored during the user enrollment process. The biometric templates can also be used to authenticate users logging into the social network to prevent user impersonation. The ability of some users to communicate to other users of the social network can be limited to only certified users, and even to those certified users that match a criterion, such as gender or age.08-02-2012
20100186072Distributed secure telework - The invention provides a method and system for providing distributed secure telework by a plurality of teleworkers. The method includes using non-biometric information to authenticate the plurality of teleworkers, establishing a virtual private network for displaying non-privileged data, providing biometric recognition for displaying privileged data to one or more of a plurality of teleworkers, providing real-time identity validation for the plurality of teleworkers, and facilitating interaction and providing telework capability between an information source and the one or more of the plurality of teleworkers.07-22-2010
20090077644APPARATUS AND METHOD FOR INTEGRATING AUTHENTICATION PROTOCOLS IN THE ESTABLISHMENT OF CONNECTIONS BETWEEN COMPUTING DEVICES - An apparatus and method for integrating authentication protocols in the establishment of connections between a controlled-access first computing device and at least one second computing device. In one embodiment, network access user authentication data needed to access the at least one second computing device is transmitted to an authentication server automatically if the user has access to use the first computing device, thereby not requiring the user to manually enter the authentication data needed for such access at the first computing device. The network access user authentication data may be, for example, retrieved from a memory store of the first computing device and/or generated in accordance with an authentication data generating algorithm.03-19-2009
20100146607System and Method for Managing Multiple Sub Accounts Within A Subcriber Main Account In A Data Distribution System - A computer readable storage medium is disclosed having a computer program stored therein, which in a particular embodiment, the computer program includes but is not limited to machine readable instructions that when executed by a computer manage a plurality of sub accounts under a main account in a data distribution system, the computer program including but not limited to instructions to assign the plurality of sub accounts under the main account in a main account data structure at a server in the data distribution system; instructions to assign a plurality of end user devices to each one of the plurality of sub accounts; and instructions to receive end user device attribute data from at least one of the end user devices to the main account data structure after the attribute data is created at the at least one end user device.06-10-2010
20100154043User Impersonation and Authentication - Methods, systems, and computer program products for modifying a resource by an authenticated user impersonating another user. In one embodiment of the invention, a lock may be acquired on the resource to be modified, storing the identity of the authenticated user and the identity of the impersonated user inside the lock object, and generating a message indicating that the lock was acquired successfully by the authenticated user impersonating another user.06-17-2010
20100154042DESIGN OF VIRTUAL MACHINE - The present invention is directed to various systems and/or methods relating to a software platform that provides for authentication of a requestor. Preferably, this authentication happens before there is an opportunity for any resource intensive request to harm operation of the system. Preferably, a reliability level is based on authentication so that the amount and/or type of resource access is controlled based, at least in part, on the authentication information. Preferably, heap usage is controlled by this reliability level. Preferably, the software platform is a virtual machine, preferably the Java Virtual Machine.06-17-2010
20100229230SYSTEM AND METHOD FOR SECURING COMPUTER SYSTEM AGAINST UNAUTHORIZED ACCESS - The present invention described secures a computer account against unauthorized access caused as a result of identity-theft, and insider-espionage using artificial intelligence and behavioral modeling methods. The present invention has the ability to detect intruders or impersonators by observing “suspicious” activity under a computer account. When it sees such suspicious behavior, it uses artificial intelligence to authenticate the suspect by interrogation. The present invention asks the suspect questions that only the legitimate computer account owner can verify correctly. If the suspect fails the interrogation, that proves that he/she is an impersonator and therefore further access to the computer account is denied immediately. On the other hand if the suspect passes, access to the computer account is restored. The present invention uses a Programmable Artificial Intelligence Engine (PAIE) to interact with computer users in human natural language. The PAIE can also be programmed to suit other applications where natural language interaction with humans is helpful.09-09-2010
20100229229METHOD, SYSTEM AND APPARATUS FOR INDIRECT ACCESS BY COMMUNICATION DEVICE - A system that allows indirect access of a network by TE, comprising TE device information; a personal network (PN) server; a master UE of a personal network; a TE of a personal network; and a UE B connected to a WAN which forwards data to and from TEs. Using the master UE the user sets configuration details which is the TE device information and stored at the PN Server. The TE device information contains data which is used to allow and control access of TE to the network, when the TE uses other UEs to access the network. When the TE tries to access the network through another UE B, the PN Server uses the TE device information to authenticate and control access of TE. UE B acts as a forwarding device in this sequence between TE and the PN server.09-09-2010
20100212001SYSTEM AND METHOD FOR USER LOGIN TO A MULTIMEDIA SYSTEM USING A REMOTE CONTROL - Embodiments include systems and methods for user login to a multimedia system. In one embodiment, a method of logging in one or more user profiles on a multimedia system includes associating one or more actuation sequences of one or more buttons on a remote control device each with a user profile, each user profile having one or more characteristics for outputting multimedia content, the characteristics affecting multimedia content provided by a multimedia system to personalize the user's multimedia experience, communicating a first signal corresponding to one of the one or more actuation sequences from the remote control device to a multimedia system to identify a first user profile for login, logging in the first user profile as an active user profile on the multimedia system based on the first signal, and controlling multimedia content provided to an output system of the multimedia system based on the active user profile.08-19-2010
20100235897PASSWORD MANAGEMENT - A method for recording a password for providing access to secure resources in a computer network, including a user establishing a session via the computer network in which the user is in communication with a password authority via the session; the user identifying themselves to the password authority via the session and requesting a password via the session; the password authority sending a code to the user otherwise than via the session; the user receiving the code and providing the code to the password authority via the session; the user providing a proposed password value to the password authority via the session; the password authority receiving and checking the validity of the code provided by the user and, if the code entered is valid, recording the proposed password value entered by user; in which the code is only valid if provided via the session via which the password is requested.09-16-2010
20100235896Instrument access control system - A system for centrally managing a set of network-connected laboratory instruments is disclosed. For example, the system includes a centralized database that includes information about the instruments in the system and about the authorized users of the system. In particular, the centralized database indicates which users are authorized to use each of the instruments in the system. The database may also include information about the operations that each user is authorized to perform using the instruments and information indicating whether tests performed by each instrument must be signed using one or more electronic signatures. The system may recognize a number of “roles,” each of which is associated with a particular set of rights, and may assign one or more roles to each user. Instruments and other elements of the system may access the centralized database over a network to enforce the user rights represented by the information in the database.09-16-2010
20100218243METHODS AND SYSTEMS FOR SECURE GATE FILE DEPLOYMENT ASSOCIATED WITH PROVISIONING - A software provisioning server can be configured to communicate with a certificate authority to evaluate security credential requests received from one or more target machines prior to a software installation. The certificate authority can issue certificates to the one or more target machines and notify an administrator and the software provisioning server of the issued certificates. The software provisioning server can manage the software installation to the one or more target machines based on the issued certificates and other specifications.08-26-2010
20100242103Identifying Hand-Over Targets - In general, a method performed on a portable access terminal operating in an active mode includes detecting a presence of a personal base station. An encoded identification message transmitted from the personal base station is received, and the encoded identification message includes a unique identifier associated with the personal base station. The encoded identification message is decoded to extract the unique identifier, and the unique identifier is transmitted to a source network entity.09-23-2010
20100242102Biometric credential verification framework - Use of a biometric identification device in a client computer system to subsequently access an authentication system includes receiving biometric sample data which is digitally signed and combining the data with a user ID and PIN. This package of data is then securely transmitted to a biometric matching server to validate the user and the biometric sample. Once validated, the biometric matching server return the data package plus a temporary certificate and a public/private key pair to the client computer. The client computer may then use this information to access an authentication system to subsequently gain access to a secure resource.09-23-2010
20100251351 INFORMATION AND COMMUNICATION SYSTEM, AN ORGANIZATION APPARATUS AND A USER APPARATUS - An information and communication system or the like which handles an attribute, at the same time enables the attribute not being made a public information, is efficient, and does not require a database should be provided.09-30-2010
20100251348GENERATION OF SELF-CERTIFIED IDENTITY FOR EFFICIENT ACCESS CONTROL LIST MANAGEMENT - In a first embodiment of the present invention, a method for registering a new device to a control point in a home network is provided, the method comprising: generating a first self-certified identification at the control point, the generation using a pseudo-random generated number and using an identification of the control point; and sending a secure message to the new device containing the first self-certified identification.09-30-2010
20090106826METHOD AND SYSTEM FOR USER AUTHENTICATION USING EVENT TRIGGERED AUTHORIZATION EVENTS - According to one aspect of the invention, authorization events trigger authentication requests for a user during the course of a computer session. In one example an authorization event trigger occurs as a user navigates through a web interface. In one embodiment, a user authenticates him or herself to enter a secure site. During the course of navigation through the secure site, authentication events are triggered. Authorization events occur when, for example, the user wishes to perform some action associated with the secure site or provide comment on information obtained from the secure site or obtain information from the secure site. The act of submitting or taking some action comprises a triggering event. In response to a triggered authorization request, a system related to the secure site (or the same system) generates authentication information, in one example, as a one-time password (OTP) that is transmitted to the user. The hardware/software necessary to accomplish the generation of a secure OTP resides with the provider hosting the secure site, although one should appreciate that the OTP generation may be delegated to another site or received as a service from a third party. In one embodiment, the user receives the OTP in the form a page to a pager. With respect to the medical field, a physician may be required to maintain a pager and liability can result from its loss or absence. In one example, such a requirement can be leveraged to provide additional layers of security where patient data is accessible over networks, and in one example over the Internet. Authorization event triggers are also used in conjunction with a system that does not require an authenticated user before reaching the authorization event triggers. Such environments can include a medical services/treatment environment, a financial services environment, and an information brokerage service environment.04-23-2009
20100235898INFORMATION PROCESSING SYSTEM AND PROCESSING METHOD THEREOF - When a plurality of information processing apparatuses having an authentication function executes a cooperative job, user authentication information is transmitted from a cooperative information source processing apparatus to a destination cooperative information processing apparatus that executes the cooperative job. It is determined whether or not a user account with authentication information that is the same as the transmitted authentication information exists in the destination cooperative information processing apparatus. The determined result is then notified to the cooperative information source processing apparatus. In this case, when the cooperative information source processing apparatus is notified that a user account with the same authentication information does not exist, the cooperative information source processing apparatus creates a user account based on the authentication information. Authentication is performed using the created user account, and the cooperative job is executed by the cooperative information source processing apparatus and the destination cooperative information processing apparatus.09-16-2010
20100235895CAPTIVE NETWORK NEGOTIATION INTERFACE AND AUTOMATION - A method and apparatus of to negotiate access with a captive network is described. In an exemplary method, a mobile client detects, with a network interface, a network. The mobile client associates with the network, where associating allows the mobile client to communicate with the network. In addition, the mobile client probes the network by requesting a web page, where the web page is independent of the network. In response to the web page request, the mobile client receives a capture web page. The mobile client determines the type of authentication used for the network based on the received capture web page.09-16-2010
20100235894Accessing Materials Via Voice and a Menu - A computer implemented method for accessing materials for a meeting may include receiving a call from a meeting participant by a system, wherein the meeting participant calls a prearranged teleconference number to participate in the meeting. The method may also include validating participation of the meeting participant in the meeting by the system. The method may further include providing access to an appropriate set of materials to the meeting participant based on a predetermined attribute associated with the meeting participant.09-16-2010
20100212002CONSTRAINING A LOGIN TO A SUBSET OF ACCESS RIGHTS - This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.08-19-2010
20100251350DISTRIBUTED CONTROL METHOD AND APPARATUS USING URL - Provided is a distributed control method of data by a client connected to a first server and a network and a distributed control apparatus. The distributed control method includes: registering at least one piece of characteristic information of the client in the first server; generating a uniform resource locator (URL) address in a URL format based on the registered at least one piece of characteristic information; and acquiring data stored on the second server, wherein the acquired data is mirrored from data stored on the first server by using the generated URL address.09-30-2010
20100251349Mobile ESN for XM Radio Receivers - A system and method for enabling authorized satellite radio access allows users with multiple vehicles to move their radio subscription from one authorized vehicle to another without having to hold two separate subscriptions. In an embodiment of the invention, an XM receiver includes a portable media input, and the XM receiver is programmed to read for the presence of a USB device, SD card, or other peripheral media device containing an authorization code linked to the electronic serial numbers (ESNs) of the XM receivers in the user's vehicles. In addition to having an authorized and subscribed ESN, the XM receiver in each vehicle requires the presence of the portable media device for the receiver to play XM content. The portable media device can also be used to transfer the subscription to a home stereo system, computer, or aftermarket device to allow.09-30-2010
20100071043UNINTERRUPTED VIRTUAL PRIVATE NETWORK (VPN) CONNECTION SERVICE WITH DYNAMIC POLICY ENFORCEMENT - Techniques for uninterrupted virtual private network (VPN) connection service with dynamic policy enforcement are provided. An existing VPN session between a VPN client and a VPN server detects a change in a VPN network being used for the existing VPN session. New credentials and new policies are received by the VPN client. The new credentials are automatically used to re-authenticate the VPN client to the change during the existing VPN session, and the new policies are dynamically used to enforce the new policies during the existing VPN session on the VPN client.03-18-2010
20090328172SESSIONLESS REDIRECTION IN TERMINAL SERVICES - Embodiments described herein are directed to establishing a terminal services (TS) session between a TS server and the client without creating a temporary session. In one embodiment, a computer system receives a user request indicating that a TS session with a first TS server is to be initiated. The request includes an indication that the user is authenticated and authorized to use the first TS server. The computer system searches for any prior TS sessions previously initiated by the user with other TS servers and determines, based on the search, that at least one prior TS session was initiated with a second TS server. The computer system also sends redirection data to the user indicating that the user request is to be redirected to the second TS server to reestablish the prior TS session with the second TS server.12-31-2009
20090328171Method and system for secure remote storage of electronic media - Secure remote storage of electronic media. A virtual safe application resides on a server and provides for encrypted storage, display, and access to critical electronic media. The virtual safe communicates with trusted entities, which can automatically populate the virtual safe with pre-selected types of files into pre-selected locations. A user can access the virtual safe over a network to customize the display, manage files, upload files, and/or share files. Sharing a file grants selected access rights to a selected file by another authorized user. The shared file is displayed on the interface associated with the other authorized user, allowing the other user to view the file and to perform functionality consistent with the access rights. The sharing capability facilitates communication for use in streamlining business and/or personal matters. The virtual safe thus provides access to documents anytime, anywhere, while ensuring security, facilitating communication, and eliminating manual steps.12-31-2009
20090328169Apparatus and method for convenient and secure access to websites - A website access application accesses an encrypted central repository on a user's computer to store and access a variety of user-based website login and authentication information in the repository. The central repository provides a single point of access for the authentication information and, by accessing the repository; the process of user identification and authentication for multiple websites can be automated. A single user-selected keystroke combination can be utilized to initiate user sessions with multiple disparate secure websites by accessing the user website login information contained in the central repository and extracting the user login and authentication information contained therein. Additionally, the website access application will track and report on the times savings associated with the streamlined login process for accessing secure websites. In yet another preferred embodiment of the present invention, the website access application will analyze the user authentication information for various websites and provide suggestions to enhance the relative strength of the authentication information. Finally, the website access application supports a wide variety of user authentication protocols, thereby ensuring secure access to the repository.12-31-2009
20110067094Methods and Systems for Authentication - Disclosed are systems and methods of authenticating a user on a network, including, based on identity information received from the user, accessing at least one data source to retrieve data associated with the user, comparing the retrieved data against a listing of possible questions associated with the retrieved data to determine associations between the retrieved data and the listing of possible questions, based on a ranking of the listing of possible questions, formulating at least one question set using questions within the listing of possible questions for which retrieved data is available, where each of the at least one question set includes at least two different questions, causing at least some of the questions from the at least one question set to be presented to the user, and, based on responses to the questions from the user, determining whether the user is authenticated.03-17-2011
20090183245Limited Functionality Mode for Secure, Remote, Decoupled Computer Ownership - In one embodiment, a computer system comprises one or more components and a secure computing environment coupled to the components. The secure computing environment is configured to program at least one of the components to enter a limited functionality mode responsive to expiration of a use right to the computer system, wherein operation of the computer system in the limited functionality mode is reduced compared to operation when the use right has not expired. The secure computing environment is configured to monitor the components in the limited functionality mode to detect that a limited functionality mode configuration has been modified by an unauthorized entity and to cause the computer system to enter a second mode in which operation of the computer system is reduced compared to operation in the limited functionality mode in response. In another embodiment, the secure computing environment detects a non-temporal event that indicates a violation of an owner-imposed restriction and enters a limited functionality mode.07-16-2009
20100287605METHOD AND APPARATUS OF PROVIDING PERSONALIZED VIRTUAL ENVIRONMENT - An approach is provided for providing a personalized virtual environment for a visitor of a service community. A comparison is made of identification information of the visitor with contact entries of a plurality of registered users of a service community. Additionally, an identification is made of content of one or more of the plurality of registered users having a contact entry that matches the identification information of the visitor to provide a personalized virtual environment of the visitor in the service community.11-11-2010
20090320113HOME NETWORKING WEB-BASED SERVICE PORTAL - A web-based service portal provides a user interface to configure and/or access device(s) of a home network. The service portal can communicate with device(s) through application program interfaces (APIs). The service portal can provide a standardized user interface for specific feature(s) of a device.12-24-2009
20120246708PREVENTING INADVERTENT LOCK-OUT DURING PASSWORD ENTRY DIALOG - One embodiment provides a computer-implemented method for providing controlled access to electronic content. A password is associated with electronic content, such as by password-protecting an electronic file that contains the electronic content. At least one password attempt is received in an effort to access the electronic content. Each password attempt is compared to the password at a selected subset of “trap” character positions. Up to a threshold number of password entries is allowed that have incorrect characters at any of the trap character positions. A greater number or even an unlimited number of incorrect password entries are allowed having incorrect characters at non-trap character positions. Access to the electronic content is allowed only if one of the password entries exactly matches the password.09-27-2012
20120246707METHOD FOR INDICATING ABNORMAL DATA-INPUTTING BEHAVIOR - A method for indicating abnormal data-inputting behavior includes inducting and connecting an identification end with a control system. The control system receives a procedure selecting command to allow input of registration data or a log-in data. The control system generates identification information based on the registration data when the procedure selecting command is the input of registration data. The identification information is stored in the identification end and includes the registration data, a template of keystroke, and an identification code. The control system generates a keystroke dynamic based on the long-in data when the procedure selecting command is the input of log-in data. The control system compares the keystroke dynamic of the log-in data with the template of keystroke of the identification information. The control system sends out a warning message when the keystroke dynamic of the log-in data does not match the template of keystroke of the identification information.09-27-2012
20090113533Method and System for a Single-Sign-On Operation Providing Grid Access and Network Access - A user device initiates a network access authentication operation via a network access device with a network access authentication server, e.g., a Remote Authentication Dial-In User Service (RADIUS) server, which also generates an X.509 proxy certificate and includes the proxy certificate with the information, such as a set of network access parameters, that is returned to the user device in response to a successful completion of the network access authentication operation. The user device extracts and stores the proxy certificate. The network access parameters are used by the user device to communicate via the network access device on a network, which supports a grid. When the user device accesses a resource in the grid, the proxy certificate is already available, thereby obviating the need to generate a new proxy certificate and allowing a user of the user device to experience an integrated single-sign-on for network access and grid access.04-30-2009
20100223663AUTHENTICATING SERVER DEVICE, TERMINAL DEVICE, AUTHENTICATING SYSTEM AND AUTHENTICATING METHOD - It is an object to identify, for example, a subject who generates a certain event in addition to certifying a time and/or a location of the event. A terminal device 09-02-2010
20090138950TWO-FACTOR ANTI-PHISHING AUTHENTICATION SYSTEMS AND METHODS - A computerized method of providing access to a secure resource includes, to each of a plurality of authorized users, providing a link to the secure resource. Each link includes a unique password embedded therein and each unique password relates to a particular user identification (userID) and personal identification number (PIN). The method also includes receiving a request to access the resource using a link having a password embedded therein, which request originates at a web browser. The method further includes directing the browser to a login screen and receiving via the login screen a userID and PIN. The method also includes determining whether the userID and PIN relate to one another and to the password and allowing or denying access to the resource in accordance with the determination.05-28-2009
20120144473PAIRING OF WIRELESS DEVICES USING A WIRED MEDIUM - Techniques that facilitate pairing of wireless devices with other wireless devices are disclosed. According to one aspect, a pair of wireless devices can be paired for wireless data exchange using an available wired link. Advantageously, the wired link can be used to transport a pin code from one of the wireless devices to the other. Consequently, pairing of the wireless devices can be completed without necessitating user entry of a pin code so long as the wired link is available.06-07-2012
20120144472Fraud Detection - In some embodiments, techniques for information security include receiving information related to an authentication credential, wherein the information is related to a failed authentication attempt; determining whether the authentication credential is related to a valid account; and performing a security measure related to the valid account, if it is determined that the authentication credential is related to the valid account.06-07-2012
20120144471UPDATING STORED PASSWORDS - A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client in accordance with an authentication protocol, and authenticate the client based on a comparison of the first form to a value derived from a second form of the password stored in a password database. The comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client over the secure connection, authenticate the client by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client when the authentication server receives the first form.06-07-2012
20120144469Network Selection From A Menu - Methods and systems for connecting to a network, such as a wired or wireless network, are provided. A method may include displaying a menu with one or more menu options in response to a user indication. Each menu option may indicate an available network and the status of the available network. Upon receiving a user menu selection indicating a selected available network, an authentication input field may be provided with the corresponding menu option in the displayed menu. The user may enter authentication information in the authentication input field in order to be connected to the selected available network. The corresponding menu option may display further status information upon successful connection to the selected available network.06-07-2012
20120144468Systems, Methods, and Computer Program Products for User Authentication - Responsive to receiving an authentication request from a device, an authentication server determines a confidence level for the authentication request, generates a confidence-weighted challenge to the authentication request. The confidence-weighted challenge being weighted based upon a confidence level. The authentication server, responsive to receiving a challenge response to the confidence-weighted challenge from the device, determines whether to authenticate the user based upon the challenge response. If the authentication server determines that the challenge response satisfies an expected response known to the authentication server, the authentication server permits authentication of the user to access the device. If the authentication server determines the challenge response does not satisfy the expected response known to the authentication server, the authentication server denies authentication of the user to access the device.06-07-2012
20110113477INFORMATION PROCESSING APPARATUS, INFORMATION PROVIDING SERVER, PROGRAM, COMMUNICATION SYSTEM, AND LOGIN INFORMATION PROVIDING SERVER - In one example embodiment, the communication system disclosed herein includes an information processing apparatus that acquires address information from a memory device having a free area including the address information and a secure area including account information. The information processing apparatus connects to a resource of a server using the acquired address information. The information processing apparatus causes a security server to acquire the account information from the memory device and transmit the acquired account information to the server such that the server enables a user to access the resource of the server using the account information.05-12-2011
20090037993Information Authentication Gateway, Information Acquisition System Using the Information Authentication Gateway, and Information Acquisition Method - It is possible to provide an information authentication gateway used when acquiring information on an object according to hierarchical position information contained in an information code attached to the object. The information authentication gateway includes: metadata storage means for storing metadata indicating an entire hierarchical structure in which basic semantic units are shown; hierarchical position information acquisition means for reading an information code attached to an object by a reader and receiving hierarchical information included therein from a user terminal capable of transmitting/receiving information to/from the reader; information comparison means for performing a comparison to decide whether the received hierarchical position information is included in the metadata stored in the metadata storage means; and ticket issuing means used when the information comparison means indicates that the information is included, for passing information required to access a server storing the information corresponding the hierarchical position information to the user terminal.02-05-2009
20090070863ACCESS SERVER AND CONNECTION RESTRICTION METHOD - The access server receives an authentication packet including an authentication result, a port change setting information, a port change time, a filtering setting information and a filtering time from the authentication server. The access server stores the respective information in the authentication packet into a memory. The access server refers to the memory, and in the case where the port change setting information on an arbitrary user identifier is set to perform port change, when it becomes the port change time, the access server changes the output destination of a packet from a user terminal to, for example, a proxy server B from a proxy server A. Besides, in the case where the filtering setting information on an arbitrary user identifier is set to perform filtering, when it becomes the filtering start time, the access server performs filtering on the port to which the user terminal is connected.03-12-2009
20100306836Control and Management of Electronic Messaging - A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine ifs desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.12-02-2010
20130133051AUTHENTICATED HOME DIRECTORY - Methods and systems for home directory management are described. In one embodiment, a computing system receives a user login request, and in response, bind mounts a temporary directory on a local file system of the computing system. The temporary directory does not require authentication. The computing system prompts the user for user credentials and authenticate the user using the user credentials. In response to a successful authentication, the computing system mounts a non-native directory in the temporary directory.05-23-2013
20130133053METHODS FOR ENHANCING PASSWORD AUTHENTICATION AND DEVICES THEREOF - This technology includes identifying verification password characters and a location of each of the verification password characters in one of a plurality of rows and one of a plurality of columns of a password matrix in response to received login identifier characters and received password characters from a client computing device. A determination is made whether each of the received password characters and the location of each of the received password characters in the password matrix matches each of the identified verification password characters and the location of each of the identified verification password characters in the password matrix. Access to the client computing device is granted when each of the received password characters and the location of each of the received password characters in the password matrix is determined to match each of the identified verification password characters and the location of each of the identified verification password characters.05-23-2013
20130133054Relationship Based Trust Verification Schema - A computationally-implemented method, in accordance with certain example embodiments, may include, but is not limited to: receiving at a computer device one or more behavioral fingerprints associated with one or more network accessible users; receiving an authentication request at the computer device, the authentication request associated with one or more proposed transactions of the one or more network accessible users; and transmitting from the computer device a decision associated with the authentication request, the decision based at least partially on a trust verification schema generated from a relational mapping of the one or more behavioral fingerprints associated with the one or more network accessible users. In addition to the foregoing, other aspects are presented in the claims, drawings, and written description forming a part of the present disclosure.05-23-2013
20130133055METHOD AND APPARATUS TO PROVIDE CONTINUOUS AUTHENTICATION BASED ON DYNAMIC PERSONAL INFORMATION - An authentication method, system and device are provided to continuously collect dynamic personal identification data (DPID) samples through a user device by using one or more sensors to continuously collect biometric and location data samples associated with the user and then securely transfer the DPID samples to a central authentication server where attributes of the DPID samples may be captured and incorporated as part of a challenge-response pair which requests an arbitrarily generated N-tuple of the DPID samples from a predetermined time interval from the user device that is unique to the user and dynamic based on the sensed data and the time-interval of collection.05-23-2013
20100306835COMMUNICATING SECURITY CREDENTIALS BETWEEN CICS REGIONS - Various embodiments include at least one of systems, methods, software, and data structures for communicating security credentials between CICS regions in a container of a Customer Information Control System (CICS) channel data structure. Some embodiments include receiving a dataset from a first CICS application executing within a first CICS region, the dataset received from the first CICS application for transmission to a second CICS application in a second CICS region. When the dataset includes a channel, populating a container of the channel with credential data to authenticate the dataset within the second CICS region and forwarding the dataset to a CICS transformer process of the first CICS region to transform and communicate the dataset to the second application in the second CICS region.12-02-2010
20100306834SYSTEMS AND METHODS FOR MANAGING SECURITY AND/OR PRIVACY SETTINGS - Systems and methods for managing security and/or privacy settings are described. In one embodiment, the method may include communicably coupling a first client to a second client. The method may further include propagating a portion of a plurality of security and/or privacy settings for the first client from the first client to the second client. The method may also include, upon receiving at the second client the portion of the plurality of security and/or privacy settings for the first client, incorporating the received portion of the plurality of security and/or privacy settings for the first client into a plurality of security and/or privacy settings for the second client.12-02-2010
20100319062INVITATION SERVICE FOR MULTI-DEVICE APPLICATION SESSIONS - A multi-device invitation system and method are provided herein.12-16-2010
20130139233SYSTEM AND METHOD FOR CONTROLLING USER ACCESS TO A SERVICE PROCESSOR - According to one aspect, a system for managing user access to a service processor is disclosed. In one embodiment, the system includes a computer-executable management access module for performing functions to authenticate a user. A management computer that is communicatively coupled to the service processor is operative to perform management functions for at least one target computer. User authentication functions include receiving a first set of login data from a user of the management computer and verifying whether the received login data corresponds to an approved user. If the first set of login data corresponds to an approved user, a code is generated and then displayed on the management computer. When recognized by the personal computing device, data from the code is used for providing a second set of login information to the user, for permitting the user to access the service processor via the management computer.05-30-2013
20130139234SYSTEM AND METHOD FOR REMOTE MANAGEMENT OF A PLURALITY OF TARGET COMPUTERS FROM A COMMON GRAPHICAL INTERFACE - A computer system. In one embodiment, the computer system includes a remote management computer with a user input means and a display means, a plurality of target computers communicatively connected to the remote management computer over a communications link, and a computer-executable remote management application. The remote management application is configured to cause the remote management computer to perform functions that include receiving user authentication data for a user to remotely access particular target computers over the communications link, sending a request for remote management data to each of the particular target computers, receiving remote management data from each of the particular target computers in response to the request, and causing the display means to simultaneously display the graphical user console for each one of the particular target computers in a common graphical interface.05-30-2013
20130139235APPLICATION-BASED CREDENTIAL MANAGEMENT FOR MULTIFACTOR AUTHENTICATION - A device receives a request to authenticate an end user of a user device to use an application, based on an application identifier and a user identifier included the request, and determines whether the application is authenticated based on the application identifier. The device also determines whether the user device is authenticated based on the user identifier and utilizing a generic bootstrapping architecture (GBA) authentication procedure, and determines whether the end user is authenticated based on a personal identification number (PIN) associated with the end user. The device further provides, to an application server device hosting the application, results of the authentications of the application, the user device, and the end user.05-30-2013
20130139236IMPOSTER ACCOUNT REPORT MANAGEMENT IN A SOCIAL NETWORKING SYSTEM - Imposter account reports received by a social networking system are put into a report management process that routes the reports into other handling processes based upon the comparison of the probability of fraud in an alleged imposter account versus the probability of fraud in an alleged authentic account. The account determined to be most probably fraudulent is enrolled in an account verification process. In the account verification process, the account-holder is asked to verify their identity through automatic means. If the automatic means fail to verify the identity of the account-holder, a manual process for verification is initiated.05-30-2013
20130139238Method and System For Authenticating User Access To A Restricted Resource Across A Computer Network - A method of authenticating user access to a restricted resource across a computer network, the method characterised by: communicating client device configuration data to a server and assigning a risk analysis score based on the client device configuration data; and generating an alert at a client device in response to the risk analysis score.05-30-2013
20110004928PASSWORD INPUT SYSTEM USING ALPHANUMERIC MATRICES AND PASSWORD INPUT METHOD USING THE SAME - The present invention relates to a password input algorithm, more particularly to a password input system and method using alphanumeric matrices. An aspect of the invention can provide a password input system and method using alphanumeric matrices that can defend against keylogging attacks and shoulder surfing attacks by including a movable second alphanumeric matrix and a fixed first alphanumeric matrix and enabling a user to input a password by moving the password letters of the second alphanumeric matrix to the user-defined value of the first alphanumeric matrix. Another aspect of the invention can provide a password input system and method using alphanumeric matrices that can defend against shoulder surfing attacks by enabling a user to input a password by dividing the password by every two digits and moving the cross-points for the two digits, respectively, to the user-defined value of the first alphanumeric matrix.01-06-2011
20100169960Job Search and Coaching System & Process - A system and process for organizing and advancing a job search of a user wherein the user provides information on one or more of contacts, documents, activities and/or status and either requests or is automatically presented with coaching to maintain and advance the search. The coaching may include creating and monitoring follow-up activities for the user. To accomplish the coaching, the system may include a rules engine for determining applicable coaching scenarios. Each scenario may be defined as a record in a database table such that each record in that table may define a unique scenario. In addition, the system may comprise a plurality of other tables defining additional records. Tables within the system may be related in a variety of ways, including one-to-one, one-to-many and/or many-to-many.07-01-2010
20100169959System and Method for Providing Secure Access to Password-Protected Resources - A method of a wireless communication device for accessing secure resources of a resource provider or the device itself. A password associated with the wireless communication device is identified. A password identifier is assigned to the password and a non-password identifier is assigned to a non-password different from the password. The password identifier has a non-sequential association with the non-password identifier. The password identifier, the password, the non-password identifier, and the non-password are provided at a user interface of the wireless communication device. Access to a secure resource is granted in response to determining that the password identifier has been detected at the user interface.07-01-2010
20110010764ONE-PASS AUTHENTICATION MECHANISM AND SYSTEM FOR HETEROGENEOUS NETWORKS - A one-pass authentication mechanism and system for heterogeneous networks are provided. The mechanism comprises authenticating a user based on an authentication key and an authentication algorithm in response to a request of the user to register a first network, wherein the authentication key and the authentication algorithm are associated with a first user identity for the first network and a second user identity for a second network; and if the authentication is successful, then comparing the first user identity retrieved from an authentication database through the second user identity provided by the user to the first user identity provided by the user in the authentication, in response to a request of the user to register the second network, and setting up security associations between the user and the second network if the retrieved first user identity matches the first user identity provided by the user.01-13-2011
20110016517INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING SYSTEM - A first server in a system includes confirmation requesting unit 01-20-2011
20110016516Management of an instant message session - Maintaining an Instant Message (IM) session includes sending a login request to a first login server from a client; establishing the IM session and transferring Instant Messages between the client and the first login server; detecting an interruption in the transfer of the Instant Messages; obtaining an address of a second login server from a login allocation server; sending a reconnection request from the client to the second login server; and in the event that the reconnection request is accepted by the second login server, exchanging Instant Messages between the client and the second login server.01-20-2011
20110030043DEVOLVED AUTHENTICATION - A method of authenticating a user to a service provider by means of an authentication provision unit, the method comprising: in a first stage of the method: receiving credentials from a user; determining whether the credentials received from the user represent a valid logon; and if that determination is positive: generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address; and providing the network address to the user; and in a second stage of the method: receiving a parameter from a service provider; determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been issued to a user and that has not previously been received from a service provider; and if that determination is positive: signalling to the service provider over a secure channel a message indicating that the received parameter represents a valid logon attempt, the message including credentials of the user to whom the instance parameter that matches the received parameter had been issued.02-03-2011
20110041173METHOD AND APPARATUS FOR EXPERT VERIFICATION - In exemplary embodiments, an apparatus and method for verifying experts on a consultation system is provided. Identity and credential information is received at a web server from a potential expert. A selection of a category that the potential expert wants to be admitted is also received. The identity information and at least a portion of the credential information may be verified. The potential expert is accepted as an expert based in part on a result of the verifying of the identity and credential information. Once accepted, an account associated with the potential expert is activated to allow the potential expert to become an expert and to allow the expert to provide answers on the consultation system when the potential expert is accepted.02-17-2011
20110041171TECHNIQUES FOR VIRTUAL REPRESENTATIONAL STATE TRANSFER (REST) INTERFACES - Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.02-17-2011
20110041170METHODS AND SYSTEMS FOR USER AUTHENTICATION - According to some embodiments, a registration request is received from a user, the user providing information identifying an account. A transaction database is queried using the information identifying an account, and a set of transactions conducted using the account are identified, each of the transactions having at least one transaction detail field. The set of transactions is presented to said user with at least one of the transaction detail fields being redacted. The user is prompted to provide the at least one of the redacted transaction detail fields, and a determination is made whether to authenticate the user based on a response of the user.02-17-2011
20110041172System and method for enhanced protection and control over the use of identity - A method of protecting use of an entity's identity is provided. The method comprises setting a status of the identity to a first state, the first state defining a scope of permitted use of the identity, changing, in advance of an intended use of the identity, the status to a second state defining a scope of permitted use of the identity that is different from the first state, requesting use of the identity after the changing; and returning, after the requesting, the state back to the first state.02-17-2011
20110041168SYSTEMS AND METHODS FOR TARGETING ONLINE ADVERTISEMENTS USING DATA DERIVED FROM SOCIAL NETWORKS - Systems and methods for targeting online advertisements using data derived from social networks are provided. In accordance with some embodiments, the method comprises: presenting a user at a user computer with a publicly accessible website that includes user-generated social networking content over the Internet, wherein the user is authorized to access features and the user-generated social networking content associated with the publicly accessible website upon inputting user information; in response to receiving user information from the user, displaying a webpage associated with the user; displaying at least one advertisement on the webpage, wherein the at least one advertisement embeds an object in the user computer and wherein the object is used to obtain a unique identifier associated with the user; using the object to construct a micronetwork of the members associated with the user, wherein the object obtains the unique identifier from each member that visits the webpage and the unique identifier from each member that establishes a relationship with the user; using the object to monitor information relating to the user, wherein the information includes actions executed by the user; retargeting advertisements for transmission to the user and the micronetwork based on information monitored by the object; and transmitting at least one retargeted advertisement to the user and the micronetwork associated with the user, wherein the at least one retargeted advertisement is transmitted using the unique identifier associated with the user and the unique identifier associated with each member of the micronetwork.02-17-2011
20110113478 METHOD OF SECURING FRANKING VIA A TELECOMMUNICATIONS NETWORK - A method of securing franking, said method comprising the following operations: 05-12-2011
20130152182SYSTEM AND METHOD FOR ENABLING, VERIFICATION OF ONE OR MORE CREDENTIALS OF ENTITIES AND SHARING RESULT OF VERIFICATION - A system and method for enabling, verification of one or more credentials of entities and sharing result of verification is provided. The system is configured to receive request from an entity to verify a credential, verify the credential of the entity according to a predefined methodology and allow the entity to share at least a part of result of verification.06-13-2013
20110119745NETWORK AUTHENTICATION - There is provided a Security Manager Device for allowing the secure establishment of network connections between devices, the Security Manager Device comprising a memory for storing network authentication information for a network and a transmitter for wirelessly transmitting the stored network authentication information to a device to be connected to a second device.05-19-2011
20110119746Identity Verification Method and Network Device for Implementing the Same - An identity verification method includes the steps of: i) in response to a login request from a user end, generating and providing a query to the user end; and ii) in response to an answer from the user end, verifying identity of the user end. The query includes indices of a verification table corresponding to the user end that are arranged in a random order in a ring formation, and requires the user end to provide an answer containing code contents of the table corresponding to a user-end selected set of adjacent ones of the indices in the ring formation. Identity of the user end is verified by determining whether the code contents in the answer are found in the table and whether the indices corresponding to the code contents in the answer are adjacent to each other with reference to the ring formation in the query.05-19-2011
20110247064METHOD AND APPARATUS FOR PROTECTING INFORMATION IN USER TERMINAL - A terminal includes: an input unit receiving setting data including time data and position data; a storage unit storing the received setting data; a position information generating unit generating position information of the terminal; a determination unit comparing the position data with the generated position information to determine whether to limit functions of the terminal or not, at a time corresponding to the time data; and a controller controlling to limit at least one function of the terminal according to the determination outcome.10-06-2011
20110131640Secure transfer of data - A method of secure transfer of data between entities, which comprises: establishing a first secure channel (06-02-2011
20110093938METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR BOOTSTRAPPING DEVICE AND USER AUTHENTICATION - An apparatus may include a processor configured to receive a security certificate request from a remote device comprising a public key of the remote device and an authentication credential based upon a legacy authentication mechanism of the remote device. The processor may be further configured to validate the received authentication credential in accordance with the legacy authentication mechanism. The processor may be additionally configured to generate a security certificate for the public key. The processor may be further configured to provide the generated security certificate to the remote device04-21-2011
20090328175IDENTITY VERIFICATION VIA SELECTION OF SENSIBLE OUTPUT FROM RECORDED DIGITAL DATA - A digital data sampler operating in a computer processor selects and stores digital data samples from a data stream used for generating audio-visual output during a session with a client operated by a user. The session generates the data stream independently of the data sampler. The data sampler may collect parameter data correlated to a probability will be remembered by the user at some future time, for each sample. The data sampler may store the data samples and parameter data as shared secret data for use in a future authentication session. During a future authentication session, an authentication device selects test data from the shared secret data to generate sensible output in an authentication process. The authentication process grants access to a controlled resource in response to user input indicating specific knowledge of the shared secret data selected from a presentation of similar sensible outputs.12-31-2009
20110214168PAIRING OF WIRELESS DEVICES USING A WIRED MEDIUM - Techniques that facilitate pairing of wireless devices with other wireless devices are disclosed. According to one aspect, a pair of wireless devices can be paired for wireless data exchange using an available wired link. Advantageously, the wired link can be used to transport a pin code from one of the wireless devices to the other. Consequently, pairing of the wireless devices can be completed without necessitating user entry of a pin code so long as the wired link is available.09-01-2011
20110214172Authentication Over a Network Using One-Way Tokens - A method for authenticating an entity at a first data resource, the method comprising the steps of: sending a first request token from the entity (09-01-2011
20110214170METHOD AND SYSTEM OF SERVING SUBSCRIBED CONTENTS FROM MULTIPLE SOURCES VIA A GLOBAL COMMUNICATIONS NETWORK - A computer implemented method and system for, via a global communications network, serving subscribed contents from various subscribed content sources to end users without the need of end users subscribing and signing in at each individual subscribed content source. An embodiment system of present invention may use pre-stored access credentials specific to the embodiment system for fetching the requested subscribed contents from various subscribed content sources. The embodiment system may remove the aforementioned access credentials when forwarding the fetched subscribed contents to corresponding requesting end users. The end users may be served according to their viewing credits and other permissions. The viewing credits of end users may be adjusted according to the served subscribed contents. Before being forwarded to end users, the fetched subscribed contents may be amended according to the present invention to facilitate end users for requesting further subscribed contents to be served by the embodiment system.09-01-2011
20110214169Secure Authentication Systems and Methods - Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.09-01-2011
20090328170Method and Systems for Dynamically Providing Communities of Interest on an End User Workstation - A method and system provide dynamic communities of interest on an end user workstation utilizing commercial off the shelf products, with central management and the ability for a users to log on only once (also known as “single sign on” or “SSO”). The software images that make up the virtual machine can be patched and updated with other required changes from a central storage area where the image can be administratively updated just once. A digital signature can be applied to the software images to ensure authenticity and integrity, along with determining whether a software image is up to date.12-31-2009
20110078778MULTI-VARIABLE CHALLENGE AND RESPONSE FOR CONTENT SECURITY - Embodiments of the present invention provide a method, system and computer program product for multi-variable challenge-response. In an embodiment of the invention, a method for multi-variable challenge-response can include receiving a request to access content from an end user computing device from over a computer communications network. The method also can include selecting different objects for inclusion in an object set and applying a different characteristic to each of the different objects in the object set. A question and answer can be generated based upon each of the different characteristics. Further, a challenge-response prompt can be transmitted to the end user computing device such that the prompt includes the different objects with different characteristics applied, and also the generated question. A response to the challenge-response prompt can be received and compared the response to the computed answer. Finally, access to the content can be granted if the response and computed answer match, but otherwise access to the content can be denied.03-31-2011
20100138906COMMUNICATION DEVICE SUITABLE FOR SETTING IP ADDRESS OF SERVER CONNECTED TO NETWORK, NETWORK PARAMETER SETTING METHOD AND NETWORK PARAMETER SETTTING PROGRAM PRODUCT - In order to easily set IP addresses required for communicating with apparatuses connected to a network, an MFP includes a port scan unit for acquiring, by port scanning, an IP address of a server having a predetermined port open from one of the servers connected to the network, and a network environment storage part for storing a set of acquired IP address and a port number of the predetermined port.06-03-2010
20090083842SECURE DETECTION NETWORK SYSTEM - A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.03-26-2009
20100077468METHOD AND SYSTEM FOR PROVIDING EFFICIENT AND COMPLEX DATABASE FUNCTIONALITY TO A MOBILE DEVICE - Methods, systems, and apparatus provide efficient and complex database functionality for an electronic device, e.g. a mobile device. These mechanisms and methods for providing efficient and complex database functionality to an electronic device can enable embodiments to provide quick access to certain data using a local application and seamless access within the local application to other data and complex presentation formats that are supplied by a server. The ability of embodiments to provide this hybrid functionality can enable users of the electronic devices to be more productive.03-25-2010
20100011430Computer architecture for managing courseware in a shared use operating environment - Methods, devices, and systems are provided in a multi-level computer architecture which provides improved capabilities for managing courseware and other content in a shared use operating environment such as a computer network. In particular, the invention provides a commercial networked instruction content delivery method and system which does not exclude synchronous sharing but is focused on asynchronous sharing. Security means in the architecture provide content property holders with the ability to know how many minutes of use an individual made of licensed material and with increased certainty that their material cannot be used, copied, or sold in usable form unless and until a user site is connected or reconnected to a minute-by-minute counter which is located off the premises of the user. This security link helps protect software and other works which are being sold or licensed to an individual, organization, or entity, and creates income opportunities for owners of such content.01-14-2010
20100011428SYSTEM, METHOD AND COMPUTER PROGRAM, FOR ENABLING ENTRY INTO TRANSACTIONS ON A REMOTE BASIS - A system, method and computer program for enabling transactions on a remote basis is provided. The method of the present invention comprises the steps of: (1) providing a first computer at a location of a customer, and providing a second computer at a location of a financial institution, the first computer and the second computer being linked so as to provide a two-way audiovisual communication system; (2) providing an authentication request at the second computer and communicating the request to the first computer; (3) the customer reviewing the request and providing a signature or other writing as an input to an input device connected to the first computer; (5) transmitting the signature from the first computer to the second computer; (6) receiving the signature and providing the signature to a plotting device connected to the second computer; and (7) applying the signature to a transactional document, wherein the audiovisual information received by the second computer and the signature received by the second computer in combination provide a means of transaction authentication and non-repudiation.01-14-2010
20100263034METHOD FOR AUTHORISING A COMMUNICATION WITH A PORTABLE ELECTRONIC DEVICE, SUCH AS ACCESS TO A MEMORY ZONE, CORRESPONDING ELECTRONIC DEVICE AND SYSTEM - The invention relates to a method for authorizing a communication with a portable electronic device, such as access to at least one memory area. The portable electronic device has a display for presenting an item of information visible to the outside and an interface for communication with the outside of the portable electronic device. The item of information is at least in part taken into account by the portable electronic device in order to authorize the communication. The method includes a step of optical reading of the item of information outside the portable electronic device. The method is distinguished in that it also includes a step of varying the item of information, the step of varying causing the item of information, termed the variable item of information, to vary at least in part. The invention also relates to the portable electronic device, and the system comprising the portable electronic device and an electronic communication or reading device.10-14-2010
20100037306ELECTRONIC DEVICE AND ACCESS CONTROL METHOD THEREOF - An electronic device and an access control method include selecting a login image, determining and constructing a coordinate system for a touch panel of the electronic device, and recording coordinates of a first group of touch points on the login image and a first touch sequence correspondingly. The electronic device and the access control method further include confirming a touchable area corresponding to each touch point of the first group of touch points and a preset error range, and storing the login image and the touchable areas into a storage system of the electronic device.02-11-2010
20090313686Method of tracking a network-enabled device - Methods of tracking a network-enabled device are provided. One method may include establishing a link between the network-enabled device and a predetermined network portal via a tracking tool operating on the network-enabled device, transmitting identifying indicia to database server(s) operably coupled to the predetermined network portal, comparing the identifying indicia to predetermined information stored on the database server(s) to determine if the identifying indicia matches the predetermined information, and upon determining that the identifying indicia matches the predetermined information, storing the identifying indicia in a logging database stored on the database server(s).12-17-2009
20090313684USING WINDOWS AUTHENTICATION IN A WORKGROUP TO MANAGE APPLICATION USERS - An system for authenticating users of an application program executing at a front-end computer using the security features built into the operating system of a logon computer is provided. Initially, an administrator establishes user accounts for each user with an operating system executing at the logon computer with access to application resources. When the application program starts executing at the front-end computer, the application program prompts the user for credentials. The application program attempts to access resources managed by the logon computer using the received credentials. When access to a resource is successful, the application program knows that the logon computer has authenticated the user and the user is authorized to access the resource. In this manner, the application program can take advantage of the security features built into the operating system executing at the logon computer to authenticate users of the application program and authorize access to application resources.12-17-2009
20100017860AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD - The security of an authentication system using a one-time password is increased, a shift from an authentication system using a fixed password is simplified, and a range of use is increased. An authentication system wherein a one-time password is synchronized with time, or an authentication system wherein a one-time password is synchronized with the number of online service authentication requests, is provided. When a one-time password client 01-21-2010
20090217365AUTOMATIC DISPLAY OF MESSAGES ON DISPLAY SCREEN - A method, Internet protocol television (IPTV) enabled communication device, and computer program product for automatic message services are provided. A processor executes instructions from a memory. An input and output (I/O) device is for transmitting and receiving, respectively. A client application is stored in the memory and configured to provide the automatic message service. The client application receives input of a message to be presented at an appropriate time, receives input of an action associated with the message, receives input of a recipient for the message, and presents the message for display to the recipient at the appropriate time.08-27-2009
20100037305WINDOW OVERLAY FOR ONLINE COLLABORATION PLATFORM - In an example embodiment, an online advertising management platform maintains an account that includes data relating to an order for advertising provided by an ad network affiliated with the platform. When the platform receives a login that identifies a user as having access rights to the account, the platform displays a view that includes a window displaying data relating to the order and a toolbar in a standardized location relative to the window. The toolbar includes a tab. When the user clicks on the tab, the platform displays a tabbed window that includes a list of the informational messages, regardless of whether an informational message on the list has been read or dismissed by another user allowed access to the account. The platform locates the window contiguous to the toolbar over some but not all of the view displaying the data relating to the order.02-11-2010
20100037304USER-CENTRIC RESOURCE ARCHITECTURE - Some embodiments include a computer-implemented method for controlling access to resources of a platform in a computer system. The method can comprise detecting a request to access a resource, wherein the resource resides in the computer system, and wherein the resource is associated with an owner; requesting a first resource access decision from a first policy decision unit associated with the owner; receiving, from the first policy decision unit, the first resource access decision and first trust information, wherein the first trust information indicates trust of a second policy decision unit; requesting a second resource access decision from the second policy decision unit associated with the virtual universe platform; receiving, from the second policy decision unit, a second resource access decision; and returning the second resource access decision.02-11-2010
20100071044Method for tracking location of patients and doctors in a medical office or hospital practice - A method of operating a paperless medical office or hospital practice office of multiple physicians seeing multiple patients during the course of a single day through the use of radio-frequency identification transponder tags secured within the walls, ceilings and/or doors of examination and consultation rooms of a health-care environment in cooperation with codified smart cards or fingerprint scans in physician carried tablet PC's to supply medical record and like information relevant to a patient only to the physician with whom such patient is meeting at any given instant of time.03-18-2010
20100071042SELECTION AND APPLICATION OF ROLES AND SYSTEMS BASED ON USERNAME AND LAYOUT ID - In one embodiment a computing system comprises one or more processors, a display device coupled to the computing system, and a memory module communicatively connected to the one or more processors. The memory module comprises logic to receive, in a connection server, a service request from a user via a remote connection client, wherein the service request comprises at least one of a user credential, a connection client identifier, and a layout identifier, authenticate, in the connection server, the user credential and the connection client identifier, retrieve, in the connection server, a user profile associated with the user, a connection client layout associated with the layout identifier, connection data for at least one remote system, and a policy associated with the user profile, and transmit the user profile, the connection client layout, a remote system and the connection data for a remote system and a policy associated with the user profile from the connection server to the remote connection client.03-18-2010
20100064359USER CREDENTIAL VERIFICATION INDICATION IN A VIRTUAL UNIVERSE - User credential verification indication in a virtual universe is disclosed. A method, system and program product are provided that include verifying a credential of the user of a first avatar in the virtual universe; and establishing a zone that causes an indication of the credential of the user of the first avatar to appear in response to an action being taken relative to the zone.03-11-2010
20100077467AUTHENTICATION SERVICE FOR SEAMLESS APPLICATION OPERATION - In one embodiment, a client computer system receives user credentials from a computer user. The client computer sends the received user credentials to an authentication service running on a server computer in a datacenter, where the authentication service is configured to authenticate the user credentials so that the user is authorized to access datacenter-provided information corresponding to various client-side applications. The client computer receives an authorization indication from the authentication service indicating that the user is authorized to access the datacenter-provided information and stores the received authorization indication in a credential store on the client computer. The computer system also receives from a client-side application an authentication request to authenticate the user and automatically sends the stored authorization indication indicating that the user is authorized to access the datacenter-provided information, without prompting the user to provide user credentials for authentication.03-25-2010
20110154460METHOD AND SYSTEM FOR USER AUTHENTICATION - Method and system for user authentication using one or more unique ID's associated with one or more electronic devices connected in a communication network, more specifically in short range radio communication network. the method comprising the steps of polling and detection of a short range wireless electronic device within a short range radio communication network, establishing a connection between such short range wireless electronic device with a centralized server, authenticating the short range wireless device ID, requesting further the user to feed a pre-determined authentication code, verifying the fed authentication code with corresponding entries in the database of the central server, establishing an encrypted channel if authentication code found in such database, receiving a user authentication certificate from the wireless electronic device.06-23-2011
20110093940SYSTEM AND METHOD FOR PROVISIONING UNIVERSAL STATELESS DIGITAL AND COMPUTING SERVICES - A service provisioning system and method for providing remote access to digital services over a communications network, comprising a plurality of client devices connected to the communications network for requesting digital services from a plurality of service centers and presenting output from the digital services. The network operation center connected to the communications network authenticates client devices and users, manages sessions, and processes requests for digital services. A connector associated with each service center establishes a session with a client device specified by the network operation center and encapsulates the native protocols of the digital services within a remote interactive protocol. The remote interactive protocol includes information for generating a human-perceptible presentation on the client device, to provide a remote access to the digital services without modifying the hardware and software infrastructure of the service centers.04-21-2011
20100058452METHODS AND A DEVICE FOR ASSOCIATING A FIRST DEVICE WITH A SECOND DEVICE - A method and device for device association. A user enters login and password on a first device that searches for reachable devices. The first device asks the reachable devices if they know the login, preferably by sending a salted hash of the login. The devices that know the login respond positively and the first device lists the responding devices. The first device then successively performs Secure Remote Authentication (SRP) with each device on the list until an authentication succeeds or there are no further devices on the list. The SRP authentication makes sure that the first device knows the login and that the other device knows a password verifier without transmitting any knowledge that allows recuperation of this info by an eavesdropper. The authenticated devices then establish a secure channel over which a community secret key is transferred, and the first device also calculates and stores the password verifier.03-04-2010
20100058451LOAD BALANCING FOR SERVICES - The present invention extends to methods, systems, and computer program products for load balancing for services. Embodiments of the invention facilitate load balancing between instances of a service based on affinitization of messages, based on content of the message. For example, messages in the same session can be dispatched to the same service instance. A sequence or series of related messages associated with long running and/or stateful services are more likely to be dispatched to the same instance of the service. Thus, if the service instance has persisted client state, there is an increased likely of utilizing the persisted client state and not having another service instance recreate the client state.03-04-2010
20100058450PASS CODE PROVISION - A device includes a processor and a computer-readable medium including computer-readable instructions. Upon execution by the processor, the computer-readable instructions cause the device to receive a first request from a second device, where the first request is for a pass code. The first request includes an identification of a coded system for which the pass code is requested. The computer-readable instructions also cause the device to provide a second request to a third device, where the second request includes the identification of the coded system. The computer-readable instructions also cause the device to receive a plurality of pass code segments from the third device. The computer-readable instructions further cause the device to provide the plurality of pass code segments to the second device for assembly into the pass code.03-04-2010
20110252464AUTHENTICATING A MOBILE DEVICE BASED ON GEOLOCATION AND USER CREDENTIAL - Mobile devices provide security based on geographic location. With such a technique, a mobile device may automatically check its current location against geographic information as to the location(s) in which it is permitted to operate. When the user attempts access to the device, the mobile device will prompt the user for his/her credential only if the geographic location matches an allowed location. The user gains access then by inputting information corresponding to the credential, e.g. username and password, of a valid user. In the examples, if the geographic location does not match an allowed location, the mobile device provides a warning to the user, and the user is not allowed to enter any credential information. Optionally, the mobile device may send an alert message about the device being taken outside a specified boundary, e.g. to report the situation to other personnel.10-13-2011
20110252462Authenticating a Remote Host to a Firewall - A computer implemented method, system, and computer program product for authenticating a remote host to a firewall. The illustrative embodiments allow a requesting host separated from a target host by a firewall to determine, based on exception handling code, that an original request sent to the target host has been intercepted and blocked by the firewall. The illustrative embodiments also allow the requesting host to automatically provide credentials that authenticate the requesting host to the firewall. The illustrative embodiments are particularly applicable in situations when requests are invoked without any user interaction, such as when a timer expires. In such a case, there is no user to provide the needed credentials to authenticate the requesting host. The illustrative embodiments enable a requesting host to access a target host without requiring user intervention.10-13-2011
20110099616Authenticating Using Cloud Authentication - An authentication mechanism in a local area network may use a cloud authentication mechanism to allow or deny authentication requests. A user may gain access within a local area network by entering a cloud identification and password, which may be verified by a cloud authentication mechanism. If the authentication is successful from the cloud authentication mechanism, the user identification and password are stored locally for subsequent authentication requests. In some embodiments, the cloud password may be periodically flushed so that subsequent requests may be passed to the cloud authentication mechanism. The authentication mechanism may be used in both domain and workgroup local area networks, and may operate in parallel with other users who may have local area network or client credentials which may not be authenticated from the cloud.04-28-2011
20110099617METHOD AND SYSTEM FOR VALIDATING AUTHENTICITY OF IDENTITY CLAIMS - A method for validating authenticity of identity claims of one or more communicating entities in an online transaction over a network is disclosed. The method includes extracting identity information of the first communicating entity by the second communicating entity during online transaction and prompting a client to provide a unique resource name of the first entity. Further, the method includes validating the identity information extracted from the first entity by checking identity information already registered in a registry. Later the method includes authenticating the identity claims of the first entity based on the validation results. The method also includes steps for registering identity information of the first entity within the registry.04-28-2011
20110093942IMPROVED BIOMETRIC AUTHENTICATION AND IDENTIFICATION - Authentication of a user to an electronic device in a communication network is described. The method comprises obtaining a biometric characteristic of the user, transmitting, to a social networking service, information that specifies at least one primary user ofthe device, receiving, from the social networking service, information that specifies a group of persons who have a social relationship with the at least one primary user, obtaining information that specifies a result from a biometric matching operation with the biometric characteristic of the user and biometric characteristics of persons in the specified group of persons, the result indicating whether or not the user is authenticated to the electronic device. By narrowingdown the size of the searching space-needed during a matching operation by utilizing information regarding a group of persons in a social network, the false acceptance rate is reduced and biometric authentication of a user to an electronic device is thereby facilitated, e.g. to accessdesired functionality of the device or access a desired service.04-21-2011
20110093941PRE-CONFIGURATION OF A CLOUD-BASED COMPUTER - Various example embodiments are disclosed herein. According to an example embodiment, a method may include receiving by a second computer a customization application, the customization application including a control panel to establish user preferences for a user account of the cloud-based service and/or system settings for the first computer; receiving by the second computer an input to the customization application to establish one or more user preferences for the user account and/or one or more system settings for the first computer; and transmitting from the second computer to a server associated with the cloud-based service the one or more user preferences and a username for the user account and/or the system settings for the first computer.04-21-2011
20110093939RESOURCE ACCESS BASED ON MULTIPLE CREDENTIALS - A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. The collection of multiple user credentials is also compared to a threshold combination of user credentials to be satisfied to access the resource, and a determination is made, based on the comparing and the verifying, as to whether access to the resource is permitted. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device.04-21-2011
20120304271DERIVING A USERNAME BASED ON A DIGITAL CERTIFICATE - One embodiment of a method for determining a username comprises obtaining a digital certificate from a first computer application requesting a service; authenticating the digital certificate of the first computer application; and retrieving the username from the digital certificate that is recognized by a second computer application performing the service as a user of the second computer application. Other methods and systems are also provided.11-29-2012
20120304270AUTHENTICATION SYSTEM FOR ENHANCING NETWORK SECURITY - A network-based biometric authentication system includes a client computer (11-29-2012
20120304269VISUAL AUTHENTICATION AND AUTHORIZATION FOR MOBILE DEVICES - A system and method is provided for visual authentication and authorization of a user for mobile touch devices, the system having: a login display on a mobile touch device displaying a visual pattern; a data collection engine whereby touch attributes are obtained from a plurality of user touch events to the mobile touch device with reference to the visual pattern, the touch attributes comprise measured touch attributes and derived touch attributes calculated from the measured touch attributes; an authentication engine whereby the touch attributes are compared to projected user touch attributes derived from user touch attribute values obtained during prior successful logins.11-29-2012
20120304268INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes a communication unit for communicating with another information processing apparatus and a determination unit for determining whether or not to authenticate the other information processing apparatus on the basis of an operation pattern reported to a user and an analysis result of the user's operation corresponding to the operation pattern.11-29-2012
20120304267BIOMETRIC AUTHENTICATION DEVICE AND BIOMETRIC AUTHENTICATION METHOD - A biometric authentication device includes: a matching data generating unit which generates matching data from at least one biometric image representing a plurality of pieces of biometric information of a user; a mutual biometric information feature amount extraction unit which extracts a mutual biometric information feature amount representing the degree of similarity between two pieces of biometric information of the plurality of pieces of biometric information; a selection unit, which, for each of the first predetermined number of the registered users, computes a first selecting score based on the mutual biometric information feature amounts of the user and the registered users and selects the second predetermined number of registered users in order of decreasing the level of similarity based on the first selecting score of each registered users; and a matching unit which matches the matching data of the selected registered users with the matching data of the user.11-29-2012
20110154463PROCESSING DATA TRANSFER METHOD IN SHEET PROCESSING APPARATUS - This invention is to prevent a MAC of a correct answer from being calculated by use of an IC card even if count data in the database of a PC is falsified since the MAC calculated by the IC card is made invisible from the exterior of the IC card. Thus, falsification of data by enciphering the number (total sum) of cut sheets in a sheet checking equipment.06-23-2011
20110154462METHOD FOR MANAGING AN ACCESS FROM A REMOTE DEVICE TO DATA ACCESSIBLE FROM A LOCAL DEVICE AND CORRESPONDING SYSTEM - The invention relates to a method for managing an access from a remote device to data and/or at least one resource accessible from a local device. The local device includes a browser. The remote device hosts a server, as a remote server. During a remote server connecting step, the browser sends to the remote server a request for loading data. According to the invention, the remote server sends, through the browser, to a local server a request for connecting a local server, as response to the request for loading data, and the local server sends data to the remote server, the local server being connected from the remote server to a data storage devices and/or at least one resource accessible from the local device. The invention relates also to a corresponding system having a token and a terminal coupled with the token.06-23-2011
20110154461SYSTEMS AND METHODS FOR MANAGEMENT OF COMMON APPLICATION FIREWALL SESSION DATA IN A MULTIPLE CORE SYSTEM - The present invention is directed towards systems and methods for efficiently an intermediary device processing strings in web pages across a plurality of user sessions. A device intermediary to a plurality of clients and a server identifies a plurality of strings in forms and uniform resource locators (URLs) of web pages traversing the device across a plurality of user sessions. The device stores each string of the plurality of strings to one or more allocation arenas shared among a plurality of user session. Each string is indexed using a hash key generated from the string. The device recognizes that a received string transmitted from a webpage of a session of a user is eligible to be shared among the plurality of user sessions. The device determines that a copy of the received string is stored in an allocation arena using a hash generated from the received string. The device uses the copy of the received string stored in the allocation arena in place of the string in the web page of the session of the user to process the web page.06-23-2011
20120304266METHOD AND SYSTEM FOR AUTHENTICATING COMMUNICATION - Embodiments of the present disclosure provide a method and system for authenticating communication between a plurality of accessory devices or services and one or more media devices by using a single authentication processor. The method includes the steps of establishing a communication of a media device attached to an accessory device with an authentication processor through an authentication processor manager, authenticating the accessory device by the media device based on a digital certificate and a digital signature; and authenticating the media device by the accessory device based on verification of the digital certificate and the digital signature.11-29-2012
20120304265Browser with Integrated Privacy Controls and Dashboard for Social Network Data - Particular embodiments comprise a method, by one or more computer systems, for accessing a structured document from an external website, wherein the structured document includes markup language containing instructions identifying social network data elements of a social networking system, processing the markup language in the structured document to locate the social network data elements, rendering the structured document based on the markup language, wherein the displayable web page includes one or more of the located social network data elements of the social networking system, and displaying one or more of the located social network data elements of the social networking system proximal to the rendered web page on a display.11-29-2012
20110088086LOCKING AND UNLOCKING OF AN ELECTRONIC DEVICE USING A SLOPED LOCK TRACK - Systems, apparatuses, and methods that can facilitate securing an electronic device and associated information are presented. A security component facilitates display and operation of a lock track comprising a locked portion having a positive slope and an unlocked portion, including a chasm, that is adjacent to a high point of the positive-sloped unlocked portion of the lock track. A lock facilitator component (LFC) can be moved along the track between a low point of the locked portion and the unlocked portion. The LFC can be moved in response to received input, and if the input is not sufficient to move the LFC from the locked region to the unlocked region, the LFC can be moved back down the positive-sloped lock track to the low point. The security component can control information to be displayed in an overlay display region in accordance with security level(s) of the device or application.04-14-2011
20110083173Secure Transaction Systems and Methods - A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data, which is received from the user. The web browser plug-in then communicates a transaction confirmation to the server.04-07-2011
20110252463METHOD AND SYSTEM FOR PROVIDING ENTERPRISE PROCUREMENT NETWORK - According to an embodiment, the present invention provides a computer system. The computer system includes one or more processors and a computer-readable medium in communication with the one or more processors. The computer system also includes an enterprise social network system, implemented by an enterprise application stored on the computer-readable storage medium, for retrieving and providing procurement information from a plurality of social network entities associated with the enterprise social network system, the enterprise social network system comprising a set of instructions executable by the one or more processors to perform one or more operations. The set of instructions includes instructions for providing, at a computer system, a user interface for receiving input from a user. The set of instructions includes instructions for providing a user profile for a user, the user profile being stored at the enterprise social network system, the user being associated with a plurality of network entities, the user profile including a first plurality of user attributes.10-13-2011
20110072500Client Identification System Using Video Conferencing Technology - A system and process for identifying a client, comprising a client device having a video camera and a voice transmitting and receiving device capable of transmitting a client's image and voice via a communication carrier system and a communications network to a user terminal, whereby the user terminal permits an authentication of the client's image and voice in real time. Another aspect of the present invention includes a method of identifying a fraudster, comprising the steps of using a client device having a video camera and voice transmitting and receiving device to initiate an authentication of a client's identity, transmitting the fraudster's image and voice over a communication carrier system and a communications network to a user terminal, comparing the fraudster's image and voice to client data, and storing the fraudster data.03-24-2011
20110061096CONTROLLING ACCESS TO DIGITAL CONTENT - Method for utilizing digital content is provided. The method includes controlling a throughput rate for utilizing the digital content by an accessing system, where the throughput rate is associated with information related to the digital content and is stored as a file. The throughput rate is controlled by a storage system that is operationally coupled to the accessing system.03-10-2011
20130160099TOKEN BASED SECURITY PROTOCOL FOR MANAGING ACCESS TO WEB SERVICES - Token based techniques for managing client access to individual methods or resources provided by an application or service can be implemented at the application server hosting the application or service. Such techniques include performing client authentication and authorization based on information associated with the client as specified in a security token generated for the client. The security token associated with the client enables a service provider to monitor and control client access to the methods of the service on an individual basis.06-20-2013
20130160100METHODS AND SYSTEMS FOR INCREASING THE SECURITY OF NETWORK-BASED TRANSACTIONS - A method for enhancing the security of systems and resources involved in conducting network-based transactions on mobile communications devices includes comparing authentication data requested to be captured from a user as part of an authentication transaction against authentication data anticipated by the user to be captured during the authentication transaction. The method also includes authenticating the requested transaction when the user decides that the requested authentication data agrees with the anticipated authentication data, and conducting a network-based transaction from a mobile communications device, if the user is authorized, after successfully authenticating the identity of the user.06-20-2013
20130160102Fully Electronic Notebook (ELN) System And Method - A system, for record keeping in scientific, industrial, and commercial applications where records are used to document inventions and discoveries, such as in a research laboratory. Such systems are referred to in the applicable field as Electronic Laboratory Notebooks (ELNs). The system deploys data validation and signature validation modules to ensure data integrity and satisfy legal requirements for signature and witnessing documents in a completely paperless environment.06-20-2013
20130160103IMAGE COLLECTION BASED INFORMATION SECURITY METHOD AND SYSTEM - An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled.06-20-2013
20130160104ONLINE ACCOUNT ACCESS CONTROL BY MOBILE DEVICE - Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. A user verification query message can be sent to the mobile device. A user verification response message can be received from the mobile device. The user verification response message can include verification information that is different from login information for the online account. The user verification response message can be verified by comparing the verification information to stored information. If the user verification response message is successfully verified, the action indicated in the access control message can be performed on the online account.06-20-2013
20110041174CONTENT DISPLAY DEVICE - A content display device includes a content setting storage means 02-17-2011
20110030042LDAPI COMMUNICATION ACROSS OS INSTANCES - Methods and apparatus for connecting a client on a first operating system to a server on a second operating system using LDAPI communication includes establishing privacy between the first and second operating systems, identifying the client to the server, identifying the server to the client to establish a trust by the client of the server, and sending LDAPI messages between the client and the server.02-03-2011
20100325711System and Method for Content Delivery - A system for content delivery operates as a static network device for delivering content to a mobile node. The system includes a transceiver adapted to receive a device identifier over a public network from the mobile node, the device identifier based on a combination of user-configurable and non-user-configurable parameters of the mobile node, a processor operatively coupled to the transceiver and to memory storing executable code. Executed, the code enables the processor to access a database of authorized device identifiers corresponding to known mobile nodes, establish, in response to the received device identifier matching one of the authorized device identifiers, a secure private network (SPN) with the mobile node, the established SPN tunneling across a segment of the public network, obtain the content for the mobile node, and send the content to the mobile node via the SPN.12-23-2010
20100325713MOBILE TERMINAL, DATA COMMUNICATION METHOD, AND COMPUTER PROGRAM - A mobile terminal includes a near-field communication device capable of performing near-field wireless communication with an external device, and a controller configured to instruct the external device or the near-field communication device to execute a command. The near-field communication device has a storage unit, a first mutual authentication unit for authenticating the controller and for requesting the controller to authenticate the near-field communication device, a first communication key setting unit for setting a first communication key, a second mutual authentication unit for authenticating the external device and for requesting the external device to authenticate the near-field communication device, and a second communication key setting unit for setting a second communication key. The controller and the near-field communication device perform secure communication using the first communication key, and the near-field communication device and the external device perform secure communication using the second communication key.12-23-2010
20120204247SYSTEM AND METHOD FOR IMPROVING SECURITY OF USER ACCOUNT ACCESS - A system and method for providing access to a user account is provided, and in particular for improving the security to a user when entering access details, for example when logging on to Internet sites, networks, software and web applications. On one form, there is a system for providing access to a user account via an electronic device having a visual display screen, including communication means for issuing at least one security identifier to the user, said security identifier including one or more characters chosen from a predetermined character set; a database for storing said at least one security identifier and said predetermined character set; a processor for providing an access interface on said visual display screen for said user to input said security identifier, wherein said access interface includes a graphical display character set which includes at least the characters comprising the security identifier; and for comparing said security identifier entered by said user on the graphical display character set to the security identifier stored in said database, and for comparing said security identifier entered to a predetermined security identifier stored in said database, and if comparison is successful, providing access to said user account.08-09-2012
20100269167VIRTUAL MACHINE EXECUTION PROGRAM AND INFORMATION PROCESSING DEVICE - A program for causing an information processing device to execute a process is recorded on a computer-readable storage medium. The process includes: obtaining an identification of a logged-in account; referencing information that associates an identification of an account with a virtual machine to be permitted to make a communication; recognizing a first virtual machine corresponding to the obtained identification by using the referenced information; executing one or a plurality of virtual machines on the information processing device that is a physical machine; determining whether or not a second virtual machine from which data is transmitted toward a network is the first virtual machine; allowing the data to pass through and transmitting the data toward the network if the second virtual machine is determined to be the first virtual machine; and discarding the data if the second virtual machine is determined not to be the first virtual machine.10-21-2010
20080229400Remote Entry System09-18-2008
20120204246ESTABLISHING A SECURE CHANNEL WITH A HUMAN USER - A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated.08-09-2012
20100005521Method of Securing Password in Web Page and Computer-Readable Recording Medium Storing Program for Executing the Same - Provided are a method of securing a password in a web page and a recording medium storing a program for executing the method. The method of accessing a web page provided by a specific web server through a web browser of a user terminal and then securing a password value input from a keyboard of the user terminal to a password input window provided by the web page includes encoding the password value input to the password input window, and then decoding the encoded password value at the same time when a log-in event of the web page occurs. According to the method, it is possible to prevent a password value input to a password input window of a web page from being intercepted by malicious programs before the password value is transmitted to the corresponding web server.01-07-2010
20090328176Web Based Access To Clinical Records - A system and method for providing access to clinical data over the Internet. The system includes a server, and a database in communication with the server. The database stores clinical data sets. The system further includes a thin client, a communication link between the server and the Internet, and a communication link between the thin client and the Internet. Software executing on the server receives a request for one or more clinical data sets, retrieves the requested clinical data sets, and transmits the clinical data sets to the thin client.12-31-2009
20100269164ONLINE SERVICE DATA MANAGEMENT - The claimed subject matter relates to an architecture that can facilitate automatic backup and versioning of online content. Appreciably, the architecture can relate to a network-accessible, online data archival service with a central backup data store for archiving online content published to disparate online services for clients of the archival service who are also clients of the disparate online service(s). The architecture can maintain rich content versioning, and can further provide additional services with respect to archived data such as restoration (to the original site, a disparate site, or a user device); synchronization between various online sites or between one or more sites and the backup data store; and conversion. The conversion can be employed in connection with backup, restore, or synch procedures and can apply to either a file format of the content or to a scope of the source of the content versus the scope of the destination.10-21-2010
20090249461BUSINESS MANAGEMENT SYSTEM - There is provided a management server technology that allows a user to continuously use a business function of a business server without logging in again to the business server, even if the authority of the user to the business server is changed. The business server receives an access from a user terminal, and requests a management server to perform user authentication. In response to the authentication request, the management server determines a future scheduled authority of the user, generates not only authority information at the time of the user authentication, but also a determination result including the future scheduled authority information, and transmits them to the business server. The business server provides the user terminal with a new business function based on the scheduled user authority information, upon expiration of a validity period of the user authority to the current business function.10-01-2009
20090241177SECURITY SYSTEM FOR A COMMUNITY BASED MANAGED HEALTH KIOSK SYSTEM - The present invention is directed to security systems for community based managed health kiosk systems, and more particularly to protecting the privacy of a user's health information originally obtained at a community-based kiosk system. The disclosed security systems can be combined with community based managed health kiosk systems to enable a patient, or user, to obtain knowledge of his or her health condition/status and to obtain health services from remotely located health care professionals without risk of dissemination of confidential personal health information and records.09-24-2009
20090241176LOAD BALANCING IN SERVER COMPUTER SYSTEMS - Systems and methods to implement load balancing of connections to a server computer in a server collection are described. The server collection receives connection requests from remote clients over a network. A session broker evaluates one or more load parameters of the server computers in the server collection and, based on those load parameters, determines load associated with each server computer. The session broker redirects the connection requests to the server computer which has a lesser load.09-24-2009
20110258689Device pairing via device to device contact - A system may include and/or involve a first device, a second device, and logic to effect pairing of the first and second devices upon detection of physical contact between the devices.10-20-2011
20110162055Business Process Enablement For Identity Management - A method, system and computer program for business process automation facilitates transforming a user's identity/credentials as part of the enablement of transaction fulfillment, e.g., within a SOA environment. In one embodiment, identity and attribute information is added to one or more business process models that each represents a sub-transaction within an overall transaction fulfillment business process flow. As the business model is mapped to an execution environment, the identity and attribute information in the model is used to configure appropriate tooling to define the identity/attribute transformation required to complete the particular portion of the transaction represented by the model. In a representative implementation, the business process models conform to BPEL4WS, and one or more of these models are extended with identity mapping information such that, during transaction fulfillment, local identity mapping transformations provide the identity/credential propagation required to support the business process.06-30-2011
20080320574SYSTEM, METHOD AND PROGRAM FOR AUTHENTICATION AND ACCESS CONTROL - System, method and program for managing a production server. An authentication server sends to the production server via a network a group password for a GroupID to access a file in the production server. A user at a workstation sends via a network to the authentication server an individual UserID and corresponding individual password for the user and a request for the group password for the GroupID to access a file in the production server protected by the group password. In response, the authentication server authenticates the individual UserID with the corresponding individual password and returns to the workstation the group password for the GroupID. After receiving the group password from the authentication server, the user at the workstation sends via a network to the production server the group password and GroupID and a request to access the file in the production server protected by the group password. In response, the production server authenticates the GroupID with the group password and grants the user access to the file.12-25-2008
20080320575SYSTEM AND METHOD FOR DATA CAPTURE AND REPORTING - A database system includes an intermediary program that provides a variety of functions. Logging on to the intermediary program results in log-in information being transmitted from an encrypted file to the database system via the intermediary program. The database system includes the ability for the user to enter criteria for a query in a variety of different manners, including the ability to directly modify generated SQL statements and the ability to use input lists in creating queries. In addition, the queries entered by the user can be stored in a separate database, such that the efficiency and operation of the database system can be improved. In addition, the delivery of query results and reports allows for delivery of files that are associated with a data period in any format and also allows the user to receive multiple reports in a single, compressed file.12-25-2008
20090125998SYSTEMS, METHODS AND DEVICES FOR SECURE REMOTE-ACCESS COMPUTING - Previous attempts to provide systems or methods for remote-access computing typically involve the use of subscription-based third party platforms. The third party platforms serve as an intermediary between a home (or primary) computer and a local-host computer. There are a number of problems associated with these third party platforms that generally affect the security of information and possible performance expectations of users. By contrast, provided by aspects of the present invention there are systems, methods and devices for secure remote-access computing that enable more secure remote-access computing and may enhance predictability of performance from the perspective of the user.05-14-2009
20080313722MOBILE TERMINAL FOR SETTING BOOKMARKING AREA AND CONTROL METHOD THEREOF - A mobile terminal for setting a bookmarked region and its control method are disclosed. According to the method for controlling a mobile terminal, one region of a screen image of an accessed Web page is selected as a select region, and the select region is set as a bookmarked region. When the Web page is re-accessed, the set bookmarked region is displayed as an initial access screen image. Accordingly, when the Web page is re-accessed through bookmarking, the set bookmarked region can be displayed as the initial screen image.12-18-2008
20110055911BUSINESS VALIDATION BASED SOCIAL WEBSITE ACCOUNT AUTHENTICATION - Methods of the present inventions allow for verifying the authenticity of social website accounts. An example embodiment of a business validation based social website account authentication method may comprise the steps of receiving a request (that may include a business name and a business email address) to verify the authenticity of a social website account, validating the business name and business email address, and determining whether the domain name is registered to and under control of the business. If the business name and business email address are both validated, and the domain name is registered to and under control of the business, the social website account's authenticity may be certified.03-03-2011
20100325712INFORMATION PROCESSING APPARATUS, SECURITY METHOD, AND STORAGE MEDIUM STORING SECURITY PROGRAM - An information processing apparatus includes a key information table memory for storing, in a key information table, key information including first identification information identifying a first nearby device communicating with the information processing apparatus, a communication unit for communicating with a second nearby device present at a location where the second nearby device is communicable with the information processing apparatus, a nearby device information retrieval unit for retrieving nearby device information including second identification information identifying the second nearby device, a movement halt detector for detecting a movement status of the information processing apparatus, a functional limitation determiner for determining, based on the key information, the nearby device information, and/or the movement status, whether to limit execution of a process of a function of the information processing apparatus and a functional limitation executer for controlling the execution of the process based on the determination results.12-23-2010
20100313252System, method and apparatus for creating and using a virtual layer within a web browsing environment - A system and a method for configuring a user-editable layer within a network are disclosed. The system includes a client computing system including a web browser. The web browser further includes a loaded webpage configured to obtain web content from a universal network server through a web address. The system further includes an application object model to collect objects from the client computing system and the universal network server. The system for configuring the user-editable layer within the network further includes a plug-in unit coupled to a layer definition server and an authenticating server for authenticating user credential information. The user-editable layer may include at least one of a virtual layer, an emulating layer, an upgradable layer and the like.12-09-2010
20110167486CLIENT-SIDE AD CACHING FOR LOWER AD SERVING LATENCY - Advertisements are served over the Internet to clients on demand. A client module executing on a client device fetches advertisements over the Internet from an advertisement server. The client module stores these advertisements in a cache on the client device. When an application executing on the client device needs to display an advertisement, instead of contacting the advertisement server directly, the application makes a call to the client module. The client module, instead of contacting the advertisement server immediately, determines whether the cache on the client device contains any advertisements that satisfy criteria specified by the application. If the cache does contain advertisements that satisfy the criteria, then the client module provides those advertisements to the application. Otherwise, then the client module requests criteria-satisfying advertisements from the advertisement server at that time, and provides at least one of those to the application.07-07-2011
20120311687System, Method And Computer Program Product For Authenticating A Client - A system, method and computer program product are provided for authenticating a user. The method includes receiving, such as from an authenticator, a set of at least one label identifying at least one element of an authentication matrix. The authentication matrix includes a plurality of elements, each element capable of being identified by a label. Then, a passcode is formulated, such as by the client, based upon the element(s) identified by the received set of label(s). Thereafter, the client is authenticated based upon the formulated passcode, such as by the authenticator. The set of label(s) can be received, the passcode can be formulated, and the client can be authenticated a plurality of times. In such instances, to permit the passcode to dynamically change, each set of label(s) received can differ from each previously received set of label(s).12-06-2012
20120311686SYSTEM AND METHOD FOR SECURE IDENTITY SERVICE - A system and method for securely processing identity information. For example, in one embodiment of the invention, a first user is registered on an identity service with one or more identification (ID) codes and a token. In response to a query from a second user to connect with the first user, a query signature is generated using the one or more ID codes and token of the first and second users, and a timestamp. The query signature is usable by network services to authenticate communication between the first and second users on the network over a specified period of time. In another embodiment, user ID codes and tokens are cached on mobile devices and/or a system cache to improve performance. The validity of the cached data is determined by calculating a fingerprint which, in one embodiment, is a hash of the ID code, token and a timestamp.12-06-2012
20110126274SYSTEMS AND PROCESSES FOR SECURING SENSITIVE INFORMATION - Securing sensitive information [05-26-2011
20110126273SYSTEM AND METHOD FOR ENHANCED DATA SECURITY - A method for protecting data stored in a data repository. The method includes verifying authenticity of a user at each of a plurality of levels. Furthermore, the method includes directing the user to one of a first path or a second path based on the verification of the authenticity of the user at each of the plurality of levels. Systems and computer-readable medium that afford functionality of the type defined by this method are also contemplated.05-26-2011
20110041169LIVE ACTION ICONS FOR THE INTERNET - Liver action icons for the Internet which allow “functionality” and “actions” to occur wherever the user might intuitively think there is an “action” to be had or done. It may enable users to interact with various websites with a set of live action icons, each of which may be used to perform a certain function. One of the live action icons may be used to display the login interface of a website. Another live action icon may be used for online shopping. The live action icons may speed up the interaction between users and websites, saving users time for looking up a function button on a webpage or repeatedly inputting user information.02-17-2011
20120311685DISTRIBUTED NETWORK NAME - Aspects of the subject matter described herein relate to a distributed network name. In aspects, computers of a cluster have components of a distributed network name service. The network name service has a leader and clones that are hosted on the computers of the cluster. The leader is responsible for updating a name server with network names and addresses of the computers. The leader is also responsible for configuring a security server that allows clients to securely access the computers. The network name service provides credentials to local security authorities of the computers so that a client that attempts to access a service of the computers can be authenticated.12-06-2012
20110138449PURE OFFLINE SOFTWARE APPLIANCE CONFIGURATION - One or more online configuration settings are received prior to deployment and execution of a software appliance. Once the configuration settings have been received, the online configuration settings can be utilized to configure a software appliance image prior to executing the image at a host computer. Once the application of the configuration settings to the image has been completed, the image may executed at a host computer.06-09-2011
20110138450Secure Transaction Systems and Methods using User Authenticating Biometric Information - A user transaction request is received at a client device. A web browser plug-in communicates the user transaction request to a server that determines whether the user transaction request is a secure transaction. Transaction data is received from the server via the web browser plug-in. If the received transaction data indicates a secure transaction, the user is prompted to provide biometric data from a user using a biometric device and related security protocols. The web browser plug-in then communicates a transaction confirmation to the server.06-09-2011
20110138451METHOD AND SYSTEM FOR AN INTERCEPT CHAIN OF CUSTODY PROTOCOL - Techniques for establishing a chain of custody for intercepted electronic information are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method, comprising securely negotiating a data collection interval time and protocol support for electronic data collection between network equipment associated with a data collecting party and network equipment associated with a data receiving party, receiving a nonce at a network equipment associated with the data collecting party from network equipment associated with the data receiving party, utilizing the nonce to compute, at least in part, a hash value at network equipment associated with the data collecting party, collecting electronic data at an intercept access device at network equipment associated with the data collecting party, utilizing the nonce and the hash value to transmit the collected electronic data to network equipment associated with the data receiving party, and utilizing the hash value to establish a chain of custody between the data collecting party and the data receiving party.06-09-2011
20100011427Information Storage Device Having Auto-Lock Feature - An information storage device is protected from unauthorized access by requiring periodic re-authentication of user credentials. Failure to correctly re-authenticate within a time window results in the automatic locking of the portions of the storage device that have been previously enabled for the user so that they are no longer accessible.01-14-2010
20110061097METHOD AND SYSTEM FOR MANAGING ACCESS TO PROTECTED COMPUTER RESOURCES PROVIDED VIA AN INTERNET PROTOCOL NETWORK - A method and system for controlling access, by an authentication server, to protected computer resources provided via an Internet Protocol network that includes storing (i) a digital identification associated with at least one client computer device, and (ii) data associated with the protected computer resources in at least one database associated with the authentication server; authenticating, by the authentication server, the digital identification forwarded by at least one access server; authorizing, by the authentication server, the at least one client computer device to receive at least a portion of the protected computer resources requested by the at least one client computer device, based on the stored data associated with the requested protected computer resources; and permitting access, by the authentication server, to the at least the portion of the protected computer resources upon successfully authenticating the digital identification and upon successfully authorizing the at least once client computer device.03-10-2011
20090199282TECHNIQUES FOR NON-UNIQUE IDENTITY ESTABLISHMENT - Techniques for non-unique identity establishment are presented. A plurality of biometric data associated with a user is acquired from a plurality of biometric devices. The intersection of the biometric data is registered or a vector for the biometric data is registered. This information is also registered along with answers to questions provided by the user. When a user attempts to subsequently access a secure resource of a network, the retained information is compared against user-supplied biometric data and in some cases where appropriate user-supplied answers to establish an identity of the user and to authenticate the user for access to the secure resource.08-06-2009
20100115595Method and Apparatus for Establishing Security Inflow Contracts - A method and apparatus for establishing a security inflow contract between a work-initiating system and a work-performing system. A portable, generic security inflow contract between an EIS/connector and an application server is provided that enables the connector to establish security information while submitting a work instance for execution to a work manager and while delivering messages to message endpoints of the application server. The security inflow contract enables all activities of a work instance that is submitted by a connector to be performed in the context of an established identity, thus insuring that all interactions between an application server and an EIS/connector are secure, and may prevent unauthorized access to application components deployed in an application server.05-06-2010
20100115596Method and System for Creating and Sharing Bookmarks of Media Content - A method for facilitating a bookmark server to create a bookmark from content associated with a content source is disclosed. The method comprises a remote device selecting a portion of the content associated with the content source, based on an input received via a user interface. The remote device then generates metadata associated with the selected portion of the content. The metadata includes information pertaining to the content source and the content. The remote device communicates with the bookmark server, which can access the content associated with the content source. The remote device sends the metadata to the bookmark server along with a request message to the bookmark server to create the bookmark based on the metadata.05-06-2010
20110088085PROTECTING PASSWORD FROM ATTACK - A password may be provided along with a validation code, which can help prevent the password from being sent to the wrong recipient. When a password is created, a validation code may be created based on (a) the password, and (b) the identity of the target of authentication (TA) to which the password is intended to be sent. When a user is requested to provide a password, validation component intercepts the request and asks the user to enter both the password and validation code. The validation component then re-calculates the validation code based on the entered password and on the TA that is requesting the password. If the re-calculated validation code matches the validation code entered by the user, then the password is released to the user agent that the user uses to communicate with the TA, and the user agent sends the password to the requesting TA.04-14-2011
20100205663SYSTEMS AND METHODS FOR CONSUMER-GENERATED MEDIA REPUTATION MANAGEMENT - TruCast is a method for management, by way of gathering, storing, analyzing, tracking, sorting, determining the relevance of, visualizing, and responding to all available consumer generated media. Some examples of consumer generated media include web logs or “blogs”, mobile phone blogs or “mo-blogs”, forums, electronic discussion messages, Usenet, message boards, BBS emulating services, product review and discussion web sites, online retail sites that support customer comments, social networks, media repositories, and digital libraries. Any web hosted system for the persistent public storage of human commentary is a potential target for this method. The system is comprised of a coordinated software and hardware system designed to perform management, collection, storage, analysis, workflow, visualization, and response tasks upon this media. This system permits a unified interface to manage, target, and accelerate interactions within this space, facilitating public relations, marketing, advertising, consumer outreach, political debate, and other modes of directed discourse.08-12-2010
20110145903UNIFIED USER LOGIN FOR CO-LOCATION FACILITIES - A logical customer organization model is applied to group the individual agreements into separate logical customer organizations, wherein the groupings can be region based groupings, organization groupings and departmental groupings. Unified login identification (ID) model is applied to enable a first user to login to a portal using a first login ID to access a first asset in a first asset group according to a first logical customer organization. The unified login ID model enables the first user to use the same first login ID to access a second asset in the first asset group according to the first logical customer organization. The unified login ID model also enables the first user to login to the portal using a second login ID to access one or more assets in a second asset group according to a second logical customer organization. Each of the first and second logical customer organization may be associated with one or more asset groups and one or more user groups.06-16-2011
20120151567Reusable Authentication Experience Tool - A reusable authentication component may be integrated into a web page to communicate with an authentication server and authenticate a user to the web page. The reusable authentication component may implement a complex authentication process, including multiple user interfaces to receive multiple assurances of user identity and user confirmation of previously stored mutual authentication data. The authentication process may be performed by the authentication component without refreshing or redirecting the parent web page until completion of a successful user authentication, after which the parent web page may receive authentication data and refresh to provide user specific and/or secure user data on the web page.06-14-2012
20090300744TRUSTED DEVICE-SPECIFIC AUTHENTICATION - An authentication system combines device credential verification with user credential verification to provide a more robust authentication mechanism that is convenient to the user and effective across enterprise boundaries. In one implementation, user credential verification and device credential verification are combined to provide a convenient two-factor authentication. In this manner, an account authority service or other authentication provider verify both factors and provide a security token in accordance with the security policy of the account network resource the user is intending to access. The level of privilege granted by the target account network resource can vary depending on the number and type of factors verified by the account authority service.12-03-2009
20090178127Authentication system, authentication server, authenticating method, authenticating program, terminal, authentication requesting method, authentication requesting program, and storage medium - Disclosed herein is an authentication system offering high degrees of security and convenience by use of two storage media. An automatic log-in system (07-09-2009
20110265165Automated User Authentication Identification for Customized Converged Services - Systems and methods are disclosed for providing automated user authentication utilizing available authentication data associated with a computing device. By utilizing a mobile identification number verified during an authentication, authorization, and accounting (AAA) process performed when a mobile computing device is powered on, access to a privileged content or service may be granted, allowing a user to bypass manual entry of user authentication information (user ID and password). Utilizing a verified mobile identification number, service features and functionalities may be communicated between billing systems of a service provider, which may provide for further converged, customized services.10-27-2011
20110265163METHODS AND SYSTEMS FOR USER INTEGRATION - Methods and systems for user integration are described. In an example embodiment, a method for user integration comprises accessing a network identifier of a user and user job data of the user from a user database, accessing credential data of the user from a credential database, using the network identifier to access an administrative network identifier associated with the user, a status of a user administrative account associated with the user, an administrative user name associated with the user, and a security template identifier associated with the user, transmitting user information to a collaboration site, the user information including the network identifier of the user, the user job data of the user, the administrative network identifier associated with the user, and the security template identifier, populating a roster on the collaboration site.10-27-2011
20110265162HOLISTIC RISK-BASED IDENTITY ESTABLISHMENT FOR ELIGIBILITY DETERMINATIONS IN CONTEXT OF AN APPLICATION - A set of Service Oriented Architecture (SOA) services can be utilized by applications executing in protected application environments external to a SOA environment. The SOA services can include an identity service, a eligibility service, and a security risk assessment service, each of which generates a percentage of risk when run. SOA services can be dependent on specific applications and application cases, each being a specific context of an application, so that results vary by application case. The SOA environment can store data, which is constantly being updated about people, which is used by the SOA services. In one embodiment, sensitive or confidential data can be maintained in the protected application environment and can be isolated from the SOA environment. Rules, criteria, factors, and the like used by the SOA services can be customized at an arbitrary level of complexity for specific applications and application cases.10-27-2011
20110265166INTEGRATED AUTHENTICATION - Authentication to a network resource of a user associated with a mobile communication device is disclosed. A message is received from a device. The message includes a hardware identifier of the device, and identifies a network resource as the destination of the message. A user identity is associated with the hardware identifier, and is sufficient to obtain session credentials from an authentication resource. Session credentials are obtained from the authentication resource. The session credentials are used to authenticate the associated user identity to the network resource.10-27-2011
20110265169USER-DEPENDENT CONTENT DELIVERY - A gateway is provided between an application and a server. The gateway is used to modify content sent from the server to the application via the gateway. The modification may include adding, removing or modifying content. The modification process is user-dependent and an identity management system is used for identifying the user.10-27-2011
20110265168POLICY ENGINE FOR CLOUD PLATFORM - A policy engine is situated between the communications path of a cloud computing environment and a user of the cloud computing environment to comply with an organization's policies for deploying web applications in the cloud computing environment. The policy engine intercepts communications packets to the cloud computing environment from a user, such as a web application developer, for example, in preparation for deploying a web application in the cloud computing environment. The policy engine identifies commands corresponding to the communications packets and directs the communications packets to appropriate rules engines corresponding to such commands in order to execute rules to comply with an organization's policies. Upon completion of execution of the rules, the communications packets are forwarded to the cloud computing environment if they comply with the policies.10-27-2011
20110191838Authentication Using Transient Event Data - Some embodiments provide a method for authenticating a user to access computing resources that uses transient event data regarding previous interactions of the user with the computing resources. The method receives a notification that a user is unable to provide a correct user identifier and password. The method generates authentication questions for the remote user using the transient event data. The authentication questions are presented to the user. The method authenticates the user based on answers to the password recovery questions. The user may be a remote user and the computing resources are a set of application servers to which the user has forgotten a password. The computing resources may be a portable device that the user wishes to access remotely in order to delete data from the portable device.08-04-2011
20100031334SECURE ACCESS - A system and method for controlling access to a protected network resource is provided. Access is controlled as follows. User credentials received with a request from a user for access to the protected network resource are checked against predetermined user information so as to authenticate the user; The request is made via a network access point located within a restricted area. The recorded location of the user is checked to determine whether the user is recorded as being within the restricted area. Access to the protected network resource is allowed if the user credentials are authenticated and the user is recorded as being within the restricted area. The user's network connection is monitored and, on detection that the user is disconnected from the network, the user is recorded as not located within the restricted area. Additional credentials are required from the user to support the user's request when the user is not recorded as being within the restricted area.02-04-2010
20100031333SECURE EMAIL - Methods of paying debt over a network and debtor computer systems are provided for forming a secure email link between the debtor computer system and a creditor computer system; transmitting a notice of debt from the creditor computer system to the debtor computer system using the secure email link; and paying at least a portion of the debt at the debtor computer system based upon the notice of debt. The secure email link may be formed over a peer-to-peer email system.02-04-2010
20100024022METHODS AND SYSTEMS FOR SECURE KEY ENTRY VIA COMMUNICATION NETWORKS - According to some embodiments, a member authentication request is received at a security server from a client server. The member authentication request may be associated with, for example, a member attempting to access confidential information from the client server. A secure key associated with the member may be determined and data associated with that key may be transmitted to the member (e.g., via his or her wireless device or computer). Secure key information may be received from the member and validated. Based on the validated secure key information, it may be arranged for the member to receive the confidential information from the client server.01-28-2010
20100024021SYSTEM AND METHOD FOR SECURE OPERATION OF A MEDICAL RECORDS REPORTING SYSTEM - A system for accessing, updating, and maintaining health records of a medical data and reporting system. The system can comprise one or more data processors and a module configured to execute on the one or more data processors. The module can be configured to validate a particular user based upon patient identifying information, where the module is further configured to obtain patient identifying information from one or more computer-readable mediums, a voice response system, a mobile device, a global positioning system, and a biometric system. Additionally, the module can be configured to enable the user to securely access the medical data and reporting system and to report the data to the user.01-28-2010
20100024020Wireless mobile device with privacy groups that independently control access to resident application programs - An exemplary method implemented by a wireless mobile device controls user access to programs and files defining items that are resident on the mobile device. A first icon associated with a corresponding first program installed on the wireless mobile device is displayed on the screen of the wireless mobile device, where the first icon can be seen by any person using the wireless mobile device and the corresponding first program is available for execution to said person. A privacy gate and a corresponding privacy icon displayed on the screen are created using a privacy interface program installed on the wireless mobile device. A password associated with the privacy gate is entered by a first user so that a subsequent request by a user to traverse the privacy gate will require entry of this password. The first program and the privacy gate are linked so that a user must traverse the privacy gate in order to execute the first program.01-28-2010
20100024018Keyboard Display Posing An Identification Challenge For An Automated Agent - Methods, systems, and computer readable medium storing computer executable programs for communicating symbol data using a keyboard display that poses an identification challenge for an automated agent are disclosed. A first plurality of symbols is provided. A dynamic version of each of the first plurality of symbols is defined. The dynamic version of each of the first plurality of symbols includes a noise component. A keyboard display arrangement for displaying the dynamic version of each of the first plurality of symbols in a keyboard display is defined. A display mechanism operable to display the keyboard display including the dynamic version of the first plurality of symbols in accordance with the keyboard display arrangement is provided.01-28-2010
20100024017Location-Based Authentication of Online Transactions Using Mobile Device - Systems, methods, and software for implementing location-based authentication of both online and mobile web-based transactions. This implementation may involve verifying whether a mobile device (such as a cellular telephone) is proximate to a computer from which the transaction is being performed. Depending upon the location of the mobile device, further transactions may be approved or rejected. In further implementations, the transactions may be made from the mobile device itself. In this case, the location of the mobile device compared with one or more pre-stored locations may affect whether further transactions from the mobile device are approved or rejected.01-28-2010
20100024016Method and apparatus for protection domain based security - A first application instance is associated with a protection domain based on credentials (e.g.: a signed certificate) associated with a set of application code that, when executed, gives rise to the application instance. The first application instance executes in a first execution context. An indication is received that the first application instance seeks access to protected functionality associated with a second execution context. In response to receiving the indication, a determining is made as to whether the first application instance has permission to access the protected functionality. The determination is made by determining the protection domain with which the first application instance is associated, and determining if the protection domain with which the first application instance is associated is in the set of one or more protection domains.01-28-2010
20100017864SYSTEM FOR PUBLISHING AND CONVERTING MESSAGES FROM IDENTIFIED, AUTHORIZED SENDERS - A message publishing system operative to process a message from a sender in a first format has a central processor; at least one sender account, at least one storage area configured to store at least a first portion of the message, and software executing in the central processor. The processor is configured to identify the sender of the message as an authorized sender based on information associated with the message in comparison to data in the sender account, wherein the identification is dependent upon the first format. The processor is configured to convert at least a second portion of the message from the first format to a second format. The processor is also configured to publish the converted second portion of the message so as to be viewable in the second format only if the sender has been identified as an authorized sender.01-21-2010
20100017863PORTABLE STORAGE APPARATUS FOR PROVIDING WORKING ENVIRONMENT MIGRATION SERVICE AND METHOD THEREOF - Provided are an apparatus and method for providing a working environment migration service. The portable storage apparatus, includes: a management and execution unit for performing user authentication by connection to an external user terminal, managing a user profile and application information, and executing a context management unit; a working environment storage unit for storing an application context and data representing the working state at the time of log out; and the context management unit for recovering and executing the application context and data stored in the working environment storage unit upon execution by the management and execution unit, and collecting the application context and data representing the working state at the time of log out, and storing them in the working environment storage unit.01-21-2010
20100017862METHOD AND RELATED SYSTEM FOR AUTHENTICATING E-LEARNING STUDY - This invention provides an e-learning system having a capability for authenticating the learner's ID via Internet with the learner's physical Bio-ID such as a fingerprint, an iris and/or a vein of the learner into the login process and additional periodic checking according to the instruction signal generated by the contents. Accordingly, once a learner successfully logs into his or her account, the computer will monitor each learner's progress on a lecture or an examination. Thus, the invention enable to operate a full online distance education from a single database for the worldwide learners, at each learner's own space and scheduling, anytime, anyplace, in any of the major languages selected by the learners and accurately account credit hours of each learner by the lectures and examination on demand for conferring a degree or to transfer the credit to the university where they will earn their degrees.01-21-2010
20090070862Method and System for Enabling a First Party to Provide a Second Party With Personalized Digital Content - A method for enabling a first party to provide a second party with personalized digital content includes at a network unit: in response to receiving a request from a first party, the request including an identifier identifying a second party, retrieving identity credentials of the second party; and transmitting the identity credentials of the second part to a first party or to a content providing system; and in a content providing system: in response to receiving: a) an identifier from the first party, the identifier identifying digital content in a digital content storage, and b) the identity credentials of the second party, personalizing digital content using the identity credentials, the personalizing adapted to enable the second party to reproduce the digital content but to prevent any unauthorized party to reproduce it; and delivering the personalized digital content to the first party.03-12-2009
20120042366SECURE AND USABLE AUTHENTICATION FOR HEALTH CARE INFORMATION ACCESS - Embodiments of the invention relate to providing a health care provider access to an electronic record of a patient may be provided. A determination is made as to whether the health care provider is logged onto a computer system in a physical area assigned to the patient. Whether the health care provider is logged onto the computer system during working hours of the provider is also ascertained. The health care provider is provided with access to the electronic record of the patient via the computer system if the determining resolves to true and the ascertaining resolves to true.02-16-2012
20120210410NETWORK SECURITY MANAGEMENT FOR AMBIGUOUS USER NAMES - A method of managing network security can include receiving a user input comprising a user name and a password, determining whether the input user name potentially corresponds to a plurality of user accounts, determining whether the password is valid, and determining whether each of the user accounts is locked. The method can include selecting a security response to the user input based upon whether the input user name potentially corresponds to the plurality of user accounts, whether the password is valid, whether each of the user accounts is locked, and outputting the security response.08-16-2012
20120042365DISPOSABLE BROWSER FOR COMMERCIAL BANKING - Methods, computer program products, and apparatuses are provided for performing and facilitating secure communication between a client-side computing device and a remote application server through a virtual computing environment provided by an intermediate virtualization server. The virtual computing environment includes a disposable component, allowing all settings to be initialized to a secure state after each user session.02-16-2012
20090172795SECURE SINGLE-SIGN-ON PORTAL SYSTEM - A computer-implemented portal system facilitates access to secure data and multiple secure-access internet sites. The system authenticates a user based on a single-sign-on identifier (ID) and password. The system stores user authentication information for the secure-access internet sites so that once the user is authenticated, the system can automatically authenticate the user to the sites, thus allowing the user to access multiple secure sites after a single manual authentication.07-02-2009
20120042368METHOD FOR ESTABLISHING A PROTECTED SETUP AND WIRELESS REGISTRATION REQUESTING DEVICE IMPLEMENTING THE SAME - A method and apparatus for automatically establishing a wired protected setup between an enrollee requesting registration and a registrar granting registration are provided. The method includes: determining whether a power line communication (PLC) between the enrollee and the registrar is possible; and if it is determined that the PLC with the registrar is possible, receiving a personal identification number (PIN) from the registrar through the power line and transmitting an acknowledgement (ACK) message to the registrar through the power line as a response to the received PIN.02-16-2012
20120042367SYSTEMS, METHODS, AND APPARATUS TO MONITOR MOBILE INTERNET ACTIVITY - Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example method comprises determining if an application identified by an identifier of a content request from a client device supports authentication; transmitting content identified by the content request to the client device if the identifier of the content request identifies an application that supports authentication; and storing an identifier of the content requested by the content request in association with the client device.02-16-2012
20120151566METHOD AND DEVICE FOR VERIFYING DYNAMIC PASSWORD - The examples of the present invention provide a method and device for verifying a dynamic password. In the method and device, some algorithm parameters can be exchanged in public by using a DH algorithm, and thus a same key is shared safely between two entities, so as to implement the verification of the dynamic password and further improve the security of identity verification. Moreover, the method and device can be easy to use. Further, by the above technical solution, no message exchange is needed between a mobile device and a verification server, and a user does not need to pay for additional flux, so as to decrease the burden of the user and verification costs.06-14-2012
20090049534GENERATION AND AUTHENTICATION OF DIGITIZED BIOMETRIC DATA FOR CONDUCTING A TRANSACTION - A method for conducting a transaction over an electronic network may comprise receiving transaction data, receiving biometric data including a relational check code representative of the biometric data, a date time stamp, an identifier of the hardware that recorded the biometric data, or a combination thereof, comparing the biometric data with biometric data previously stored, or with a predetermined threshold value, or with a combination thereof, for authenticating the biometric data for approving or disapproving the transaction. If approved, the transaction data is processed for conducting the transaction. Biometric data may include a locus-based digitized signature, a biometric digital signature, a fingerprint, a palm print, hand geometry, facial geometry, an iris scan, an iris print, a retinal scan, a retinal print, an eye scan, an eye print, or any combination thereof.02-19-2009
20120060209NETWORK DEVICES AND AUTHENTICATION METHODS THEREOF - The present invention relates to a network device and an authentication method thereof. When one network device is connected with another one, the two network devices may respectively receive and transfer an authentication reporting packet each other. Accordingly, the network devices may compare context of the received authentication reporting packet and a stored authentication type information, a digest information, and an authentication protocol information for determining whether process the following specific protocol packet according to the comparison result.03-08-2012
20100100950CONTEXT-BASED ADAPTIVE AUTHENTICATION FOR DATA AND SERVICES ACCESS IN A NETWORK - A method includes sending a command set to a client module via a network, receiving via the network a context identifier and a data set associated with the command set, verifying the command set, and authenticating the client module. The command set is verified based on the data set. The client module is authenticated based on the context identifier. A service is made accessible to the client module after the authenticating, The service is inaccessible to the client module before the authenticating.04-22-2010
20120047565PROXIMITY-BASED SOCIAL GRAPH CREATION - Systems and methods are disclosed for creating social connections. In general, a current crowd of a first user is monitored to detect if the current crowd matches an active interest of the first user. If the current crowd matches the active interest, a beacon is narrowcast to mobile devices of at least a subset of a number of other users in the current crowd of the first user. In one embodiment, the beacon is narrowcast to mobile devices of all of the other users in the current crowd. In another embodiment, the beacon is narrowcast to the mobile devices of only those other users having user profiles that include interests that match the active interest of the first user. Subsequently, a response to the beacon is received from a mobile device of a second user, and a new social connection is created between the first and second users.02-23-2012
20120210411PROCESS FOR AUTHENTICATING AN END USER - A process for authenticating an end user. A first pattern of colored quadrilaterals is generated. A second pattern of multiple colored nodes that include a first subset of nodes is generated. The first and second patterns are sent to the end user. If a transparent credit card is overlaid by the end user on top of the second pattern, then a second subset of nodes in the credit card would match in color and location the first subset of nodes. The authenticity status of the end user is determined by determining whether each node of a third subset of nodes within the second subset of nodes (i) corresponds to a unique node of the multiple colored nodes and (ii) has a color that matches a specific color in one quadrilateral of the colored quadrilaterals. The determined authenticity status is sent to the end user via an output device.08-16-2012
20120210412Information Processor, Authentication Control Method, And Storage Medium - An information processor is disclosed that includes an authentication part configured to authenticate a user based on predetermined information; an information obtaining part configured to obtain first information to be used to authenticate the user from an external device; and an authentication control part configured to cause the authentication part to authenticate the user by inputting information based on the first information to the authentication part as the predetermined information. The information obtaining part is configured to obtain the first information using a program module whose correlation with the information obtaining part is recorded in a recording medium.08-16-2012
20120005736BIOMETRIC AUTHENTICATION SYSTEM AND METHOD THEREFOR - In the client, a feature quantity extraction unit extracts a feature quantity from biometric information of a user. A feature quantity conversion unit converts the feature quantity by a one-time parameter. In the first server, a parameter DB stores a parameter in association with the ID. A data generation unit generates data based on the parameter corresponding to the ID transmitted from the client. In the second server, a template DB stores a template to which the feature quantity of the biometric information of the user is converted by the parameter, in association with the ID. A template conversion unit generates a one-time template by converting the template corresponding to the ID transmitted from the first server. Then, a match determination unit compares the converted feature quantity transmitted from the client or the data transmitted from the first server with the one-time template to determine whether they match or not.01-05-2012
20120005735System for Three Level Authentication of a User - A system and method for three level authentication of a user has been disclosed. The system 01-05-2012
20120005738WEB APPLICATION PROCESS - A computer network and corresponding method for providing, as part of a web portal session, access for a user to a web application running on a server. The network comprises first and second traffic managers connected via an intermediate web server. The first traffic manager comprises interface means for receiving from the user, as part of the portal session, a request for access to the web application and for passing the request to the intermediate web server; for forwarding to the second traffic manger. The second traffic manager comprises interface means for receiving the request from the first traffic manager via the intermediate web server and for passing the received request to the web application.01-05-2012
20120117632METHOD AND SYSTEM FOR AUTHENTICATING A DATA STREAM - A method and apparatus for obtaining digital content. A credential is extracted from a first data stream that corresponds to a media item. The credential is provided to a content provider. If the credential is authenticated, the content provider sends a second data stream that corresponds to the media item.05-10-2012
20110167487METHOD, SYSTEM AND DEVICE FOR ENABLING USER SIDE TERMINAL TO OBTAIN PASSWORD - In the field of communication technologies, a method, a system and a device for enabling a user terminal to obtain a password are provided. The method includes: receiving, by a user terminal, a notification message delivered from an Optical Line Terminal (OLT), in which the notification message comprises password information delivered from the OLT; obtaining the password information in the notification message, and returning a response message to the OLT; and accomplishing an authentication and registration process with the OLT according to the password information. The system includes an OLT and a user terminal. The device includes a user terminal and an OLT. The present disclosure is capable of realizing the change of a password of an Optical Network Unit (ONU)/Optical Network Terminal (ONT) just by a delivery operation at an OLT side when the password of the ONU/ONT needs to be changed, so that the efficiency of the change work is improved, the workload of the change is reduced, the manpower cost for home service of maintenance personnel is saved, and the maintenance cost of the operator is greatly reduced.07-07-2011
20120011577ACCESS AUTHENTICATION METHOD AND INFORMATION PROCESSING APPARATUS - An account information operation terminal device is registered in advance in a system that performs access authentication based on account information. The system manages the account information operation terminal device registered in the system based on registered terminal information. The system uses the registered terminal information to permit only the account information operation terminal device registered in advance in the system to operate the account information.01-12-2012
20120011576METHOD, DEVICE, AND SYSTEM FOR PRE-AUTHENTICATION - The present invention relates to mobile communications technologies, and discloses a method, device, and system for pre-authentication. A pre-authentication device receives a pre-authentication message that carries a pre-authentication option; determines a Mobile Node (MN) to be pre-authenticated according to the pre-authentication message; sends an authentication request message to an Authentication, Authorization and Accounting (AAA) server to request authentication of the MN; receives an authentication response message that is sent by the AAA server, where the authentication response message carries a pre-authentication key used between a Candidate Authenticator (CA) and the MN; and sends the pre-authentication key to the MN. Through implementation of the present invention, the pre-authentication key is obtained before the MN switches to the CA. In this way, security of communication is enhanced, and delay of switching and authentication is shortened.01-12-2012
20090300745ENHANCED MULTI FACTOR AUTHENTICATION - In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.12-03-2009
20120117633Enhanced Security For Pervasive Devices Using A Weighting System - An approach is provided where one or more biometric inputs are received at a biometric receiver accessible by a mobile pervasive computing device. The biometric inputs are from a current user of the mobile pervasive computing device. One or more sets of expected biometric data are retrieved with the sets of expected biometric data corresponding to one or more authorized users of the mobile pervasive computing device. The received biometric inputs are compared with the retrieved sets of expected biometric data. Themobile pervasive computing device is secured using one or more security actions if the comparison reveals a mismatch between the biometric inputs and the retrieved sets of expected biometric data.05-10-2012
20120210409NON-TEXTUAL SECURITY USING PORTRAITS - A user is authenticated using portraits of known contacts. During a challenge-response process, a collection of portraits are presented, some known to an authenticated user and some randomly selected. Responsive to correctly identifying the known portraits, the user is granted access to a system.08-16-2012
20120023564ATTACHING A SENSOR TO A WSAN - Methods and arrangements in a WSAN Gateway (01-26-2012
20120023563METHOD AND APPARATUS FOR CONSTRUCTING A NETWORKING DATABASE AND SYSTEM PROACTIVELY - A method for creating networking database containing a plurality of records for different individuals in which individuals are connected to one another in the database by mutual recognition of a relationship. This mutual recognition of a relationship is inferred by the possession of the Guest Key of one member by the other member. This paradigm for network expansion allows users to proactively grow their networks both using the site features and using tools they may be more familiar with, such as email, messaging, talking, etc.01-26-2012
20120023562SYSTEMS AND METHODS TO ROUTE NETWORK COMMUNICATIONS FOR NETWORK-BASED SERVICES - Example systems and methods to route network communications for network-based services are disclosed. An example method includes receiving network communications; determining if at least one of a source address or a destination address of the received network communications is associated with a customer to receive a network-based service; forwarding the network communications to a policy enforcement point if the at least one of the source address or the destination address is associated with the customer; determining if the forwarded network communications violates a policy selectively associated with the customer; and forwarding the network communications from the policy enforcement point to the destination address if the network communications is not in violation of the policy.01-26-2012
20090183246Universal multi-factor authentication - An authentication system includes logic to receive and identify authentication requests from a plurality of service providers, each including a one time code. Unique ids are identified for users corresponding to each of the one time codes. The unique ids are applied to generate one time codes to compare with the one time codes received from the service providers. Authentication results are communicated to the service providers.07-16-2009
20080201770COMMUNICATION CONTROL DEVICE - A communication control device with high confidentiality is provided, which allows content access only from devices in a specific group, and ensures that no content information is exposed to any devices for which content access is not allowed. A password selection portion selects a common password required for connecting to a network, or a secret password required for establishing a communication channel with a specific reception device. A transmission portion transmits contents or information associated therewith to the reception device via the network established by using the common password or the secret password.08-21-2008
20120159596BROWSER-BASED BACK-END MANAGEMENT SYSTEM FOR A CONCENTRATED PHOTOVOLTAIC (CPV) SYSTEM - Each of the CPV arrays at a solar site is coupled with a different system control point (SCP) to be communicatively connected to a central backend management system associated with that solar site. The management system is configured to present a plurality of user interfaces via the Internet to a browser of a user's client device to enable the user to navigate to and then 1) view information for various components and 2) send a command to perform an action for various components for the various components associated with the CPV arrays. The plurality of user interfaces presented to the user based on the management system having authenticated the user as being allowed to view the information related to the CPV array.06-21-2012
20120159598USER AUTHENTICATION SYSTEM AND METHOD USING PERSONAL IDENTIFICATION NUMBER - A user authentication system using a personal identification number, includes a user terminal device for requesting issuance of a personal identification number from an authentication server, storing and displaying a personal identification number, and registering reference information used to permit verification of validity of the personal identification number on the authentication server. Further, the user authentication system includes an inquiry device for requesting verification of validity of the personal identification number from the authentication server, and receiving and displaying results of the verification. Furthermore, the user authentication system includes an authentication server for storing issuance information while issuing the personal identification number, determining whether to permit the verification of the validity of the personal identification number, if the inquiry device requests the verification of the validity, and replying with results of the verification, if it is determined that the verification of the validity is to be permitted.06-21-2012
20120159600METHOD OF CONTROLLING BIOMETRIC AUTHENTICATION SYSTEM, NON-TRANSITORY, COMPUTER READABLE STORAGE MEDIUM AND BIOMETRIC AUTHENTICATION SYSTEM - A control method for controlling a biometric authentication system including a server that stores reference biometric data, and a client that acquires biometric authentication data of the user, has saving in the server a table in which identification information identifying the user and a previous authentication result of the user are associated with each other, transmitting the identification information to the server, referring to the identification information and acquiring a previous authentication result of the user corresponding to the identification information from the table, calculating, an authentication success rate of the user from the acquired previous authentication result, transmitting the reference biometric data to the client when the authentication success rate is less than or equal to a certain value, calculating, a degree of matching between the biometric authentication data and the reference biometric data, and determining, whether or not the authentication of the user has succeeded.06-21-2012
20120159595THIRD PARTY INITIATION OF COMMUNICATIONS BETWEEN REMOTE PARTIES - A data transfer system is described herein that allows data to be sent directly between two computing devices at the request of a third party client computer. The system allows a third party to initiate data transfers between computers in a network file system. This results in a significant speed increase because little to no data travels over the third party's potentially slower connection. The data transfer system provides a mechanism to determine if the direct transfer would be more efficient than two separate read and write operations, based on measurements of bandwidth and latency between each computing device. The data transfer system provides support for the source server to compress the data and the destination server to decompress the data at the direction of a third party client to further save network bandwidth.06-21-2012
20120159591User Authentication Via Mobile Communication Device With Imaging System - A graphical authentication identifier is used to facilitate automatic authentication of a user. A graphical identifier authentication system receives a request from an authenticating entity for a onetime use graphical authentication identifier. In response to the received request, a onetime use graphical authentication identifier to be displayed by the authenticating entity is generated. A request for user authentication information by the authenticating entity is encoded in the graphical authentication identifier, which is transmitted to the authenticating entity for display (e.g., on a login screen). The onetime use graphical authentication identifier being displayed by the authenticating entity is captured by a registered user operated computing device. In response, the requested user authentication information is transmitted to the authenticating entity, such that the user is automatically authenticated to the authenticating entity, without the user manually entering the requested user authentication information.06-21-2012
20120159593MULTI-LAYER ORIENTATION-CHANGING PASSWORD - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. In addition to the moving, a change in orientation of at least one of the modified base image and the modified overlay image is required. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image and the change in orientation matching a pre-selected orientation criterion.06-21-2012
20120159592MULTI-LAYERED COLOR-SENSITIVE PASSWORDS - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and at least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image and selection of a color for a portion of the display that matches a pre-selected color.06-21-2012
20120159590METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATING AN IDENTITY OF A USER BY GENERATING A CONFIDENCE INDICATOR OF THE IDENTITY OF THE USER BASED ON A COMBINATION OF MULTIPLE AUTHENTICATION TECHNIQUES - A user's identity is authenticated by evaluating the identity of the user using a plurality of authentication techniques, the plurality of authentication techniques generating a plurality of numerical confidence indicators, respectively, of the identity of the user, associating a plurality of authentication technique weights with the plurality of numerical confidence indicators, respectively, and calculating a weighted combination of the respective numerical confidence indicators using the plurality of authentication technique weights to generate a composite numerical confidence indicator of the identity of the user.06-21-2012
20120159599Personalized Multifunctional Access Device Possessing an Individualized Form of Authenticating and Controlling Data Exchange - A personalized multifunctional access device that possesses an individualized form of authenticating and controlling data exchange following a unique authentication of a user by the access device, wherein the access is further disposed to create a secure exchange environment for a user through pairing with a corresponding medium and subsequent authentication.06-21-2012
20120159597METHODS FOR REMOTE MONITORING AND CONTROL OF SECURITY DEVICES OVER A COMPUTER NETWORK - Methods are provided to access devices over the Internet and to control and/or set states of devices over the Internet. One method includes providing, at a server connected to the Internet, code for enabling access to networked devices at a remote location using a networked computing device. The method can enable receiving a status request to view status of one or more of the networked devices. The method can also enable receiving a control request at the server, via the networked computing device, to operate one or more utility controls at a remote location. The utility controls can be used for any of a variety of purposes. The method is operable for any computing device that has access to the Internet, including wireless hand-held networked devices.06-21-2012
20120159594ADJUSTING THE POSITION OF AN ENDPOINT REFERENCE FOR INCREASING SECURITY DURING DEVICE LOG-ON - A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display and with each execution of the method, at least one of a position of a pre-selected base image reference point on the modified base image and a position of a pre-selected overlay image reference point on the modified overlay image is varied. Positive authentication is indicated in response to an input resulting in the base image reference point on the modified base image being aligned with the overlay image reference point on the modified overlay image.06-21-2012
20120072978Desired Font Rendering - An embodiment of the invention provides a method for displaying a message from a first user to a second user, wherein the message from the first user is received in a system of the second user. The message includes text in an intended font and metadata, wherein the metadata includes a link to a font source. It is determined whether the intended font is on the system of the second user; and, if the intended font is not on the system of the second user, rendering instructions are obtained from the font source. The rendering instructions include instructions on how to display the text in the intended font on the system of the second user without downloading the intended font to the system of the second user. The text is displayed in the intended font on the system of the second user using the rendering instructions.03-22-2012
20120072980Method and Apparatus for Authenticating Users of An Emergency Communication Network - An authentication system is configured to weight multiple available network supplied and user supplied authentication factors to determine whether a user should be provided with access to an Emergency Communication Network (ECN). The multiple factors may include the location of the user, MIN, short PIN, token, biometric information, and other information. The level of access to be provided to the user may be tiered based on the authentication level achieved during the weighting process. Authentication information may be shared between groups of individuals, so that the authentication requirements for group members may be reduced as other members of the group supply authentication information to the ECN. Group authentication may be used to enable group services such as conferencing and push-to-talk to be set up automatically for the group.03-22-2012
20120072979Method And Apparatus For Trusted Federated Identity - A trusted computing environment, such as a smartcard, UICC, Java card, global platform, or the like may be used as a local host trust center and a proxy for a single-sign on (SSO) provider. This may be referred to as a local SSO provider (OP). This may be done, for example, to keep authentication traffic local and to prevent over the air communications, which may burden an operator network. To establish the OP proxy in the trusted environment, the trusted environment may bind to the SSO provider in a number of ways. For example, the SSO provider may interoperate with UICC-based UE authentication or GBA. In this way, user equipment may leverage the trusted environment in order to provide increased security and reduce over the air communications and authentication burden on the OP or operator network.03-22-2012
20110088087METHOD FOR AUTHENTICATION - A method for authentication of a first party, A, to a second party, B, by a trusted third party, C, is disclosed. A is registered at C, and the method comprises the steps of receiving a identification data of A from A; determining, based on the identification data, if A has the right to request a random private key, RPK; and generating a temporary RPK. Further, C combines the RPK and a random open key, ROK, to form a single use temporary master authentication code; transmits the RPK to A; and, upon receipt of the RPK and the ROK from B, determines if the received RPK and ROK matches a valid single use temporary master authentication code; and authenticates, in case of match, A to B. The first party, A, may be any handheld device, such as a mobile phone, or a PDA, or a stationary device, such as a stationary computer or an ATM. The communication between the parties may be wired or wireless. A corresponding system is also disclosed.04-14-2011
20120079579BIOMETRIC AUTHENTICATION SYSTEM, BIOMETRIC AUTHENTICATION SERVER, METHOD AND PROGRAM THEREOF - An authentication system in which a authentication server and a plurality of clients are coupled through a network and configured to process an authentication from a user of a client, is configured to determine as a cache target user another user who is different from the user who requested the authentication; is configured to generate an identifier that indicates the cache target user; and is configured to transmit biometric data of the cache target user and the identifier to the client from which the authentication of the user was requested. A cache availability determiner can determine whether biometric data of any cache target user are available on a client.03-29-2012
20100095363Method and System for Authentication Based On NASS - A method for authentication based on NASS is disclosed. UAAF authenticates the accessing of CNG. UAAF produces the management authentication credential between CNG and CNGCF, and sends the management authentication credential to CNGCF. CNG obtains the management authentication credential. CNG authenticates CNGCF by the obtained management authentication credential and CNGCF authenticates CNG by the management authentication credential. A system for authentication based on NASS is also disclosed. The authentication credential can be automatically produced, distributed and modified. And the operation cost is reduced and the operation efficiency is enhanced.04-15-2010
20100095362Method and Arrangement for Handling Client Data - A method and arrangement for authorizing an initially unauthorized watching client to receive client data of an observed client from a client data server. The watching client sends an expanded request for client data to the server. The expanded request contains additional information such as a text string, a picture, or a video/audio clip. The server extracts the additional information and sends it to the observed client. The observed client can then decide whether to authorize the watching client to receive the observed client's data based on the additional information.04-15-2010
20100095360METHOD AND SYSTEM FOR AUTHENTICATION - A method and system of authenticating communications sessions between two or more parties over one or more simultaneous communications channels using one or more communicating devices is provided including having a first party create a first set of signatures, wherein the first set of signatures includes a signature for each communications channel, communicating with at a second party over at least one communications channel, whereby the second party authenticates the first party's signature associated with the at least one communications channel and accepts communication with the first party.04-15-2010
20090133108SYSTEMS FOR SECURE AUTHENTICATION FOR NETWORK ACCESS - Systems and methods for authenticating the identity of a user over a network. The user must supply a removable physical medium such as CD, DVD, or memory stick that contains security information about the user and the user's account as well as a user identification and password. This information is verified before the user is allowed to access the account.05-21-2009
20090133109METHOD AND APPARATUS FOR ACCESSING A NETWORK - According to one embodiment of the present invention, there is provided a method of authorising a computing device to access a network, comprising receiving authentication data including a user identifier from the computing device, determining whether approval to verify the authentication data is given, and where it is so determined, authorising the device to access the network upon verification of the authentication data.05-21-2009
20120124655Apparatus for connecting a human key identification to objects and content or identification, tracking, delivery, advertising, and marketing - An apparatus for connecting a human key identification to objects and content or identification, tracking, delivery, advertising, and marketing. An Independent Clearing House Agent (ICHA) server is connected to a human key server. The human key server is connected to a translation server and universal virtual world (UVW) server for the management of a plurality of methods and mechanism integrally working as one system. A virtual world airport (VWA) server is connected to a Mobile, Handheld, and Independent Device Application Development (MHIDAD) server which in turn communicates with an illumination transformer audio video manager interactive server transmitter (ITAVMIST which communicates with a Virtual Cash Virtual Currency (VCVC) server. The authentication unit also creating identification data; and sending to verification; a match combined with 9 out of 17 positive point evaluations returns, via an Internet connection to the mobile device.05-17-2012
20120222101INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, SERVER DEVICE, AND METHOD - An information processing system including an information processing device connected to a first communication network, a terminal device connected to the first communication network, and a server device connected to a second communication network. The server device includes a receiving unit, a first request unit, and a providing unit. The receiving unit receives an instruction from the terminal device to provide the information processing device with a predetermined service. The first request unit presents a test to the information processing device to authenticate whether or not the information processing device is being operated by a human. The providing unit provides the information processing device with the service in accordance with the instruction. The terminal device includes an instruction unit and a response unit. The instruction unit sends the instruction to the server device. The response unit makes a response to the test on behalf of the information processing device.08-30-2012
20120317631SYSTEM AND METHOD FOR AUTHENTICATING A USER - Provided are a system and method to authenticate user identities. The method includes gathering metadata from at least one discussion involving at least one pre-defined user identity on a first social network. The method evaluates the metadata of at least one third party response related to a posting by the at least one pre-defined user identity. The at least one pre-defined user identity is authenticated based on the evaluated third party response. And an indication of authentication for the at least one pre-defined user identity is provided. The system and method may also permit bridging of the established authentication between different social networks.12-13-2012
20120317630REMOTE LOGIN ARRANGEMENT FOR HETEROGENEOUS SYSTEMS USING CENTRALIZED AUTHENTICATION - Methods and systems for authenticating a remote user across heterogeneous authentication systems are disclosed. One method includes receiving domain user credentials at a first heterogeneous authentication system, and transmitting the domain user credentials from the first heterogeneous authentication system to an authentication interface associated with a second heterogeneous authentication system. The method also includes transmitting the domain user credentials from the second heterogeneous authentication system to a centralized authentication system, and receiving at the authentication interface a validation message from the centralized authentication system, thereby authenticating the user. The method further includes determining a local username at the authentication interface based on the domain user credentials. The method includes using the local username to authenticate the user within the first heterogeneous authentication system.12-13-2012
20120167187METHOD, APPARATUS AND SYSTEM FOR CONTROLLING ACCESS TO COMPUTER PLATFORM RESOURCES - A manageability engine, and/or operations thereof, for controlling access to one or more resources of a computer device. In an embodiment, the manageability engine executes an authentication agent to perform authentication of a local user of a computer platform which includes the manageability engine. In another embodiment, the manageability engine includes a device driver to control an input/output device for the local user to exchange an authentication factor via a trusted path between the input/output device and the manageability engine.06-28-2012
20120131659COMMUNICATIONS SYSTEM INCLUDING PROTOCOL INTERFACE DEVICE FOR USE WITH MULTIPLE OPERATING PROTOCOLS AND RELATED METHODS - A communications system may include a plurality of data storage devices each using at least one of a plurality of operating protocols. The system may also include a plurality of mobile wireless communications devices for accessing the data storage devices, and each may use at least one of the plurality of operating protocols. Furthermore, the system may also include a protocol interface device including a front-end proxy module for communicating with the plurality of mobile wireless communications devices using respective operating protocols, and a protocol engine module for communicating with the plurality of data storage devices using respective operating protocols. More particularly, the front-end proxy module and the protocol engine module may communicate using a common interface protocol able to represent a desired number of protocol-supported elements for a desired operating protocol.05-24-2012
20120131658METHODS AND APPARATUS FOR DYNAMIC USER AUTHENTICATION USING CUSTOMIZABLE CONTEXT-DEPENDENT INTERACTION ACROSS MULTIPLE VERIFICATION OBJECTS - An authentication framework is provided which enables dynamic user authentication that combines multiple authentication objects using a shared context and that permits customizable interaction design to suit varying user preferences and transaction/application requirements. For example, an automated technique for user authentication comprises the following steps/operations. First, user input is obtained. At least a portion of the user input is associated with two or more verification objects. Then, the user is verified based on the two or more verification objects in accordance with at least one verification policy operating on a context shared across the two or more verification objects. The user authentication technique of the invention may preferably be implemented in a flexible, distributed architecture comprising at least one client device coupled to at least one verification server. The client device and the verification server may operate together to perform the user authentication techniques of the invention.05-24-2012
20090025072Image output authentication system, image output authentication server, and image output authentication method - An authentication server: has user identification information and a password of that user identification information previously stored therein in association with each other; receives user identification information transmitted, the user identification information being determined from information input at and received by an image output apparatus; obtains a password received by an image transmission apparatus used by a user associated with the received user identification information, from that image transmission apparatus after that user identification information is received; determines whether the obtained password and the password stored in the authentication server in association with the received user identification information match; and, if a decision is made that the passwords match, permits the image output apparatus that had sent the received user identification information, to output an image corresponding to image data transmitted from the image transmission apparatus and stored in that image output apparatus in association with that user identification information.01-22-2009
20120216266SYSTEM AND METHOD TO ASSOCIATE A PRIVATE USER IDENTITY WITH A PUBLIC USER IDENTITY - The inventive system includes a host, a network including a security gateway, and a public application. Established are an access session between the network and the host and an application session between the public application and the network. An application session record is created for the application session, and includes the user's public user identity used to access the public application, the user's private user identity used to access the network, a host identity, and an application session time. To determine the private user identity for the application session, the security gateway sends a query with the host identity and the application session time. These are compared with the host identity and access session time in an access session record. If they match, then the private user identity in the access session record is returned, and it is stored as the private user identity in the application session record.08-23-2012
20120216265USING CLOCK DRIFT, CLOCK SLEW, AND NETWORK LATENCY TO ENHANCE MACHINE IDENTIFICATION - Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data.08-23-2012
20120167192AUTHENTICATION OF DEVICES IN A WIRELESS NETWORK - Various aspects are discussed, for example, a method is decsribed for authentication of devices in a wireless network involving NFC (Near Field Communication), wherein 06-28-2012
20120167191Communication Card for Mobile Network Devices and Authentication Method for Users of Mobile Network Devices - A removable communication card for mobile network devices, and respectively a corresponding authentication method applied therewith. The removable communication card includes an identification module for storing identification data for users, a measurement device for capturing a first biometric feature and a second biometric feature of a user, and an analysis module with a processor unit for comparison of the first and the second biometric features with the stored identification data for the user.06-28-2012
20120167190ENTITY AUTHENTICATION METHOD WITH INTRODUCTION OF ONLINE THIRD PARTY - An entity authentication method by introducing an online third party includes the following steps: 1) an entity B sends a message 06-28-2012
20100205664Management of Organizational Boundaries in Unified Communications Systems - In general, this disclosure describes techniques of controlling communications occurring in a unified communications system. As described herein, a directory is established at a server system that hosts the unified communications system. The directory includes a plurality of hierarchically-organized categories. Each category specifies a set of users. One or more conferences may be associated with each of the categories. All communications occurring in the unified communications system occur within the context of one of the conferences. A user can only communicate within a conference if the conference is associated with the category that specifies a set of users that includes the user. By appropriately structuring the categories in the directory and the sets of users specified by the categories, the techniques of this disclosure may serve to prevent a user from using the unified communications system to communicate with certain other individuals.08-12-2010
20100205662SYSTEM AND METHOD TO SUPPORT IDENTITY THEFT PROTECTION AS PART OF A DISTRIBUTED SERVICE ORIENTED ECOSYSTEM - A system and method to support identity theft protection and, in particular, to a system and method for supporting identity theft protection as part of a distributed service oriented ecosystem in information management systems (IMS) and non-IMS networks. The system includes an identity session initiation protocol (SIP) application server configured to act as a security assertion markup language (SAML) bridge, which allows an SIP enabled device or a non-SIP enabled device to attach to a telecommunications service provider network. A user may accept or reject an authorization request using the SIP enabled device or non-SIP enabled device.08-12-2010
20120254966APPARATUS FOR SECURED DISTRIBUTED COMPUTING - An apparatus for distributed computing is disclosed. The apparatus includes a semiconductor memory, a biometric device for receiving biometric data, a connector for establishing communication between the apparatus and the host device, and a processor for performing distributed computing methods. The distributed computing method includes identifying a computing task for processing, authenticating user and device with a distributed computing network, receiving a unique security code having an end-of-session expiration, requesting that the computing task be executed over the distributed computing network, receiving a one-time task code, selecting a device to process the computing project from among a plurality of devices based upon device location and at least one associated operating state of the device, sending the identified computing task and the one-time task code to the selected device over the distributed computing network for processing and authentication, and receiving results of computing task from the selected device.10-04-2012
20120254965METHOD AND SYSTEM FOR SECURED DISTRIBUTED COMPUTING USING DEVICES - A method for secured distributed computing is disclosed. The method includes identifying a computing task for processing, authenticating user and device with a distributed computing network, receiving a unique security code having an end-of-session expiration, requesting that the computing task be executed over the distributed computing network, receiving a one-time task code, selecting a device to process the computing project from among a plurality of devices based upon device location and at least one associated operating state of the device, sending the identified computing task and the one-time task code to the selected device over the distributed computing network for processing and authentication, and receiving results of computing task from the selected device.10-04-2012
20120254964METHOD AND SYSTEM FOR GENERATING A TOUCH CAPTCHA - The present invention provides a method and system for automated test for human presence at a client device capable of receiving touch sensitive response. At a server, the method includes receiving and storing user profile information. Receiving request from client device to access a resource on a server. Generating a query based on the user profile information and the query requiring user to generate a touch sensitive response. Receiving the user generated response and authenticating the user if the touch sensitive response matches a predefined response for the query stored on the server.10-04-2012
20120254963DYNAMIC PIN DUAL FACTOR AUTHENTICATION USING MOBILE DEVICE - The present invention provides cost efficient two way authentication method in which the authentication module can be provided as a Plug and Play (PnP) architecture enabling dual layer security with reduced cost where the actions are initiated by a server and user input is received through an audio session for added security. The second level authentication can be carried out with mobile as client device making it cost efficient. The invention can be hosted as an independent service or can be integrated with existing authentication mechanisms, making it elegant for usage.10-04-2012
20120254960Connecting mobile devices, internet-connected vehicles, and cloud services - A three-way trust relationship is established between a mobile device, Internet-connected vehicle system, and a cloud-based service. Access rights are granted to the mobile device from the vehicle system, such that the mobile device can securely connect to, and obtain status information and/or control the Internet-connected vehicle system, through the cloud-based service.10-04-2012
20120137353METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION - A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.05-31-2012
20120137352METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION - A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.05-31-2012
20110185411METHOD OF OBTAINING A NETWORK ADDRESS - The present invention comprises a method of and apparatus for simplifying the process of access to a network for a roaming computer user, divides the responsibility of servicing a given user wanting to access the network between multiple parties and minimizes the possibility of improper dissemination of email header data as well as improper use of network resources (including server systems) by non-clients.07-28-2011
20110185413SYSTEM, APPARATUS, AND PROGRAM FOR BIOMETRIC AUTHENTICATION - A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication.07-28-2011
20110185412Providing Selective Access To A Web Site - A restricted web site has features that are selectively exposed to clients. A screening web site interacts with clients and collects data about the clients using passive and/or active techniques. The screening site generates a token for the client, and includes data in the token identifying the token and describing the client. The token is encoded in a cookie and saved in the client's web browser. The client subsequently provides the token to the restricted site. The restricted site validates the token to ensure that it is legitimate, has not expired, and has not been used before. The restricted site selects one or more features to provide to the client based on the data about the client in the token and/or on other information. If the client does not present a token or the token is invalid, the restricted site does not expose any features to the client.07-28-2011
20110185409Authentication Method and System of At Least One Client Device with Limited Computational Capability - An authentication method of a server device and at least one client device with limited computational capability includes randomly generating an initial codeword using the client device. The initial codeword is generated from a linear combination of at least one base. The base is assigned to the client device and selected from a generator matrix that is stored in the server device and that corresponds to a linear code.07-28-2011
20120174205USER PROFILE AND USAGE PATTERN BASED USER IDENTIFICATION PREDICTION - Embodiments of the present invention provide method, system and computer program product for user profile and usage pattern based user ID prediction. In accordance with an embodiment of the invention, a user can request a user ID to access a portion of a computing system. One or more characteristics of the user, such as a role or location can be determined and correlated to one or more different additional user ID options. In this regard, the additional user ID options can be a suggested alternative user ID for use by the user commensurate with the role or location of the user, or with past patterns of other users considered similar to the user based upon the characteristics of the user. In this way, the predictive nature of the foregoing methodology can assist the user in requesting a most appropriate user ID based upon the characteristics of the user and also in requesting a user ID which may be required in the future by the user based upon predictive patterns of system usage of other like users so as to save time and improve work efficiency.07-05-2012
20120174204MONETIZED ONLINE CONTENT SYSTEMS AND METHODS AND COMPUTER-READABLE MEDIA FOR PROCESSING REQUESTS FOR THE SAME - One aspect of the invention provides a computer system having processing and memory means operable to provide a monetized online content system. The computer system is coupled to one or more resource modules each having data in the memory means and includes: an interceptor module configured to receive a request from a client for one or more resources available from one or more resource modules, refer the request to one or more of the resource modules configured to fulfill the request, receive one or more responses from one or more of the resource modules, at least one of said one or more responses having one or more events associated therewith, and transform the one or more responses by removing the one or more events associated with the one or more responses prior to presentation of the one or more responses to the client.07-05-2012
20120174203IDENTIFYING A USER ACCOUNT IN A SOCIAL NETWORKING SYSTEM - Locating social networking system accounts for user of the social networking system permits the users to locate and access their accounts even if they cannot provide a user login ID or a login email address associated with their social networking system account. The social networking system locates a user account by receiving a user name associated with the user and a friend name of a friend connected to the user in the social networking system and identifying a user account wherein the identified user account has a user name matching the received user name and the identified user account is connected with another user in the social networking system who has a user name matching the received friend name.07-05-2012
20100287607Digital Content Distribution System and Method - A digital content distribution system and method is disclosed. The system includes a media server (11-11-2010
20100299736AUTOMATED SESSION ADMISSION - The present invention allows a first communication client, which is initiating a communication session, to include admission information in a session request used to establish the communication session in a regular call or conference scenario. The session request is intended to trigger a communication session between the first communication client and another communication client, which is associated with a telephony endpoint or a conferencing system having a communication client. The receiving communication client will use the admission information provided in the session request to determine whether the session is authorized. If authorized, the receiving communication client will either establish the communication session or allow the communication session to be established, as the situation dictates.11-25-2010
20100299735Uniform Resource Locator Redirection - Uniform resource locator (URL) redirection techniques are described. In an implementation, a web browser is redirected from a URL that is blocked to a URL for a web page configured to request authorization to access the URL that is blocked. Selection is accepted of how to request authorization to access the URL that is blocked.11-25-2010
20110191840BIOMETRIC AUTHENTICATION UTILIZING UNIQUE BIOMETRIC SIGNATURES AND PORTABLE ELECTRONIC DEVICES - A method and system for the authentication of a user at a point of entry. Biometric data can be provided after preliminary identification of the user based on identification information wirelessly provided from a portable electronic device carried with the user when the user is located near a point of entry, such as, for example, a border crossing or access point to a secure facility. Such a method and system can incorporate RFD tags, cellular wireless communications data and links, and/or Bluetooth communications link, etc.08-04-2011
20120222103ACCESS CONTROL METHOD, AND ASSOCIATED LOCK DEVICE AND ADMINISTRATION SERVER - An access control method is disclosed in which a lock device provides conditional access to a protected environment by short-range wireless communication with a key device having a key device identifier (KD_ID). In the method, the lock device requests the key device to provide a challenge response to a challenge generated by the lock device based on a challenge code kept by the lock device. The lock device receives the challenge response from the key device. The challenge response is generated by a remote administration server and is based on the key device identifier of the key device. The generated response is sent to the key device and forwarded from the key device to the lock device. The lock device then verifies the received challenge response based on the challenge code and on the key device identifier of the key device.08-30-2012
20120222102AUTHENTICATION USING MOBILE DEVICES - Technologies are generally described for authentication systems. In an example, an authentication system can be built among devices by sharing an image that is virtually torn into pieces. Each participant in the authentication system receives a piece of the image. The participants are authenticated when the pieces are later joined to form the original image.08-30-2012
20130174239REINFORCED AUTHENTICATION SYSTEM AND METHOD USING CONTEXT INFORMATION AT THE TIME OF ACCESS TO MOBILE CLOUD SERVICE - Provided are a reinforced authentication system and method using context information at the time of access to a mobile cloud service. The system comprises a mobile terminal transmitting a context information message, which comprises context information, and authentication information and a context information-based authentication server receiving the context information message and the authentication information, determining an authentication mechanism based on the context information message, and authenticating a user of the mobile terminal.07-04-2013
20130174238MECHANISM TO DETERMINE SOURCE DEVICE SERVICE TIER BASED ON THE VERSION OF THE HDCP KEY - A source device and method for authenticating a sink device. The source device and method include detecting when the sink device connects to a communication interface and in response to detecting a connected sink device, activating a sink device authentication protocol which authenticates whether the connected sink device is an approved sink device for connecting via the communication interface. The source device determines a level of authentication of the connected sink device from among a first-level authentication and a second-level authentication based on first and second authentication components, respectively derived from different master keys, which affects the type of content provided to the sink device. Responsive to the level of authentication provided through the connected sink device, modifying the content transmitted to the connected sink device, and preventing transfer of any content from the source device to the sink device in response to the sink device not being authenticated.07-04-2013
20080216163Method and Apparatus for Network Authentication of Human Interaction and User Identity - A method and apparatus are provided to enable a server to determine if a client connecting to the server is doing so by means of human user interaction, as opposed to an automated process. In order to authorize access to services, the option of determining user identity, such as by means of a graphical shared secret, is also provided. Three aspects are described: (i) image formation from an object model; (ii) presentation of image choices to a user, and (iii) user action. Image formation includes the creation of one or more categorized 2-dimensional images with object regions for each image automatically qualified. These one or more categorized images can be created by means of a Randomizable Image Generation Object for Human Recognition, comprised of (i) a 3-dimensional object model, (ii) a plurality of rendering threshold and constraint parameters, and (iii) categorization and qualitative metadata. The one or more 2-dimensional images are preferably transmitted to the user for authentication without the image metadata, which may be retained on the server. Related inquiry text can be sent when human user interaction is being determined and not user identity authentication.09-04-2008
20100281528METHODS AND SYSTEMS FOR GENERATING AND DELIVERING AN INTERACTIVE APPLICATION DELIVERY STORE - A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application.11-04-2010
20130174240Computer Implemented System and Method for Providing Challenge-Response Solutions to Authenticate a User - A system and method for providing challenge-response solutions to authenticate a user have been provided. The system includes web server comprising interlinking means adapted to interlink a plurality of images with unique index values such that each of the images has a unique index value. The web server includes registration means adapted to enable users to select at least two interlinked images for the purpose of registration. The web server includes challenge generation means adapted to generate, transmit an authentication challenge of the form of one-time equation. The web server, prior to transmitting the one-time equation, computes the value of the equation based on at least the sequence specified by the user. The web server compares the value calculated by the user with the value calculated prior to transmission and authenticates the user only in the event that said value calculated by the user is equivalent to the stored value.07-04-2013
20130174241AUTOMATED NEGOTIATION AND SELECTION OF AUTHENTICATION PROTOCOLS - Wireless telecommunications networks may implement various forms of authentication. There are a variety of different user and device authentication protocols that follow a similar network architecture, involving various network entities such as a user equipment (UE), a service provider (SP), and an authentication endpoint (AEP). To select an acceptable authentication protocol or credential for authenticating a user or UE, authentication protocol negotiations may take place between various network entities. For example, negotiations may take place in networks implementing a single-sign on (SSO) architecture and/or networks implementing a Generic Bootstrapping Architecture (GBA).07-04-2013
20130174242Remote Access Manager for Virtual Computing Services - A remote access manager in a virtual computing services environment negotiates a time limited NAT routing rule to establish a connection between a remote device and virtual desktop resource providing user computing services. A series of NAT connection rules are revised in a dynamic manner such that a pool of ports is available to connect a plurality of remote users to local virtual compute resources over one or more public IP addresses. Once a connection is established, an entry is made in a firewall state table such that the firewall state table allows uninterrupted use of the established connection. After an entry has been made in the state table, or the routing rule has timed out, the port associated with the original NAT routing rule is removed and the same port can be re-used to establish another connection without disrupting active connections.07-04-2013
20120180117Method for Realizing End-to-End Call, End-to-End Call Terminal and System - A method for implementing an end-to-end call, an end-to-end call terminal and a system are provided in the present invention, wherein, the end-to-end call service server is not involved, and the end-to-end communication is employed between users, therefore the reliability risk of single-point failure in the registration server in the existing system is avoided. An end-to-end service is initiated without servers so that trade secrets will not be leaked by the operator, and thus the present invention effectively avoids number stealing in end-to-end calls, and has high reliability and security. In addition, after a terminal logs in the new network and initiates the end-to-end call function, the terminal can directly use the end-to-end call service with no need of entering a username and a password to log in the end-to-end call system, and thus it is more convenient to use.07-12-2012
20120180116SYSTEMS AND METHODS FOR PROVIDING SECURE ELECTRONIC DOCUMENT STORAGE, RETRIEVAL AND USE WITH ELECTRONIC USER IDENTITY VERIFICATION - Systems and methods for efficient and timely electronic new user authentication in a digital mailbox system using a sliding scale approach to include one or more identity authentication systems as appropriate for system security needs are provided. The system first obtains new user name and address data. Because the address is an important data point, the system first verifies the address before expending the resources of an identity data search. If the address is valid, the system calls an identity verification system and provides an identity quiz to the user based upon additional identity verification data. If the user passes the quiz, then a new account is setup and any other systems users having an account at that address are notified.07-12-2012
20100017865METHOD AND SYSTEM FOR PREVENTING FRAUDULENT ACTIVITIES - A method and system to protect users against potentially fraudulent activities associated with spoof web sites are described. According to one aspect of the present invention, the URL of a document downloaded via a web browser client is compared to the URLs in a list of URLs for known spoof sites. If the URL for the downloaded document is found in the list of URLs for known spoof sites, a security indicator is displayed to the user to indicate to the user that the downloaded document is associated with a known spoof site. According to another aspect of the invention, a security server maintains a master black list and periodically communicates updates of the master black list to the local list of a client security application.01-21-2010
20100011426Subscriber-Specific Enforecement of Proxy-Mobile-IP (PMIP) Instead of Client-Mobile-IP (CMIP) - A method provides subscriber-specific activation of network-based mobility management using an authentication server. According to the method, network-based mobility management is enforced, even if the mobile terminal supports terminal-based mobility management. This gives a network provider complete control over mobility management in his network, preventing configuration problems during the configuration of mobile terminals. In the method, after the successful authentication of a subscriber, the authentication server transmits an authentication confirmation message to an authentication client in an access network. The received authentication confirmation message contains an activation attribute for activating network-based mobility management, if the authentication server does not provide a common mobile key for terminal-based mobility management.01-14-2010
20090055913Method for Secure Transmittal of PINs Over Telecommunications Networks - A method and facilitator system (02-26-2009
20120185926Directory Driven Mailbox Migrations - An example method for migrating communication data from a source server to a target server includes obtaining, using a computing device, a set of credentials to access the source server, and accessing the source server using the set of credentials. The method also includes requesting, automatically by the computing device, a directory structure associated with communication data from the source server, populating, by the computing device, the target server using the directory structure, requesting the communication data from the source server, and populating the target server with the communication data.07-19-2012
20120185925Systems and Methods for Generating and Validating Configuration Files for Computing Devices - Systems and methods are provided for real-time automated generating and validating configuration files for provisioning computing devices. For example, method for provisioning a computing device includes receiving a user request to configure a computing device to access a service, generating a device configuration file to enable access to the service, validating the configuration file before deploying the configuration file to the computing device by testing configuration settings of the configuration file against the service for which the configuration file is generated to access, and deploying the configuration file to the computing device when the configuration file is deemed valid.07-19-2012
20120084849DEVICE AND METHOD FOR SECURE ACCESS TO A REMOTE SERVER - The device and method described herein relates to the field of computer security and, specifically, to the field of protecting confidential personal information which enables encrypted access to the remote server. A device and a method for securing confidential user information and secure exchanges of such information with the servers that host the services is provided. The device and method are based on personalising a smartcard containing the information. The chip card, connected to the user terminal, has a connection enabling the terminal to appear as a standalone host of the user's local network. An encrypted connection is then established directly between the chip card and the server hosting the service for the transmission of confidential data. The data, stored on the chip card, are then exchanged with the server via the encrypted connection. The data are never accessible in plain text on the user terminal.04-05-2012
20120084848SERVER AND SERVICE PROVIDING METHOD THEREOF - A service providing method of a server is provided. The method includes registering a service hub according to a service request; setting a service hub program corresponding to the service hub; receiving a request for the service hub program from a user terminal device belonging to an organization associated with the service hub; providing the service hub program to the user terminal device; and providing an application program corresponding to the user terminal device and the service hub program to the user terminal device.04-05-2012
20120084847Secure Provisioning of Resources in Cloud Infrastructure - Provisioning resources in public cloud infrastructure to perform at least part of electronic design automation (EDA) tasks on the public cloud infrastructure. The provisioning of resources is handled by a cloud provisioning system that is generally operated and maintained by an EDA tool developer using a provisioning credential. After the resources are provisioned, the cloud provisioning system places user key on the provisioned resources. Once the user key is placed on the provisioned resources, the cloud provisioning system has only limited access or no access to the provisioned resources. Instead, a user client device takes over the control of the provisioned resources by using a user's access credential. The provisioning credential is retained by the EDA tool developer and is not released to the user. Similarly, the access credential is retained by the user and not released to the EDA tool developer. In this way, the EDA tool developer can retain control of the resources deployed for the EDA tasks while ensuring that the user's information associated with the EDA tasks is secure.04-05-2012
20120222100ADVANCED CAPTCHA USING INTEGRATED IMAGES - An embodiment of the invention is a CAPTCHA program to determine if a user of a computer is a human or a computer program. The program sends to the computer an image and a portion of the image for display. The program receives from the user an indication of where the portion is located within the image. The portion, as displayed, may be altered in various ways. In response to the user properly indicating the location, the program determines that the user of the computer is a human. In response to the user not properly indicating the location, the program determines that the user of the computer is a computer program. In response to determining that the user of the computer is a human, the program grants the user access to information (database, application, program). In response to determining that the user is a computer program, the program denies access.08-30-2012
20120266222PROVISIONING USING A GENERIC CONFIGURATION - An apparatus, method, system and computer-readable medium are provided for provisioning a user equipment device (UED). The UED may be configured to receive a generic configuration and (dynamically) derive settings specific to the UED that would otherwise have been received in the configuration. The UED may execute one or more applications to derive the settings specific to the UED. A first application may enable the UED to dynamically learn a fully qualified domain name (FQDN) and IP address of a node. A second application may enable the UED to generate authentication credentials for the UED. A third application may enable the UED to determine a port or ports that are authorized for service and a port or ports that are not authorized for service. A fourth application may enable the UED to determine a number associated with the UED.10-18-2012
20120260326IMAGE MAPS FOR CREDENTIAL-BASED SECURITY - An input handler may receive a request, from a user of a client computer, for credential-based access to a server-based resource. An image map generator may determine a mapping between elements of an image map and secure transmission codes. A code generator may provide, to a user interface of the client computer, the mapping together with rendering code for rendering the image map. A mapping module may receive a sequence of the transmission codes from the user interface after a rendering of the image map by the user interface using the rendering code, based on a selection of image map elements by the user. The selected image map elements may represent the user credentials, and the sequence may correspond by way of the mapping to the selected image map elements and thus to the credentials.10-11-2012
20120233682SECURE ACCESS TO RESTRICTED RESOURCE - A system may generate an access number, provide the access number to a user via a telephone call, and provide the access number to an authentication server. The system may regulate access by the user to a restricted resource based on the access number provided to the user and the access number provided to the authentication server.09-13-2012
20120233681METHOD AND SYSTEM OF USER AUTHENTICATION USING A PORTABLE AUTHENTICATOR - Systems and methods are provided for facilitating access to an electronic device. Password information is stored on the electronic device, and on a portable authenticator. When a user attempts to access the electronic device, the user is prompted to enter a password at the electronic device. The portable authenticator determines the validity of the entered password. The electronic device receives the results of the validity determination from the portable authenticator, and provides access to the electronic device based on the received validity determination.09-13-2012
20120233680IMAGE GENERATING APPARATUS, PROJECTOR, AND METHOD FOR GENERATING AN IMAGE - An image generating apparatus includes a timepiece determining section determining whether or not the setting of an internal clock is normal, a certificate determining section determining whether or not a received electronic certificate from a communication target apparatus is valid based on the setting of the internal clock, a communication section performing communication for authentication with the communication target apparatus if the certificate determining section determines that the received electronic certificate is valid and receiving image information from an image supplying apparatus belonging to a network to which the communication target apparatus belongs or the communication target apparatus, a control section making the communication section perform communication for authentication irrespective of whether or not the received electronic certificate is valid if the timepiece determining section determines that the setting of the internal clock is not normal, and an image generating section generating an image based on the image information.09-13-2012
20120233679SYSTEMS, METHODS AND ANALYZERS FOR ESTABLISHING A SECURE WIRELESS NETWORK IN POINT OF CARE TESTING - A system and method for initiating and maintaining a secure wireless communication between a wireless analyzer and a target network (e.g., a hospital network connected to a LIS and/or HIS). The present disclosure provides novel processes and systems for securely networking a wireless analyzer with a Wi-Fi network without the need for an operator or user to engage in manual initiation steps on, or through, the wireless analyzer.09-13-2012
20120233678SECURELY AND AUTOMATICALLY CONNECTING VIRTUAL MACHINES IN A PUBLIC CLOUD TO CORPORATE RESOURCE - A method and system for securely and automatically connecting a virtual machine in a public cloud to corporate resources. A cloud computing system is coupled to an enterprise computing system via a network. The enterprise computing system includes a management server, an authentication server and a virtual private network (VPN) server. A cloud engine runs on the management server. The cloud engine starts an exchange with the authentication server that leads to a state in which both parties know a one-time password (OTP) and an identifier (ID) of a virtual machine (VM) hosted by the cloud computing system. The cloud engine sends the OTP and the ID to the VM. The VPN server then receives credentials from the VM. If the credentials are successfully authenticated against the OTP and the ID, a secure connection is established between the enterprise computing system and the VM.09-13-2012
20120233676GROUPING PERSONAL ACCOUNTS TO TAILOR A WEB SERVICE - This document describes grouping personal accounts to tailor a web service. By grouping personal accounts, a service provider may tailor a web service to multiple people based on information about those people.09-13-2012
20100325710Network Access Protection - A system or method for network access protection executes steps for receiving, at a server, an access request for access to at least one network resource from a client machine, the access request including account authentication information comprising an account identifier and password, obtaining a client machine identifier from the client machine in response to receiving the request for access, and controlling access to the network resource in response to the access request by authorizing access to the network resource for the access request if the client machine identifier matches a registered machine identifier that is registered for use with the account authentication information and the account authentication information matches registered information for a valid account, but denying access to the network resource if the client machine identifier does not match a registered client machine identifier that is registered for use with the account authentication information.12-23-2010
20110004927SYSTEM, METHOD AND PROGRAM PRODUCT FOR MEMBERSHIP BASED INFORMATION/FUNCTIONS ACCESS OVER A NETWORK - A system, method and computer program product for membership based access over a network includes an external electronic community having a plurality of registered members. The external electronic community maintains a database of identities of the plurality of registered members. An electronic community has established at least one private area for registered members of the external electronic community and a connection with the external electronic community. Registered users of the electronic community request information access to the private area by supplying at least one unique identifier associated with a membership for membership verification and storage of the membership verification. The electronic community uses the connection to verify the unique identifier with the external electronic community. The registered users log into the electronic community. The electronic community uses information obtained during the logging to stored membership verification to enable information access to the private area.01-06-2011
20110004926Automatically Handling Proxy Server and Web Server Authentication - A mechanism is provided for automatically handling server authentication. Responsive to receiving a response to a synthetic transaction from a server, a determination is made as to whether the response contains an authentication challenge. If the response contains the authentication challenge, the response is parsed to identify one or more attributes associated with the authentication challenge. A determination is made as to whether one or more attributes associated with each realm in a set of realms stored in a realm list matches the one or more attributes associated with the authentication challenge. If there is a match, an authentication response to the authentication challenge is generated for the matched realm. The authentication response is then sent automatically to the server in order to authenticate the synthetic transaction.01-06-2011
20120240209SECURE INFORMATION DISTRIBUTION BETWEEN NODES (NETWORK DEVICES) - In an embodiment, a method of secure information distribution between nodes, includes: performing a handshake process with an adjacent node to determine membership in a secure group; and distributing secure information to the adjacent node, if the adjacent node is a member of the secure group. In another embodiment, an apparatus for secure information distribution between nodes, includes: a node configured to performing a handshake process with an adjacent node to determine membership in a secure group, and distribute secure information to the adjacent node, if the adjacent node is a member of the secure group.09-20-2012
20120240208MOBILE TERMINAL APPARATUS - A mobile terminal apparatus checks if a user is a proper user based on the operation of the user and, if the result of authentication is negative, uploads predetermined data, which is part of data stored in a memory, to a predetermined server. After the transmission is completed, the mobile terminal apparatus erases the uploaded data from the memory. It is also possible to instruct the mobile terminal apparatus to upload and erase data from an external source using an electronic mail or a telephone tone signal sequence. This may protect data contained in mobile terminal apparatus that has been lost, from a person who improperly attempts to access the data.09-20-2012
20120240207APPARATUS, METHOD, AND PROGRAM FOR VALIDATING USER - User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information.09-20-2012
20120266226SECURE AUTHENTICATION SYSTEMS AND METHODS - Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.10-18-2012
20120266224METHOD AND SYSTEM FOR USER AUTHENTICATION - A method for user authentication for accessing from a client to a server over a packet based network using an one-time password, wherein the client includes a first secret, and the server includes a database for storing a second secret and a chosen username associated with the second secret, wherein the method includes providing the second secret associated with the first secret by the client to the server and storing the second secret and the chosen username in the database; transmitting a challenge from the server to the client; computing the one-time password by the client using the second secret and the random data decoded from the challenge; submitting the one-time password and the chosen username on the client to access the server; validating the one time password received from the client with the one-time password.10-18-2012
20110047609INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, MOBILE COMMUNICATION DEVICE, AND METHOD FOR MANAGING USER INFORMATION USED FOR THEM - An information processing system is provided that guarantees personal authentication only while a mobile communication device is connected to allow user information, stored in the mobile communication device, to be used while using a PC on which a guest account is used. In the information processing system, the mobile communication device is used as art authentication key when a user logs into an information processing device, and information on a personal setting environment stored in the information processing device and information on application software used in the information processing device are acquired and saved into the mobile communication device, which is used as the authentication key, as personal account information.02-24-2011
20110047608DYNAMIC USER AUTHENTICATION FOR ACCESS TO ONLINE SERVICES - A dynamic authentication system that makes authentication stronger, while reducing the cost to business and the burden to users. The system includes a service that provides centralized, non-federated, proxied authentication. The system uses a two-pass authentication process that first receives a supposed identity of the user and then determines one or more authentication criteria for proving that supposed identity. When the user attempts to use an online service that relies on the dynamic authentication system for authentication, the service requests the user's identity. The system dynamically determines authentication criteria for the user to prove the provided identity belongs to the user. In the second pass, the service receives a response from the user containing additional authentication information, and forwards the received response to the system for verification. If verification succeeds, the service allows the user to access the requested resources.02-24-2011
20110047607User verification using voice based password - Verifying a user includes: receiving a service request; generating a text based first dynamic password upon receiving the service request; converting the first dynamic password into sound information; transmitting the sound information to a user terminal over a communication network; receiving over the Internet a second dynamic password entered by the user based on the sound information, the second dynamic password being a text based password; comparing the first and second dynamic passwords for consistency; and indicating that verification is successful if the first and the second dynamic passwords are consistent.02-24-2011
20110047606Method And System For Storing And Using A Plurality Of Passwords - A system and method for managing a plurality of a user's authentication elements. In a preferred embodiment a user initiates a webpage browser session at a user website access device and activates a password manager program. The user's identity is authenticated to an authentication server and allowed to access a secure database comprising a plurality of website authentication elements. Thereafter, the user accesses a first secure website and the program determines the presence of a user authentication data field. When a user authentication data field is present the program instructs the authentication server to automatically transmit at least one of the authentication elements specific to the authentication data field of the first secure website to authenticate the user to the first website.02-24-2011
20110047605System And Method For Authenticating A User To A Computer System - A system and method for verifying the identity of a user to a secure website. The user provides a server associated with the secure website with an account identifier, a biometric authentication element comprising a voice print and secret pass phrase, and contact information for a user communication device during the enrollment process. Upon subsequent attempts to access the secure website the user is prompted to provide an account identifier. Upon receipt of the account identifier, the server transmits a request for voice print and pass phrase samples to the user's communication device. The server receives the samples, compares them to the user's stored voice print and pass phrase and authenticates the user to the secure website if the sample voice print and sample pass phrase match the stored voice print and pass phrase sample. The server request may comprise a sponsored message. Additionally, the server may request the user speak a pass phrase comprising an advertiser's slogan, product name, or company name.02-24-2011
20120324557SYSTEM AND METHOD FOR REMOTE INTEGRITY VERIFICATION - Systems and methods are disclosed herein for verifying the integrity of a remote computing device. The system includes a challenge processor in communication with a communication device. The challenge processor selects a challenge from a plurality of challenges for determining the integrity of a computer program on a remote computing device. The challenge is selected in a manner which is substantially unpredictable by the remote computing device. The communication device transmits the challenge to the remote computing device and receives an output of the challenge. The challenge processor is also configured to determine from the output of the challenge whether the integrity of the computer program on the remote computing device has been compromised.12-20-2012
20120324556PASSPORTING CREDENTIALS BETWEEN A MOBILE APP AND A WEB BROWSER - Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. Embodiments may operate by authenticating a device session from a native app executing on a client device producing a device session token; passing the device session token from a native app to an embedded browser to authenticate a user when entering a web flow; and entering the web flow, according to the session token, on an embedded browser driven by the native app so that the user encounters a single shared session (device session and web session) running at least two parallel secure communication interactions with an infrastructure.12-20-2012
20110231913SYSTEM AND METHODS OF DETERMINING COMPUTATIONAL PUZZLE DIFFICULTY FOR CHALLENGE-RESPONSE AUTHENTICATION - Computational puzzles are parameterized by a difficulty variable which may be assigned based on at least one component from the group of components: time component, location component, reputation component, usage component, content component, and social networking component. For example, in one embodiment, the proof-of-work puzzle comprises a location component directed by the geographic location of the client that can be applied to any web transaction or application. One such application involves online ticket sales including those that employ purchasing robots. Another application involves accessing and using webmail.09-22-2011
20110231912SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING A MOBILE DEVICE USING AN ACCESS TOKEN - In accordance with embodiments, there are provided mechanisms and methods for authenticating a mobile device using an access token. These mechanisms and methods for authenticating a mobile device using an access token can provide authentication in an automated manner. The ability to provide authentication in an automated manner can enable repeated access to data by a user without requiring an associated repetitive manual authentication by the user.09-22-2011
20110239286MOBILE COMMUNICATIONS TERMINAL AUTHENTICATION AND SETTLEMENT SYSTEM AND METHOD - To authenticate fingerprint information detected by a mobile communications terminal at a fingerprint registration depot provided on the Internet, to thereby perform appropriate and reliable electronic authentication and electronic settlement, in a mobile communications terminal authentication and settlement system in which a mobile communications terminal accesses various websites on the Internet to perform electronic authentication and electronic settlement, the mobile communications terminal includes an operation panel that can be used in common for a fingerprint sensor mode and a touch panel mode. On the Internet, there is provided a fingerprint registration depot, to which the mobile communications terminal is connected and at which detected fingerprint information is compared with fingerprint authentication information registered in advance, to thereby perform fingerprint authentication. The mobile communications terminal is authorized to access the various websites via the Internet when authentication is successfully performed at the fingerprint registration depot.09-29-2011
20110239285AUTHENTICATION BYPASS METHOD - A method for reactivating a telematics device configured to make a data call via a roaming partner of a service provider is disclosed. The service provider has an authentication bypass feature which uses an authentication bypass key common to the telematics device and the service provider to allow the telematics device to make a data call without authentication. The method comprises setting the authentication bypass key on a server of the service provider equal to a previous authentication bypass key, wherein the previous authentication bypass key was used by the authentication bypass feature prior to deactivation of the telematics device. The method includes setting the authentication bypass key on the telematics device equal to the previous authentication bypass key. The method further comprises commencing the data call through the roaming partner by sending the authentication bypass key to the service provider from the telematics device via the roaming partner.09-29-2011
20110258688RESOURCE MONITORING USING A JMX MESSAGE BRIDGE - A system, method, and computer program product for monitoring managed resources by subscribing to broadcast notifications relayed by a Java Management Extensions (JMX) message bridge between JMX managed beans (JMX MBeans) and a client application with user interface (UI) components. In an embodiment, ADOBE™ FLEX™ user UI components subscribe to JMX broadcast notifications. The method generates messages destined for UI components using a JMX broadcaster. JMX MBeans are created in a JMX server and are subscribed to JMX broadcasts. The JMX MBeans are created with filter values identifying destination UI components. A JMX managed object name is passed to the UI during the creation of the UI components. The UI components become consumers of a message topic. A JMX message adapter dedicated to the communication with the JMX MBeans receives JMX broadcast notifications. Messages generated by the JMX broadcaster are relayed to the destination UI components through the JMX MBeans.10-20-2011
20120331536SEAMLESS SIGN-ON COMBINED WITH AN IDENTITY CONFIRMATION PROCEDURE - A method executable by a server system confirms the identity of a user of a client device. The method receives an activation request from the client device and maintains information corresponding to a destination resource requested by the client device. In response to receiving the activation request, the server system sends a code to a registered device of the user. After sending the code, the server system receives a verification request from the client device. The verification request includes a user-entered representation of the code. In response to receiving the verification request the client device is activated as a new registered device for the user, and the server system seamlessly provides the destination resource to the client device using the maintained information.12-27-2012
20120278872SYSTEM AND METHOD OF FEDERATED AUTHENTICATION WITH REVERSE PROXY - A Security Assertion Markup Language (SAML) conversation is intercepted in an enhanced Reverse Proxy server computer located in the path between a user and a server computer that provide cloud application services to the user. During authentication, the SAML assertion signature is modified in the enhanced Reverse Proxy such that the enhanced Reverse Proxy and the user can share an encryption key. The modified assertion signature permits a common session key to be shared by the enhanced Reverse Proxy and a targeted application in the server, thus enabling the user to be authenticated, and subsequently to communicate via the enhanced Reverse Proxy in a secure session with an application in the server.11-01-2012
20120278874METHOD AND SYSTEM FOR ACCESSING NETWORK THROUGH PUBLIC EQUIPMENT - A method and system for accessing to a network through public equipment are provided in the invention. The method includes: after an access service node (ASN) receives a network access request message from a. User on public equipment, the ASN sending the network access request message to an authentication center (AC), wherein, the network access request message comprises at least the user's account and password; the AC verifying validity of the account and the password, if the verification is passed, sending the user's access identifier (AID) to the ASN; and after the ASN receives said user's AID, the ASN sending the user's AID to the public equipment, the public equipment taking the user's AID as a virtual AID and using the virtual AID to send and receive user's messages. By the present invention, users who access to the network through the public equipment can be tracked and traced effectively.11-01-2012
20120278870MULTIPLE INDEPENDENT AUTHENTICATIONS FOR ENHANCED SECURITY - A system and associated method for providing enhanced site access security by use of multiple authentications from independent sources. A security enhanced user service system has components of a user authentication process, a service application, a multi-authentication module and an authentication database. A user attempting to use the service application accesses through a client system that is coupled to the security enhanced user service system. The user authentication process receives login information from the user, checks for validity, and sends to the multi-authentication module to further verify the login information. The multi-authentication module generates a grant or denial by use of predefined logical condition to satisfy for the grant response, data stored in the authentication database, another security enhanced user service system etc., pursuant to a specific configuration.11-01-2012
20120278871USER IDENTIFICATION METHOD APPLICABLE TO NETWORK TRANSACTION AND SYSTEM THEREOF - A user identification method and a system thereof. A user device delivers a certificate packet with a unique serial number to a certificate server, and receives a reply packet with a password from a password server. The user device then uses the password and the unique serial number to produce a user terminal identification code, and then delivers an identification packet with the user terminal identification code to the certificate server. After receiving the certificate packet, the certificate server delivers an inquiry packet with the unique serial number to the password server, and then the password server inquires about password and expiration time thereof according to the unique serial number. After receiving the identification packet, the certificate server verifies the validity of the user terminal identification code and the expiration time with a database to determine if the user is admitted to proceed to the subsequent transaction.11-01-2012
20120331537NETWORK-AGNOSTIC CONTENT MANAGEMENT - System(s) and method(s) are provided for content management, e.g., exchange and manipulation, across devices provisioned through disparate network platforms. Devices can be mobile or stationary, and connect to provisioning network platforms through various network bearers. Through various secure protocols, a client component within a device secures access to content and provides secure delivery thereof. Directives for content manipulation are also delivered securely. Delivery of contents and directives are performed from device to device, routed via gateway nodes within a network platform that provisions the device. In addition, or alternatively, content management can be implemented through an intermediary component, which can also validate devices and secure delivery of content or directives. Alarm signaling among devices provisioned through disparate network platforms also can be securely conveyed. Intermediary component also can be exploited for content management among subscribers of disparate network providers.12-27-2012
20110265170METHOD AND APPARATUS FOR ENABLING AUTHENTICATION OF ON-LINE COMMUNICATIONS - Method and apparatus for enabling authentication of on-line communications. In some embodiments, a message code is embedded in an e-mail, where the message code can be used by the recipient to verify the authenticity of the e-mail or of a Web site. In some embodiments, this code can be created for a particular e-mail message; in other embodiments, the code is created as a watermark for use by a customer or other a specific user or recipient. The message code is associated with both the e-mail message and the recipient. In the case of a message-specific code, a recipient can verify the e-mail message by inputting the code via a Web server to be looked up in the database. Provision is also made for including stenographic information in graphical or other codes as further authentication when accessing a Web site.10-27-2011
20110277024LOCALLY STORED PHISHING COUNTERMEASURE - A system and method for authenticating a resource such as a website or webpage is provided. In response to a script provided with a resource, a verification file is initially generated and stored at a client device. The verification file may be selected or generated with user input. On a subsequent occasion when a resource is accessed by the client device, a script is executed to attempt to retrieve the verification file and display the file at the client device. If the verification file is successfully retrieved and displayed and recognized as the correct verification file, the resource is authenticated.11-10-2011
20110277023Audible authentication for wireless network enrollment - Described herein are one or more techniques for using an audible authentication of a wireless device for enrollment onto a secure wireless network. With one or more described techniques, an unauthorized wireless device audibly emits a uniquely identifying secret code (e.g., a personal identification number (PIN)). In some implementations, the audible code is heard by the user and manually entered via a network-enrollment user interface. In other implementations, a network-authorizing device automatically picks up the audible code and verifies the code. If verified, the wireless device is enrolled onto the wireless network.11-10-2011
20110277022Apparatus and Method for Establishing a Peer-to-Peer Communication Session with a Host Device - The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the host device is received from a server via a wide area network, routing information of the client device is provided to the server, and authentication information is provided to the host device via the wide area network. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.11-10-2011
20120331538METHOD AND COMMUNICATION DEVICE FOR ACCESSING TO DEVICES IN SECURITY - A method for a communication device for securely accessing a device includes obtaining accessing authentication information via an out-band channel, the accessing authentication information being used for accessing authentication between a service request device and a service providing device, the service request device and the service providing device sharing the same management device, and forming the out-band channel with the management device respectively (12-27-2012
20100229231LICENSE MANAGEMENT SYSTEM, LICENSE MANAGEMENT METHOD AND LICENSE MANAGEMENT PROGRAM - A license management system is connected to an authentication database holding information about license and user and manages a plurality of licenses. The system comprises a data receiving section, a data reading section and a license confirmation section. The data receiving section receives a user ID which is a code to identify a user. The data reading section reads out from the authentication database a user-type ID which is associated with the received user ID and is a code to identify the type of the user, and reads out from the authentication database a license ID which is associated with the user-type ID and is a code to identify the license. The license confirmation section confirms the content of a license which is associated with the read-out license ID and whether the license is correct on the basis of the confirmed content, and allows login by the user only when the license is correct.09-09-2010
20110289572System And Method For User Authentication - A computer-implemented authentication method is described. The method includes the steps of (a) receiving an authentication request at an authentication computing system, the request including a resource identifier, (b) identifying one or more authentication pools associated with the resource identifier, each authentication pool including at least one authentication method implementation, (c) executing a pool authentication process for the one or more identified authentication pools, and (d) transmitting a response to the identification authentication request based on the execution of the pool authentication process for the one or more identified authentication pools.11-24-2011
20120102559INFORMATION PROCESSING SYSTEM, TERMINAL DEVICE, AND SERVER - With a terminal apparatus that includes an authentication method deciding unit that selects one of two or more authentication methods according to acquired position information, an authentication screen output unit that outputs a screen corresponding to the one authentication method, an accepting unit that accepts authentication information that is input on that screen, an authentication information sending unit that sends an authentication method identifier that identifies an authentication method and the authentication information to a server, an output information receiving unit that receives, from the server, one or more pieces of output information corresponding to the authentication method identification information in the case of success of authentication, and an output information output unit that outputs output information, information necessary for medical practice can be acquired while appropriately securing the privacy of a patient.04-26-2012
20120102558SYSTEM, SERVER DEVICE, METHOD, PROGRAM, AND RECORDING MEDIUM THAT ENABLE FACILITATION OF USER AUTHENTICATION - A terminal device acquires item property information from a medium, and transmits, to a server device, terminal identification information of the terminal device, which is assigned by the server device in advance and stored in storage means and item property information acquired from the medium. The server device stores the terminal identification information and the item property information received from the terminal device, and transmits, to a device, information generated based on the terminal identification information and the item property information received from the terminal device. The server device performs authentication of a user of the terminal device based on the terminal identification information. Because this terminal identification information is assigned by the server device, transmission of the information does not entail a risk of leakage of personal information, unlike a case in which personal information such as a telephone number is used for authentication.04-26-2012
20120102557Security provision for a subject image displayed in a non-secure domain - A data processing device is provided with a processor core 04-26-2012
20120102556Method and System for Smart Card Migration - Methods and systems are disclosed for transitioning an existing in-use phone number between an first smart card and a second smart card.04-26-2012
20120291113System and Method for Authentication of Users in a Secure Computer System - A system and method for authenticating a user in a secure computer system. A client computer transmits a request for a sign-on page, the secure computer system responds by transmitting a prompt for a first user identifier, and the client computer transmits a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. A server module authenticates the first and second user identifiers, and compares the transmitted plurality of request header attributes with request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if a predetermined number of transmitted request header attributes match stored request header attributes, the server software module transmits a success message, and the user is allowed to access the secure computer system.11-15-2012
20120291112AUTOMATIC ACCESS TO NETWORK DEVICES USING VARIOUS AUTHENTICATION SCHEMES - An access discovery method and system discovers and stores the proper access protocol for each device on a network. The discovery process includes progressively sequencing through state transitions until a successful access protocol sequence is determined, and an access script corresponding to this sequence is stored for subsequent access to the device. Preferably, the protocol-discovery algorithm is modeled as a state table that includes a start state and two possible terminal states: success and failure. A state machine executes the state table until a terminal state is reached; if the terminal state is a failure, the system backtracks to attempt an alternative sequence. The process continues until the success state is reached or until all possible sequences are executed without success. An exemplary state model is provided that has been shown to be effective for modeling network devices from a variety of vendor devices.11-15-2012
20100199339MOBILE TERMINAL DEVICE, WIRELESS COMMUNICATION UNIT, WIRELESS COMMUNICATION SYSTEM, AND WIRELESS COMMUNICATION METHOD - A mobile terminal device, a wireless communication unit, a wireless communication system, and a wireless communication method by which 1:N communication can be realized at low power consumption and a CH occupation time can be shortened. After each terminal transmits an authorization request, it performs a carrier sense with the pattern corresponding to the transmission timing and waits for authorization response from a key unit (08-05-2010
20100199338ACCOUNT HIJACKING COUNTER-MEASURES - A method for providing an additional layer of authentication prior to accessing a user's account even though the user's credentials have previously been verified. User accounts are often accessed via a sign-in page that verifies the user's credentials. Upon detecting a device accessing the sign-in page, an identifier associated with the device is obtained. One such type of identifier is the IP address assigned to the device. Based on the identifier, it is determined whether the device is trusted or not. Even thought the user's credentials are verified via the sign-in page, if the device is not trusted, a second authentication page is presented to the user prior to proceeding to the account. The second authentication page presents at least one security question. The security question is based on information contained in the user's account (e.g., contact information, event information, electronic messages, etc.). The user is required to correctly answer the security question in order to access the account.08-05-2010
20130014242COMMUNICATIONS SYSTEM INCLUDING VALIDATION BASED UPON A UNIQUE IDENTIFICATION CHANGE AND RELATED METHODS - A communications system may include a mobile wireless communications device having a unique identification (UID) associated therewith and configured to send and receive emails. The communications system may also include an email server configured to withhold sending queued email to the mobile wireless communications device based upon a change in the UID associated with the mobile wireless communications device. The email server may also cooperate with the mobile wireless communications device to prompt for entry of at least one user email access credential, and responsive to validation of the at least one user email access credential, send the queued email to the mobile wireless communications device.01-10-2013
20130014241Providing Selective Access To A Web Site - A restricted web site has features that are selectively exposed to clients. A screening web site interacts with clients and collects data about the clients using passive and/or active techniques. The screening site generates a token for the client, and includes data in the token identifying the token and describing the client. The token is encoded in a cookie and saved in the client's web browser. The client subsequently provides the token to the restricted site. The restricted site validates the token to ensure that it is legitimate, has not expired, and has not been used before. The restricted site selects one or more features to provide to the client based on the data about the client in the token and/or on other information. If the client does not present a token or the token is invalid, the restricted site does not expose any features to the client.01-10-2013
20130014240IMAGE FORMING APPARATUS COMMUNICATING WITH EXTERNAL DEVICE THROUGH NETWORK, NETWORK SYSTEM, METHOD OF CONTROLLING IMAGE FORMING APPARATUS, PROGRAM, AND STORAGE MEDIUM - An image forming apparatus configured to communicate with an authentication apparatus through a network, the image forming apparatus including: an acquisition unit configured to acquire a user ID through the network; a transmission unit configured, when the user ID is acquired by the acquisition unit, to transmit an authentication request including a user ID to the authentication apparatus through the network; and a control unit configured to allow the user to log in to the image forming apparatus according to an authentication result in response to the transmitted authentication request.01-10-2013
20130014239Authenticating a rich client from within an existing browser session - A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.01-10-2013
20100132023Machine, Program Product, And Computer-Implemented Method For File Management, Storage, And Display In Albums Utilizing A Questionnaire - A database stores a plurality of files assigned by a user to a plurality of categories representing notable events in a life of the user. The user is prompted to fill out a questionnaire associated with a file. The questionnaire data includes album data, a journal entry, event information, and display information, including a relative picture size so that an album page can include a large number of relatively small pictures, and a small number of relatively larger pictures. Then a display device displays an album of files in pre-selected formats responsive to the questionnaire data. Individual journal entries can also be aggregated into one master journal, and the display device can display a portion of the master journal responsive to user criteria so that a user can view journal entries for a category, a particular date range, or files in an album.05-27-2010
20100132022Systems and Methods for Information Backup - A system for granting or denying access to nodes on a network, includes a first node including a list of nodes that can be granted or denied access to the first node, and at least one other node. The first node and the at least one other node are connected across the network. When the at least one other node attempts to gain access to the first node, the first node reviews the list of nodes to determine whether access should be granted or denied to the at least one other node.05-27-2010
20100132021INTEGRATION AUTHENTICATION METHOD AND INTEGRATION AUTHENTICATION SERVER - Provided are an integrated authentication method and an integrated authentication server. The integrated authentication method using the integrated authentication server includes receiving integrated authentication request information and a company code for password authentication by the integrated authentication server, requesting a serial number of a predetermined authentication device and determining whether the received company code is identical to a provider company code in response to the received serial number, if the received company code is identical to the provider company code, requesting generation of a test password and determining whether a received test password is identical to a reference password, and if the test password is identical to the reference password, approving password authentication using the authentication device at a provider company corresponding to the provider company code. The integrated authentication method and the integrated authentication server enable all types of financial trades and e-commerce using a single authentication device authenticated by the integrated authentication server and allow the authentication device to avoid the risk of hacking. Moreover, companies commonly bear an authentication fee for the authentication device, thereby promoting the spread and utilization of the authentication device.05-27-2010
20100132020Presentation Management System and Method - An online presentation authoring method includes allowing a primary author to perform a primary set of tasks concerning at least a primary portion of an online presentation, and requesting that a guest author perform a secondary set of tasks concerning a secondary portion of the online presentation.05-27-2010
20120151565SYSTEM, APPARATUS AND METHOD FOR IDENTIFYING AND BLOCKING ANOMALOUS OR IMPROPER USE OF IDENTITY INFORMATION ON COMPUTER NETWORKS - A system, apparatus and method is described for a security platform and/or identity platform for identifying, notifying, reporting and blocking pass-the-hash attacks and the anomalous or improper use of identity information on computer networks. The system, apparatus or method follows a policy of zero-trust, and does not rely on any client or server information to verify or confirm identity. Instead, the system, apparatus or method of the invention monitors communications between network devices, and when a first device transmits a communication of interest to a second device, the system, apparatus or method of the invention queries the first device directly to determine whether the transmission is authorized.06-14-2012
20120151564System and method for associating a universal user indentification and a domain specific user identification - There is presented a system and method for associating a domain transcendent identification (ID) of a user and a domain specific ID of the user, the system comprising an ID association server accessible by a plurality of secure domains over a network. The system also includes an ID associator application that when executed by ID association server is configured to receive a domain specific ID that associates the user to the secure domain, enter the domain specific ID in a domain transcendent ID record created for the user, generate a unique data associated with the domain transcendent ID record and identify a network location for submission of the unique data, send the unique data and the network location to the user, and associate the domain transcendent ID and the domain specific ID.06-14-2012
20130019297System and Method for Communicating with a Client Application - A system and method for communicating with a client application that can include at a communication platform, receiving an authorization token of a first client application; verifying at least one permission associated with the authorization token; at a first server of the communication platform, accepting an incoming communication request; retrieving communication instructions from a server according to the incoming communication request; identifying an instruction to communicate with a communication destination of the first client application; and establishing communication with the first client application.01-17-2013
20130019296METHODS AND SYSTEMS FOR PROCESSING AD SERVER TRANSACTIONS FOR INTERNET ADVERTISING - Computer systems and methods for processing ad server transactions are provided. In some embodiments, the computer systems and methods may comprise determining an application to execute on an Internet-connectable device in response to a user interaction with an advertisement displayed on the Internet-connectable device; causing the Internet-connectable device to execute the application; receiving a security token, wherein the security token indicates successful authentication of the user by a transaction server associated with the application; after receiving the security token, initiating at least one transaction with the transaction server on behalf of the application in response to a user action within the application; and communicating results of the at least one transaction to the user.01-17-2013
20130019295METHOD AND SYSTEM FOR OPEN AUTHENTICATIONAANM PARK; Sung-JinAACI Yongin-siAACO KRAAGP PARK; Sung-Jin Yongin-si KRAANM Woo; Hong-UkAACI SeoulAACO KRAAGP Woo; Hong-Uk Seoul KRAANM Kim; Kwan-LaeAACI Suwon-siAACO KRAAGP Kim; Kwan-Lae Suwon-si KRAANM Kwon; Soon-HwanAACI Seongnam-siAACO KRAAGP Kwon; Soon-Hwan Seongnam-si KR - Methods and apparatus for authentication are provided. A token request is received at a Web server from a third-party Web server. The third-party Web server is authenticated at the Web server. A token is issued to the third-party Web server. A user is authenticated based on the token issued to the third-party Web server. A token approval request is sent to a resource owner. A token approval or non-approval is received from the resource owner through a predefined channel.01-17-2013
20130019293Enabling Access to Electronic Content Based on Possession of Physical ContentAANM Puppin; DiegoAACI ArlingtonAAST MAAACO USAAGP Puppin; Diego Arlington MA US - A user may desire to access an electronic version of content the user possesses in physical form. To enable access to electronic content, a request to access identified electronic content is received from a client. A challenge requesting information about physical content corresponding to the identified electronic content is sent to the client. A response to the challenge is received from the user of the client and authenticated. The client is provided with access to the electronic content responsive to authenticating the response.01-17-2013
20130019292Devices, Systems and Methods for Security Using Magnetic Field Based IdentificationAANM Varshavsky; AlexanderAACI East HanoverAAST NJAACO USAAGP Varshavsky; Alexander East Hanover NJ USAANM Li; Kevin AnsiaAACI ChathamAAST NJAACO USAAGP Li; Kevin Ansia Chatham NJ US - Devices, systems and methods are disclosed for determining an electromagnetic signature for authenticating a device, a user, and/or a location. In exemplary embodiments, a magnetometer captures an electromagnetic signature which is then compared with one or more authorized electromagnetic signatures. If the electromagnetic signature matches an authorized electromagnetic signature, then access is granted. The magnetometer is integrated into a communication device having a processor and a logic. The magnetometer captures an electromagnetic signature of a surrounding environment and detects motion of the communication device through the captured electromagnetic signature. The logic on the communication device locks or unlocks features of the device based upon the captured electromagnetic signature. In further embodiments of the subject disclosure, the magnetometer is in communication with a server which authenticates a user or communication device to provide access to a remote location.01-17-2013
20130019298METHOD AND SYSTEM FOR AUTHENTICATING A POINT OF ACCESSAANM Jover Segura; XavierAACI LondonAACO GBAAGP Jover Segura; Xavier London GBAANM El-Moussa; FadiAACI LondonAACO GBAAGP El-Moussa; Fadi London GB - Rogue or malicious access points pose a threat to wireless networks (01-17-2013
20130019294DATA SHARING SYSTEM WITH A DIGITAL KEYAANM Yu; Hong-ChiAACI Kaohsiung CityAACO TWAAGP Yu; Hong-Chi Kaohsiung City TWAANM Chang; Mao-TingAACI Kaohsiung CityAACO TWAAGP Chang; Mao-Ting Kaohsiung City TW - The present invention provides a data sharing system with a digital key in order to deliver data sharing via Internet or a local area network by means of either at least one data storage device electrically connected to a digital box or a storage space inside a memory unit of the digital box which links a server. At the moment, a computer user could use one digital key only to link a server and further complete read-out, write-in, modification, deletion or addition of data/files in the data storage device or the storage space with the digital key's peer identification code and the digital box's peer authentication code belonging to the same group validated by the server.01-17-2013
20100125897METHODS AND APPARATUS FOR ESTABLISHING A DYNAMIC VIRTUAL PRIVATE NETWORK CONNECTION - Methods and apparatus for managing a dynamic virtual private network (VPN) connection of an endpoint device using locally-stored encrypted VPN profiles. The endpoint device comprises a VPN client configured to establish a secure connection with a computer via a network, an encrypted datastore for storing the encrypted VPN profiles, and a security agent for monitoring a security compliance status of the endpoint device with a security policy stored on the endpoint device. In response to detecting a change in the security compliance status of the endpoint device, the security agent copies VPN profiles from the encrypted datastore to a storage location accessible to the VPN client. The VPN client is configured to use the copied VPN profiles to securely connect to the computer. Periodic update requests from the security agent to an administrative server enable updated VPN profiles or security policies to be downloaded and stored in the encrypted datastore.05-20-2010
20110162056CONTENT DELIVERY SYSTEM - This system 06-30-2011
20130024926AUTHENTICATION APPARATUS, SERVICE PROVIDING SYSTEM, AND COMPUTER READABLE MEDIUM - An authentication apparatus includes following components. In an authentication table, first authentication information, login information, and second authentication information are associated. A communication unit communicates with another apparatus. A first login processing unit compares identification information with the first authentication information, and rewrites the login information to a logged in state and notifies the other apparatus of successful authentication when the identification information matches the first authentication information. The logout processing unit compares identification information with the first authentication information, and rewrites the login information to a logged out state when the identification information matches the first authentication information. The second login processing unit compares the identification information with the second authentication information, and notifies the other apparatus of successful authentication when the identification information matches the second authentication information and the corresponding login information indicates the logged in state.01-24-2013
20130024925LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP) PROXY - Two factor LDAP authentication systems and methods are presented. In one embodiment, implementation of a method for authenticating a user through a two factor process includes: at an LDAP proxy server, receiving a BIND request from a client, wherein the BIND request is for authenticating a user associated with a username to an LDAP server, and wherein the BIND request comprises a password comprising a first factor security code and a second factor security code; stripping the second factor security code from the password; reconfiguring the BIND request with the password that is stripped of the second factor security code; forwarding the reconfigured BIND request to the LDAP server for authentication of the username using the first factor security code; performing authentication of the second factor security code; and positively authenticating the username to the LDAP server when the first factor security code and the second factor security code are authenticated in connection with the username.01-24-2013
20130024924Aggregation of Emailed Product Order and Shipping Information - Product order and shipping information received via email messages is automatically aggregated for ready user review. Once the user is authenticated, authorization to access their email mailbox is obtained and the email message headers of their mails are analyzed to identify those messages of interest. The bodies of the email messages of interest are parsed to extract the product order and shipping information which is stored and presented for display to the user typically grouped by individual product thus greatly simplifying user review of orders.01-24-2013
20080250484SYSTEM AND METHOD FOR CONTENT FILTERING - The system for content filtering includes at least one content server that stores content. The system also includes at least one client computer configured to transmit a request for the content to the at least one content server. The request contains an address of the content server and a port number associated with such a request for the content. A gateway is coupled to the at least one client computer. The gateway is configured to receive and renumber the request with a new rarely used port number associated with a filter privilege of a user of the at least one client computer. The system also includes a content filtering server, configured to block restricted content based on the filter privilege. Finally, a switch is coupled to the gateway, the content filtering server, and the content server. The switch is configured to listen for the request on the rarely used port number and to redirect the request to the content filtering server.10-09-2008
20080250483Method and System for Authenticating Products Using Serial Numbers and Passwords Over Communication Network - The present invention relates to a method and system for authenticating products using serial numbers and passwords over a network, which can determine whether the products are genuine based on the serial numbers, which are attached to the respective products, and the passwords, which can be viewed at the time of unsealing the products. When the present invention is used, authentication for a product is performed according to whether the serial number and password of the product match and whether a request for the authentication of the serial number has been made, and thus a reliable authentication system can be provided. Furthermore, one or more passwords for the product are sealed in or attached to the product, so that, if the password is not known, an imitation is distinguished as not being a genuine product, therefore an effective authentication system can be provided.10-09-2008
20080235777SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DENYING UNAUTHORIZED ACCESS TO A PRIVATE DATA PROCESSING NETWORK - Systems and methods for denying access to a data processing system by an intruder are provided. Input/output (I/O) on the intruder's connection may be taken over and responses mimicking a local terminal session passed back. On an attempted reconnect by the intruder, the user name and password used by the intruder to access the system may be captured. The password may then be changed on the edge system and the intruder's terminal session disconnected, or alternatively, continue to log the intruder's activity.09-25-2008
20080235776INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING PROGRAM, AND COMPUTER-READABLE MEDIUM - An information processing apparatus is disclosed that includes a user authentication unit that identifies a current user, a task acquiring unit that acquires task information of a relevant task associated with a file to be processed by the current user, and a file information storage unit that stores file information of the file to be processed in association with the task information of the relevant task.09-25-2008
20130174237SYSTEM AND METHOD FOR TRANSFERRING STATES BETWEEN ELECTRONIC DEVICES - In various example embodiments, a system and method for transferring the state of a first device to a second device are disclosed. An instruction to transfer a state of a first device to a second device is received. In response, information related to the state of the first device is packaged into a file. A type of connection to be used to transfer the state of the device is determined based on the connections available to the first device and the second device. The file containing the information of the state of the first device is transferred to the second device using the connection type. The file, when processed by the second device, causes the second device to reproduce the state of the first device.07-04-2013
20110265171METHODS AND SYSTEMS FOR PROVIDING WEBSITE HOSTING SECURITY - A method for registering user identification data in an application service provider data repository is provided, where the application service provider provides web services for a plurality of customers, each customer having a plurality of users with respective user identification data. The method includes receiving user identification data from one of the users through a website associated with one of the plurality of customers, retrieving customer identification data based on a uniform resource locator assigned to the website, concatenating the user identification data and customer identification data to create a user key, and registering a user account within the data repository based on the created user key.10-27-2011
20110265167MULTIFUNCTION APPARATUS, AUTHENTICATION SERVER, AND MULTIFUNCTION APPARATUS CONTROL SYSTEM - A multifunction apparatus 10-27-2011
20110265164CLOUD PLATFORM ARCHITECTURE - A cloud computing environment provides the ability to deploy a web application that has been developed using one of a plurality of application frameworks and is configured to execute within one of a plurality of runtime environments. The cloud computing environment receives the web application in a package compatible with the runtime environment (e.g., a WAR file to be launched in an application server, for example) and dynamically binds available services by appropriately inserting service provisioning data (e.g., service network address, login credentials, etc.) into the package. The cloud computing environment then packages an instance of the runtime environment, a start script and the package into a web application deployment package, which is then transmitted to an application (e.g., container virtual machine, etc.). The application container unpacks the web application deployment package, installs the runtime environment, loads the web application package into the runtime environment and starts the start script, thereby deploying the web application in the application container.10-27-2011
20080222712User-Browser Interaction Analysis Authentication System - Systems, methods and media for authenticating a user based on user-browser interaction are disclosed. Embodiments of a method may include, during an e-commerce session with a user, receiving a request for an action from the user and determining whether the requested action requires additional authentication. Embodiments may also include requesting analysis of user-browser interaction for the session, receiving a pattern matching score for the session, and performing an action based on the pattern matching score and the requested action. The pattern matching score may provide an indication of a comparison between the user's interaction with a browser during the session and a user-browser interaction profile for the user. The performed action may include completing an e-commerce transaction, accessing or modifying information, changing a password, requesting additional information, denying the requested action, or other action. Further embodiments may provide for authenticating the user with a first-level authentication.09-11-2008
20080222711Method and Apparatus to Create Trust Domains Based on Proximity - Devices and methods use close range communication links, e.g., near field communication (NFC) links, to authenticate communication devices to one another to create or join a new device to a trust domain. Once two devices establish a close range communication peer-to-peer link the devices exchange credential information that provide an infrastructure for the trust domain. Medium or long range wireless or wired network communication links can then be used for secure and trusted communications. Proximity limits of the close range communication P2P link enables mutual trust to be presumed among devices, providing added security to the process of extending a trust domain and reducing the need for security and authentication signaling. Embodiments provide a variety of methods for extending credential infrastructure among devices. Embodiments further enable simple to use virtual cables that can provide secure point-to-point communications that are configured merely by touching two communication devices together.09-11-2008
20080222710SIMPLIFIED ELECTRONIC MESSAGING SYSTEM - A simplified messaging system is provided. In various embodiments, the simplified messaging system receives a selection of an image representing an identification for a user that the user previously provided, receives a selection of multiple images representing a password for the user that the user previously selected, and logs the user into an electronic messaging system based on the selected images. In various embodiments, the simplified messaging system comprises a mail transport server that receives and forwards electronic messages, a mail registration server comprising an images component that stores images associated with user identifications and user passwords, and a mail client that receives a selection of an image identifying a user and multiple images associated with a password of the user, and logs the user into an electronic messaging system when the images are selected.09-11-2008
20130179958AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, AUTHENTICATION DEVICE, INFORMATION TERMINAL, PROGRAM AND INFORMATION RECORDING MEDIUM - It is determined whether or not a subject operating an information terminal is a human without requiring a character input. A client device displays an authentication screen, sequentially acquires positional information on the authentication screen based on operation information which has been received, records a path which is indicated by the sequentially acquired positional information, and transmits the recorded path to an authentication server. The authentication server determines whether or not an operation indicated by the operation information is an operation performed by a human based on a fluctuation amount of the recorded path with respect to a path as a reference which is defined on the authentication screen.07-11-2013
20130179956Mobile Anti-Phishing - A method for inhibiting phishing can include sending information from a mobile network device to a website server, generating a one time password at the mobile network device from the information, generating a one time password at the website server from the information, sending the one time password generated at the website server to the mobile network device when the mobile network device subsequently accesses the website, and comparing the one time password generated at the website server to the one time password generated at the mobile network device. In this manner, the website can be authenticated such that the occurrence of phishing is substantially mitigated.07-11-2013
20130179957PERSONAL IDENTIFICATION SYSTEM AND METHOD - The present invention shortens the time required for watch list verification, and shortens the time required generally for the personal identification processing which includes watch list verification. In a personal identification system, a biometric information watch list comparison function (07-11-2013
20130179953Confidential information access via social networking web site - A server computing device for a social networking web site receives from a user, via access of the web site, confidential information regarding the user, including information that the user does not socially share on the web site. The device associates the confidential information with a user identifier that uniquely identifies the user on the web site, and with an export group identifier corresponding to a type of the confidential information. The device associates the export group identifier with a password different from a user password the user employs to access the web site. The device receives, from a third party, a purported user identifier, a purported export group identifier, and a purported password, which the device validates against the user identifier, the export group identifier, and the password. Where validation is successful, the device permits access to the confidential information by the third party.07-11-2013
20130179954Computer Implemented System and Method for Providing Users with Secured Access to Application Servers - A computer implemented system and method for providing users with secured access to application servers have been disclosed. The system and method envisaged by the present disclosure are not restricted to providing users with secured access to application servers. The system and the method also ensure that transactions performed by the users through the application servers remain secured and hack-resistant. The present disclosure envisages a system that acts as a secured, trusted gateway between the users and the application servers associated with providers of sensitive services such as banking and financial institutions. In case of the system envisaged by the present disclosure, rather than directly accessing an application server, users are made to contact the system of the disclosure and upon verification of their respective identities, are allowed to access the application servers associated with providers of sensitive services.07-11-2013
20130179955Identity Management System And Method Including Architecture For The Same - A computer implemented method for an identity management system, having: on a computer device having one or more processors and a memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for: providing a core gateway system; and providing a data processing engine. Also, a computer system and non-transitory computer-readable storage medium adapted for the same.07-11-2013
20130145448LOCK SCREENS TO ACCESS WORK ENVIRONMENTS ON A PERSONAL MOBILE DEVICE - One or more embodiments of the invention provide access to a work environment in a mobile device from a lock screen presented by a personal environment of the mobile device, wherein the work environment is running in a virtual machine supported by a hypervisor running within the personal environment and wherein the personal environment is a host operating system (OS) of the mobile device. The host OS receives an authentication credential from a user in response to a presentation of the lock screen on a user interface (UI) of the mobile device and then determines whether the authentication credential is valid for the personal environment or the work environment. If the authentication credential is valid for the personal environment, access is enabled only to the personal environment. If the authentication credential is valid for the work environment, access is enabled to both the personal environment and the work environment.06-06-2013
20130145449Method and Apparatus for Providing a One-Time Password - In a method for providing a one-time password for a user device belonging to a user, which password is intended to register the user device with a server, the server generates the one-time password using a cryptographic operation on the basis of a unique use identifier and transmits the password to the user device. The method provides a service provider with the possibility of tying additional conditions for registration to the one-time password and thus increases the flexibility of the service provider when configuring the services offered by the latter and increases security against manipulation.06-06-2013
20130174243BIOMETRIC AUTHENTICATION SYSTEM, COMMUNICATION TERMINAL DEVICE, BIOMETRIC AUTHENTICATION DEVICE, AND BIOMETRIC AUTHENTICATION METHOD - Provided is a biometric authentication system capable of preventing spoofing attacks even if leakage of key information and a registration conversion template occurs. A communication terminal device (07-04-2013
20110271337SYSTEMS, METHODS AND COMPUTER-READABLE MEDIA FOR REGULATING REMOTE ACCESS TO A DATA NETWORK - A system, which comprises an authorization controller operable for regulating establishment of user sessions over a data network; a processing subsystem operable for monitoring the user sessions and applying a walled garden policy, wherein application of the walled garden policy respectively associates each user in a certain subset of users with a respective walled garden selected from a common plurality of walled gardens; and a database for storing, in association with each said user in the certain subset of users, a respective identifier corresponding to the respectively associated walled garden. The authorization controller is further operable for responding to receipt of an access request identifying a particular user in the certain subset of users and received from a communication endpoint by (I) consulting the database to identify the walled garden respectively associated with said particular user and (II) directing the communication endpoint to said walled garden respectively associated with said particular user.11-03-2011
20110271336Computer and Access Control Method in a Computer11-03-2011
20120254967EXTERNAL DEVICE HAVING AT LEAST ONE MEMORY - The invention relates to an external device (10-04-2012
20120254962MANAGEMENT SYSTEM, A MANAGEMENT PROCESS, AND A QUICK ACCESS METHOD OF INFORMATION CONTENT FOR A DIGITAL NETWORKING DEVICE - The present invention discloses a method of information content quick access for a digital networking device. The method comprises the steps of: inputting an executing code in a terminal quick access system assembled at the digital networking device and opening an information content corresponding to the executing code by the terminal quick access system. The method further comprises the steps of: connecting the terminal quick access system to a cloud server system, acquiring an information content access website address corresponding to the executing code, connecting to the website address, and downloading an information content. The present invention further discloses an information content management system for executing the method of in formation content quick access. The information content management system comprises a cloud server system and at least one terminal quick access system.10-04-2012
20120254961Method of Distributing Information Regarding One or More Electrical Devices and System for the Same - Some embodiments concern a method of distributing information regarding one or more electrical devices using a first server. Each of the one or more electrical devices can have unique identification information, an internal IP address, and an external IP address. The method can include: receiving in the first server a first request to register a first electrical device of the one or more electrical devices, the first request to register comprises the unique identification information, the internal IP address, and the external IP address of the first electrical device of the one or more electrical devices; storing in the first server the unique identification information, the internal IP address, and the external IP address of the first electrical device of the one or more electrical devices using the first server; receiving in the first server from a first client computer a first request for information regarding the first electrical device of the one or more electrical devices; using the first server to determine the external IP address of the first electrical device of the one or more electrical devices; redirecting the first request for the information to a first gateway device if an external IP address of the first client computer is identical to the external IP address of the first electrical device of the one or more electrical devices; and returning the external IP address of the first electrical device of the one or more electrical devices if the external IP address of the first client computer is different from the external IP address of the first electrical device of the one or more electrical devices. Other embodiments are disclosed.10-04-2012
20130139237Method for digital identity authentication - In a preferred embodiment of the invention, an authenticating device (05-30-2013
20130091558METHOD AND SYSTEM FOR SHARING MULTIMEDIA CONTENTS BETWEEN DEVICES IN CLOUD NETWORK - A method and system for sharing contents between devices registered in a cloud system. A cloud server in the cloud system includes a web server for controlling access of a first device to the cloud server; a cloud control unit for controlling networking between devices registered in the cloud server and a content server having access to the cloud server; a device management unit for managing information regarding the first device and the registered devices; and a context recognition management unit for managing context information of the first device and the registered devices.04-11-2013
20130097684APPARATUS AND METHOD FOR AUTHENTICATING A COMBINATION CODE USING A QUICK RESPONSE CODE - An apparatus and a method are provided for authenticating a combination code using a Quick Response (QR) code. The apparatus includes a QR code receiver that receives an image frame including a QR code; a QR code recognizer that recognizes the QR code within the image frame; a combination code generator that generates a combination code including the QR code; and a combination code transmitter that transmits the combination code to an authentication server.04-18-2013
20130097683Trust verification schema based transaction authorization - A computationally implemented method includes, but is not limited to: for determining one or more behavioral fingerprints associated with one or more network accessible users; relationally mapping the one or more behavioral fingerprints to generate a trust verification schema associated with the one or more network accessible users; and determining whether to authenticate one or more transactions via the trust verification schema. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.04-18-2013
20130097682Authentication Techniques Utilizing a Computing Device - A pre-registration procedure is utilized to create a user profile for a user of a multi-factor authentication (“MFA”) service. A client application installation procedure is utilized to install a client application on a computing device that is to be utilized as an authentication factor for the MFA service. A computing device enrollment procedure is utilized to enroll the computing device on which the client application was installed for the MFA service. A voice enrollment procedure is utilized to create a voice print for the user of the computing device that is to be utilized as an authentication factor for the MFA service. An authentication procedure is utilized to provide multi-factor authenticated access to a service, such as an online service that provides access to sensitive account information.04-18-2013
20130205382Resource Access Based on Multiple Credentials - A collection of multiple user credentials each associated with one of multiple different users is obtained at a device, and one or more of the multiple user credentials are verified. A determination is made as to whether access to a resource is permitted, by at least comparing the collection of multiple user credentials to a threshold combination of user credentials to be satisfied to access the resource. An indication of whether access to the resource by a requesting user is permitted is returned or provided to another device.08-08-2013
20130104215SYSTEM AND METHOD FOR MANAGING NETWORK DEVICES - A system and a method for managing network devices are provided. The method includes the following steps. A central server is connected to a plurality of authenticated network devices via a network interface. The MAC (Media Access Control) address and the corresponding Internet Protocol (IP) address are stored in a database of the central server. The central server uses the MAC address to identify each authenticated network device. The central server periodically detects whether the IP address of each authenticated network device is changed. If the IP address of one or more of the authenticated network devices is changed, the central server updates the IP address corresponding to the MAC address stored in the database according to the changed IP address.04-25-2013
20130104214TOKEN BASED TWO FACTOR AUTHENTICATION AND VIRTUAL PRIVATE NETWORKING SYSTEM FOR NETWORK MANAGEMENT AND SECURITY AND ONLINE THIRD PARTY MULTIPLE NETWORK MANAGEMENT METHOD - A two-factor network authentication system uses “something you know” in the form of a password/Pin and “something you have” in the form of a key token. The password is encrypted in a secure area of the USB device and is protected from brute force attacks. The key token includes authentication credentials. Users cannot authenticate without the key token. Four distinct authentication elements that the must be present. The first element is a global unique identifier that is unique to each key. The second is a private credential generated from the online service provider that is stored in a secure area of the USB device. The third element is a connection profile that is generated from the online service provider. The fourth element is a credential that is securely stored with the online service provider. The first two elements create a unique user identity. The second two elements create mutual authentication.04-25-2013
20130104210AUTHENTICATION SYSTEM AND RELATED METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a key string adapted to provide a basis for authenticating the identity of the requester; a means for receiving an authentication credential associated with the request for access; and a means for evaluating the authentication credential to authenticate the identity of the requester.04-25-2013
20130104211AUTHENTICATION METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.04-25-2013
20130104208TRIPLE AUTHENTICATION: MOBILE HARDWARE, MOBILE USER, AND USER ACCOUNT - Enhanced network security is provided by requiring three types of information to be authenticated: user information identifying a user, security information that the user has entered into a network data communication device, and device information identifying the network data communication device. Systems and databases are described for processing and authenticating this information.04-25-2013
20130104216SYSTEM AND METHOD FOR ENHANCED PROTECTION AND CONTROL OVER THE USE OF IDENTITY - A method of protecting use of an entity's identity is provided. The method comprises setting a status of the identity to a first state, the first state defining a scope of permitted use of the identity, changing, in advance of an intended use of the identity, the status to a second state defining a scope of permitted use of the identity that is different from the first state, requesting use of the identity after the changing; and returning, after the requesting, the state back to the first state.04-25-2013
20130104218METHOD AND SYSTEM FOR SECURELY ACCESSING TO PROTECTED RESOURCE - The invention provides a method for securely accessing to protected resource and a system thereof, which belongs to information security field. A first terminal sends a request for accessing to the protected resource to a second terminal, and sends a user name and first data to the second terminal; the second terminal generates second data, and searches for a secret on a third terminal; the second terminal processes the first data, the second data, and the secret, so as to obtain a first characteristic value; the third terminal processes the first data, the second data, and the secret so as to obtain a second characteristic value, and upon receiving a confirmation message, processes the first data, the second data, and a secret pre-stored at/on the third terminal so as to obtain a third characteristic value; the first terminal sends the third characteristic value to the second terminal; the second terminal processes the first data, the second data, and the secret to generate a fourth characteristic value, and determines whether the fourth characteristic value is identical to the third characteristic value by comparison, if they are identical, accessing is permitted; otherwise, accessing is refused.04-25-2013
20130104213AUTHENTICATION METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client (such as a retail store, service station, on-line service provider or merchandiser, healthcare provider, medical insurer, information consumer or the like) a request for access to a secured resource, where the request for access was previously submitted to the service client by a requester purporting to be an authorized user of said secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.04-25-2013
20130104217MASK BASED CHALLENGE RESPONSE TEST - Providing a challenge response test associated with a computer resource includes generating a challenge response test image including providing a first substantially well-formed image, including a first masked image having a visible portion entirely composed of portions of a first well-formed image, and a first plurality of image elements; and providing at least one ill-formed image, each at least one ill-formed image including a second masked image having at least one first ill-formed portion.04-25-2013
20130104212AUTHENTICATION METHOD - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.04-25-2013
20130104209AUTHENTICATION SYSTEM - A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.04-25-2013
20130125226SSO FRAMEWORK FOR MULTIPLE SSO TECHNOLOGIES - Users desire useable security or a seamless means for accessing internet services whereby user interaction in the provisioning of credentials may be kept to a minimum or even eliminated entirely. The Single Sign-On (SSO) identity management (IdM) concept may be a means by which a user may be provided with such ease of use, while enabling user-assisted and network-assisted authentication for access to desired services. To enable seamless authentication services to users, a unified framework and a protocol layer interface for managing multiple authentication methods may be used.05-16-2013
20130125225Network-Based Revocation, Compliance and Keying of Copy Protection Systems - A method of authenticating a device involves establishing a local connection between a local target device and a local source device; at the source device, obtaining credentials of the target device via the local connection; at the source device, sending the credentials to a cloud authentication server via a secure communication channel; at the cloud authentication server, checking the credentials of the target device against a database of known good devices; at the source device, receiving a message from the cloud authentication server via the secure communication channel, said message indicating that the target device is authenticated; and delivering content from the source device to the target device on the condition that the target device is authenticated. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.05-16-2013
20130125224DEVICE ASSOCIATION VIA VIDEO HANDSHAKE - A method of pairing a first device with a second device is disclosed. Accordingly, an image that include encoded data is generated by the first device. The encoded data includes a unique identifier for identifying the first device and an arbitrary security code. The first device displays the image on a display. The second device captures the image using an image sensing device. The encoded data is decoded to generate a decoded data. The second device sends the decoded data to a server that is communicatively connected to the first device and the second device. Upon receiving the decoded data and using the unique identifier, the server communicates with the first device to verify the arbitrary security code.05-16-2013
20130125227METHOD FOR ACCESSING A STORAGE SERVER OF AN IM SERVICE SYSTEM, AND AN IM SERVICE SYSTEM - The present invention discloses a method for accessing a storage server of an IM service system and an IM service system. The method comprises: IM client sending registration request message to IM service system using first user identifier; after receiving registration request message, IM service system obtaining other user identifiers associated with the first user identifier, sending registration success response message comprising other user identifiers associated with the first user identifier to IM client; IM storage client sending login request comprising any one of multiple user identifiers to storage server; storage server receiving login request and obtaining other user identifiers associated with the user identifier in login request; the storage server passing identity verification of multiple user identifiers. The problem of repeat login of a user with multiple identifiers is effectively solved when accessing a storage server, the system access efficiency is improved and the user experience is enhanced.05-16-2013
20130133052Behavioral fingerprint device identification - A computationally implemented method includes, but is not limited to: determining a behavioral fingerprint associated with a network accessible user of one or more devices, the behavioral fingerprint providing a current status of the network-accessible user; and identifying a current device of the one or more devices as being currently used by the network-accessible user as a function of the determined behavioral fingerprint. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.05-23-2013
20090150984Method and system for securely authorizing VoIP interconnections between anonymous peers of VOIP networks - A peering authority or settlement clearinghouse can be used to control access, collect session accounting information, and provide financial settlement of interconnect or session fees among anonymous Internet Protocol (IP) peers or networks. The addition of peering policy criteria, such as price and quality of service, to peer to peer route discovery mechanisms enable a trusted intermediary, such as the settlement clearinghouse, to authorize acceptable interconnection or peering sessions between anonymous IP peers. Any financial settlement transactions which result from the peering sessions may be subsequently executed by the settlement clearinghouse.06-11-2009
20100281529SYSTEMS AND METHODS FOR PROVIDING CHANGE OF ADDRESS SERVICES OVER A NETWORK - This disclosure describes systems and methods for collecting and processing change of address data and providing change of address services to a customer using a computer network. The address data can include a physical address, an electronic address, or both. The systems and methods may also provide additional services to the customer to assist in changing addresses.11-04-2010
20100281527MONITORING NETWORK TRAFFIC BY USING A MONITOR DEVICE - A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID.11-04-2010
20110214171Multi-Mode Credential Authentication - A method for authenticating an identity involves a computing device receiving a first credential over a first communications channel, and determining a second communications channel from a comparison between the first received credential and a first reference credential provisionally associated with the first credential. The computing device opens the second communications channel and receives second credential over the second communications channel, and the identity is authenticated based on a verification of the second credential. The computing device authenticates the identity by generating a first identity proof score from a correlation between the first received credential and the first reference credential, generating a second identity proof score from a correlation between the second received credential and a second reference credential, and generating an ultimate identity proof score from the first identity proof score and the second identity proof score.09-01-2011
20110214167IMAGE PROCESSING APPARATUS, IMAGE PROCESSING SYSTEM, AND DISPLAY SCREEN CONTROLLING METHOD - An image processing apparatus comprises: a display part on which various information is displayed; an authentication information inputting part for receiving entry of authentication information made by a user; a setting information inputting part for receiving an operation to set made by the user, and inputting setting information; an authentication processing part for starting authentication processing to execute user authentication based on the authentication information in response to the entry of the authentication information; and a display controlling part for displaying an initial operation screen operable for the user to make setting on the display part in parallel with the authentication processing executed by the authentication processing part, and for reflecting the setting information received by the setting information inputting part before obtaining a result of the authentication processing to the initial operation screen. So, a waiting time of the user after the entry of the authentication information is reduced. Also, the user is allowed to start making operation relatively-early, and convenience of the image processing apparatus is enhanced.09-01-2011
20080201771Authentication apparatus, authentication system, authentication method, and authentication program using biometric information for authentication - In order to enable multiple logins by a same user, the authentication server includes a registration portion to store a user record including a fingerprint image for authentication of identity of a user and owner authentication information stored in a IC card issued to the user; an identity authentication portion to compare a fingerprint image received from one of MFPs with the one included in the user record for authentication; a first permission portion to transmit a permission signal permitting login based on the authenticated fingerprint image to the MFP that transmitted the fingerprint image; an owner authentication portion to compare owner authentication information received from one of the MFPs with the one included in the user record for authentication; and a second permission portion to transmit a permission signal permitting login based on the authenticated owner authentication information to the MFP that transmitted the owner authentication information.08-21-2008
20080201769SYSTEM AND METHOD FOR PROCESSING PAYMENT OPTIONS - Disclosed is a system and method for processing payment options, including consolidation, selection, and secure identification. In one embodiment, multiple payment options such as credit, debit and loyalty cards are registered by a consumer and consolidated into a secure central repository. The consumer securely accesses the central repository over a secure communications channel from a remote access device, such as a point-of sale (POS) terminal at a merchant store, to retrieve and select from one of the available payment methods. Upon selection, additional data sufficient to complete the payment transaction is sent to the POS terminal. The consumer may use a piece of identification and password (e.g., one of the registered cards together with a password or personal identification number) to securely access the multiple payment options. Alternatively, the consumer is identified by using a biometric identifier, such as a fingerprint or retina scanner, without need for additional identification.08-21-2008
20110225639METHOD, SYSTEM AND DEVICE FOR FORKING AUTHENTICATION - An authentication method and an authentication system based on forking, and a forking authentication device are provided by the present invention. The method comprises: setting authentication credentials on the receiving devices and the original device respectively; a forking network element forking a calling request after receiving the calling request from the original device, and transmitting the forked calling request to the corresponding receiving devices; the forking network element receiving challenging values from a plurality of receiving devices, and forwarding a plurality of challenging values to the original device; the forking network element receiving the calling request which is retransmitted by the original device, wherein the retransmitted calling request carries relevant authentication credentials; and the forking network element forking the retransmitted calling request, and transmitting the forked calling request to the corresponding receiving devices, such that the receiving devices authenticate the original device according to the authentication credentials. The technical solution can realize authentication performed by a receiving device on an original device, in the cases where forking is performed based on SIP signaling.09-15-2011
20130152184METHOD OF PROVIDING SNS-GROUP INVITING SERVICE AND SNS SERVER THEREFOR - A method of providing a Social Networking Service (SNS) group inviting service via an SNS server, the method including receiving an SNS group invitation request containing second-user identification information, from a first device of a first user, generating first authentication information corresponding to the second-user identification information in response to the SNS group invitation request, receiving an SNS group joining request containing second authentication information, from a second device of a second user, and comparing the first authentication information and the second authentication information with each other and permitting the second device to join the SNS group.06-13-2013
20110231914SYSTEM AND METHOD FOR VALIDATING A USER OF AN ACCOUNT USING A WIRELESS DEVICE - The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource.09-22-2011
20120278875MEDIA CONTENT SELECTION AND PRESENTATION CONTROL - An identifier is received from each participant mobile device of a plurality of participant mobile devices within a participation region of a wireless network via a wireless access point. One or more attributes for each participant mobile device are retrieved based upon the identifier received from that participant mobile device. The one or more attributes indicate one or more media content items stored at that participant mobile device or previously accessed via that participant mobile device. An indication of the one or more attributes for each participant mobile device is output. Media content is selected based on the one or more attributes indicated for each participant mobile device. The media content is presented, for example, within the participation region.11-01-2012
20120278873TECHNIQUES FOR RESOURCE OPERATION BASED ON USAGE, SHARING, AND RECOMMENDATIONS WITH MODULAR AUTHENTICATION - Techniques for resource operation based on usage, sharing, and recommendations with modular authentication are provided. A resource space is associated with a principal. The resource space comprises resources local to a device of the principal and remote from the device. The resources presented in a merged view within a local file system and operating system of the device. In an embodiment, the device negotiates authentication with an intermediary for access to a legacy service where authentication is performed by the intermediary on behalf of the device, and the intermediary establishes an authentication session between the principal and the legacy service.11-01-2012
20130152183User Identity Management and Authentication in Network Environments - Systems, devices, and methods for sending, by a first computing device to a second computing device, a set of authentication information; determining, by the second computing device, a globally unique identifier associated with the set of authentication information; determining, by the first computing device, a set of properties associated with the received request based on the determined globally unique identifier; and establishing, by the first computing device, a communication channel to the second computing device, wherein the communication channel is established based on the determined set of properties.06-13-2013
20130152181PORTAL BASED CASE STATUS MANAGEMENT - Illustrative embodiments include a method, system, and computer program product for providing a current status of an update to a data record. A computer receives, from a portal in a backend application, a request for status of a previous request to perform the update to the data record. The computer determines a previously reported status from a previously completed processing operation on the data record in a workflow used for processing the previous request. The computer further determines a status of a presently incomplete processing operation on the data record in the workflow used for processing the previous request. The computer adding the previously reported status and the status of the presently incomplete processing operation to a status report, forming the current status. The computer transmits a response including the current status.06-13-2013
20100299737IMAGE FORMING APPARATUS, METHOD OF CONTROLLING THE APPARATUS, AND CONTROL PROGRAM STORED MEDIUM - An image forming apparatus communicates with an authenticating server having a storing unit which stores user information and first authentication information included in storage media in correspondence to each other. The image forming apparatus receives, from the authenticating server, the first authentication information which was made to correspond to user information input to the image forming apparatus, specifies the first authentication information which does not coincide with second authentication information obtained by reading a storage medium owned by the user and used for user authentication, and transmits a deleting request including the specified first authentication information to the authenticating server. The authenticating server transmits the first authentication information corresponding to the transmitted user information to the image forming apparatus, receives the deleting request including the first authentication information from the image forming apparatus, and deletes, from the storing unit, the first authentication information included in the received deleting request.11-25-2010
20100306837COMMUNICATION APPARATUS, MOBILE TERMINAL, COMMUNICATION SYSTEM, NON-CONTACT COMMUNICATION DEVICE, NETWORK CONNECTION METHOD, AND PROGRAM - A communication apparatus includes: a wireless communication unit connecting to a network via another apparatus by wireless communication; a settlement processing unit executing settlement processing of connection fees to the network by controlling a non-contact communication unit capable of reading out information stored in a non-contact communication device via non-contact communication, and writing information to the non-contact communication device via non-contact communication so as to update monetary information stored in the non-contact communication device; an authentication information recording unit controlling the non-contact communication unit to write authentication information, provided from the other apparatus when settlement processing by the settlement processing device is completed, to the non-contact communication device; and an authentication processing unit controlling the non-contact communication unit to read the authentication information from the non-contact communication device, and executing authentication processing as to the other apparatus using the authentication information, thereby establishing network connection by the wireless communication unit.12-02-2010
20100319061PERSONAL INFORMATION MANAGING DEVICE, SERVICE PROVIDING DEVICE, PROGRAM, PERSONAL INFORMATION MANAGING METHOD, CHECKING METHOD AND PERSONAL INFORMATION CHECKING SYSTEM FOR FALSIFICATION PREVENTION OF PERSONAL INFORMATION AND NON REPUDIATION OF PERSONAL INFORMATION CIRCULATION - A personal information managing device issues a personal information registration certificate corresponding to personal information one to one and sends the issued personal information registration certificate to a service providing device through a user terminal. The user terminal checks the personal information registration certificate, so that the user terminal confirms that the personal information managing device has not falsified the personal information. Further, when personal information is transmitted/received, the user terminal and the service providing device check the relationship between the personal information registration certificate and the personal information, so that the service providing device confirms that the personal information managing device has not falsified personal information. Moreover, when sending personal information, the personal information managing device attaches its signature, so that the personal information managing device confirms that the service providing device has not falsified the personal information.12-16-2010
20100319060PROCESS AND SYSTEM FOR COMPREHENSIVE IT DISCOVERY WITHOUT CREDENTIALS - A method and system for discovering dependencies, configurations and utilizations among IT resources are disclosed. A discovery team writes a prediscovery script without requesting credentials and sends it to a system administrator (SA) who already has necessary credentials to execute the prediscovery script. Then, the SA reviews the prediscovery script and executes the prediscovery script on a target server. While or after executing the prediscovery script, the target server generates a result of an execution of the prediscovery script and provides the result to an analysis system. The analysis system analyzes and parses the result and generates a user-friendly data (e.g., graph or spreadsheet) that represents the result. Then, the analysis system provides the user-friendly data to the discovery team. The analysis system does not require credentials and does not directly communicate with the target server except receiving the result of the executed prediscovery script from the target server.12-16-2010
20100319059SIP DIGEST AUTHENTICATION HANDLE CREDENTIAL MANAGEMENT - Methods, devices, and systems for controlling access to a password protected resource are provided. More specifically, different communication profiles can be mapped to a single user and that user can utilize a single password to gain access to the password protected resource using any one of his/her communication profiles. Each communication profile may have a unique authentication value associated therewith, but each unique authentication value may be determined based on the single password, thereby eliminating the need for a user to remember multiple passwords for each of his/her communication profiles.12-16-2010
20120284788Methods and Apparatus for Sending Data Packets to and from Mobile Nodes in a Data Network - Methods for transmitting packets using a Mobile IP protocol between a mobile node and a first node in a data network after the mobile node has transmitted data packets to the first node via a first router from a first CoA or CCoA address and by a first security association with the first node. One method includes the mobile node, sending to the first node via a second router using a second CoA or CCoA address, data packets that include an identifier of the mobile node that enables the first node to identify the mobile node as the sender of the data packets during an initial time period after transmission of the data packets via the second router has started, and during the initial time period, the mobile node authenticates the data packets it transmits to the first node using the first security association with the first node.11-08-2012
20120284787Personal Secured Access Devices - Secure access to a protected resource of a personal security device (PSD), using a user-associated PIN code, includes: providing a user-controlled local unit having an intermediate module for PIN entry, and authentication of the PSD by an escrow module. After positive PSD authentication, the intermediate module requests entry of the PIN, and the escrow module provides at least one secure session key (SSK) to the intermediate module. To generate an SSK the intermediate module sends the escrow module a single-use proof of knowledge of the PIN, where the proof is different from the PIN. If the proof is recognized, an SSK is generated by at least the escrow module based on secret information associated with the PSD. Each SSK is sent to the intermediate module, and a secured version of the PIN code is sent to the PSD via the intermediate module by means of each SSK.11-08-2012
20120284786SYSTEM AND METHOD FOR PROVIDING ACCESS CREDENTIALS - Embodiments of the invention are concerned with providing access credentials associated with a user of a service to a server hosting the service, e.g. enabling single sign on by the user to a number of servers.11-08-2012
20120284785METHOD FOR FACILITATING ACCESS TO A FIRST ACCESS NEWORK OF A WIRELESS COMMUNICATION SYSTEM, WIRELESS COMMUNICATION DEVICE, AND WIRELESS COMMUNICATION SYSTEM - A method for facilitating access to a first access network (11-08-2012
20130160101Wireless Communication Systems and Methods - Embodiments of the invention provide methods, devices and computer programs arranged to control provisioning of device-to-device (D2D) communication services in a communication network. One embodiment includes an apparatus including a processing system arranged to cause the apparatus to: assign a credential of a first type to a first D2D device; store an association between a validity condition and the credential of the first type, wherein the validity condition is dependent on a characteristic of a D2D communication service; transmit data indicative of the credential of the first type for reception by the first D2D device, said credential being for use in verification of said D2D communication service to be provided by the first D2D device to a second, different, D2D device; and maintain an operative state for the D2D communication in dependence on said association.06-20-2013
20130185783SYSTEM AND METHOD FOR CONFIRMING IDENTITY AND AUTHORITY BY A PATIENT MEDICAL DEVICE - A system and method for confirming identity and authority by a patient medical device is provided. Master credentials are issued to a requesting device and a receiving device from an authorizing agent. The master credentials include a public key of the authorizing agent and a digital signature of a root certification authority. Device credentials are issued to the requesting device from the authorizing agent. The device credentials include a public key of the requesting device and a digital signature of the authorizing agent. Identification credentials are provided to the receiving device and include the device credentials and a digital signature of the requesting device. The requesting device is authenticated. The digital signature of the authorizing agent in the device credentials is checked using the public key of the authorizing agent in the master credentials of the receiving device. The digital signature of the requesting device in the identification credentials is checked using the public key of the requesting device in the device credentials.07-18-2013
20110302643MECHANISM FOR AUTHENTICATION AND AUTHORIZATION FOR NETWORK AND SERVICE ACCESS - There is proposed a network access authentication and authorization mechanism in which an authentication session in an authentication, authorization and accounting procedure for a user equipment for providing an initial network access is executed. A first identification element related to the user equipment is obtained. Then, a user credential validation procedure is performed wherein a second identification element related to the user equipment or related to a user of the user equipment is obtained. The obtained first and second identification elements are processed for determining whether a match between the first and second identification elements exists. In addition, the authentication session executed for the user equipment is identified on the basis of the result of the processing of the first and second identification elements. Then, a change of an authorization of the user equipment is executed for providing a modified network access.12-08-2011
20110307946Creating and Launching a Web Application with Credentials - Various embodiments provide a mechanism to allow end users to install web applications and websites onto their desktop. In accordance with one or more embodiments, client-side code can be utilized to allow developers associated with a website to define boundaries associated with user interaction, and have those boundaries enforced by a run-time engine. In at least some embodiments, developers can provide, through JavaScript code and/or HTML markup, various configurations for the creation of a start menu shortcut, navigation, and so-called jumplist integration.12-15-2011
20110314531METHOD FOR USER TERMINAL AUTHENTICATION OF INTERFACE SERVER AND INTERFACE SERVER AND USER TERMINAL THEREOF - Provided are a method for authenticating a user terminal in an interface server, and an interface server and a user terminal using the same. The method includes receiving authentication request information from an application service providing server in order to request the interface server to authenticate the user terminal receiving an application service provided from the application service providing server, authenticating the user terminal according to the authenticating request information using an authentication method selected by the interface server or a user of the user terminal, and transmitting authentication response information including an authentication result of performing the authentication method to the application service providing server. The interface server provides an interface for a network to the application service providing server.12-22-2011
20110314530SYSTEM AND METHOD FOR CONTROLLING ACCESS TO NETWORK SERVICES USING BIOMETRIC AUTHENTICATION - A system, apparatus, or method for controlling access to a network and to the associated network resources or services. The invention may be used to provide a user authentication or authorization process for a computer network, a telecommunications network, or other suitable system, apparatus, device, process, operation, etc. In some embodiments, the present invention uses a combination of device identification data (such as a device identifier or other form of token) and user-specific biometric data (such as a physical characteristic associated with the user or data generated as a result of a signal being altered by a physical characteristic of a user) to identify a user and permit the user to access the network or network resources or services.12-22-2011
20110314529ADAPTIVE POLICIES AND PROTECTIONS FOR SECURING FINANCIAL TRANSACTION DATA AT REST - A system for challenge-response authentication is provided by receiving, from an external terminal over a communication network, a request for access to a service. A plurality of objects is presented to a user via a display. A plurality of codes is received over the communication network, each of the plurality of codes corresponding to one of the plurality of objects. The plurality of codes are matched to a plurality of alphanumeric characters according to a predetermined table. An alphanumeric string is generated from the plurality of alphanumeric characters and the alphanumeric string is compared to a user identifier stored in a database. Based on the comparing, a determination is made as to whether to grant the user access to the service.12-22-2011
20110314528TECHNIQUES TO MODIFY AND SHARE BINARY CONTENT WHEN DISCONNECTED FROM A NETWORK - Techniques to modify and share binary objects when disconnected from a network are described. An apparatus may comprise a processor and a memory. The memory may be operative to store a media annotation component and a media publishing component. The media annotation component, when executed by the processor, may be operative to receive a list of related members having a defined relationship with a publishing member from a user account of the publishing member of a media sharing service when in an online mode, and generate metadata for a media object using the list of related members when in an offline mode to form an annotated media object. The media publishing component, when executed by the processor, may be operative to define at least one instruction to distribute the annotated media object to a related member when in the online mode. Other embodiments are described and claimed.12-22-2011
20110321146System and method for securely sending a network one-time-password utilizing a mobile computing device - An apparatus, method, and computer program for securely sending a network one-time-password (OTP) from a user computer to an authentication server. A Network Client Application in the user computer interfaces with the authentication server, and a Mobile Server Application in the user computer interfaces with a Mobile Client Application in a mobile computing device (MCD) such as a smartphone. When a user enters a User ID and password into the user computer, the Network Client Application sends the User ID to the authentication server to obtain an index value (Index-1) from the authentication server. The Mobile Server Application authenticates the MCD and then sends Index-1 to the MCD to obtain a network OTP second factor from the MCD. The Network Client Application modifies the user password in accordance with the network OTP second factor to create the network OTP, and sends the network OTP to the authentication server.12-29-2011
20110321145Method for Ensuring Security of Computers Connected to a Network - A network authentication method is disclosed. A transmission-side client and a reception-side client have the same password. The transmission-side client transmits multiple authentication packets to the reception-side client at a slot interval according to an authentication code generated based on the password. The reception-side client measures a slot interval corresponding to the arrival timings of the respective authentication packets and then generates an authentication code based on the same password. The reception-side client compares the measured slot interval with the generated authentication code. When the two comparison targets are identical, the reception-side client concludes that the authentication is successful and transmits packets that have not been transmitted until such moment to a layer higher than an Internet layer.12-29-2011
20130191902NETWORK MEDIATED MULTI-DEVICE SHARED AUTHENTICATION - Described in an example embodiment herein is an apparatus, comprising a communication interface and authentication logic coupled with the wireless interface. The authentication logic authenticates with at least one neighboring device forming a trust relationship with the at least one neighboring device. The authentication logic obtains via the communication interface data representative of a user associated with a user device. The authentication logic sends a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device. The authentication logic receives a response to the challenge via the user interface and validates the response to the challenge. The authentication logic provides data to the at least one neighboring device indicating that the user associated with the user device has been authenticated, to enable access to the functionality and/or resources of the at least one neighboring device.07-25-2013
20130191903DUAL FACTOR AUTHENTICATION WITH A PROGRAMMABLE TERMINAL DEVICE - Systems, devices, methods, and software are described for managing virtual sessions based on dual factor authentication. A central server computer system may authenticate a user of a terminal device based on at least one user authentication credential and a unique device identifier received from the terminal device. The virtual session may be associated with the terminal device based on the received unique device identifier and the at least one user authentication credential. The virtual session may be updated according to at least one rule based on the association of the virtual session of the user with the terminal device07-25-2013
20130191901SECURITY ACTIONS BASED ON CLIENT IDENTITY DATABASES - Example embodiments disclosed herein relate to authentication based on Media Access Control (MAC) addresses. A network security device receives one or more client identity databases from one or more edge network devices. The client identity databases include MAC addresses of clients and secondary identification information for each of the clients. The network security device determines that a client device has been connected to one of the edge devices. A security action is performed based on whether the MAC address and respective secondary identification information of one of the clients matches the MAC address and respective secondary identification information of the connected client device.07-25-2013
20130191904Systems and Methods for Universal Enhanced Log-In, Identity Document Verification and Dedicated Survey Participation - Systems and methods are provided for controlling access via a computer network to a subscriber server. A log-in server receives a query to connect through the computer network to the subscriber server, and the log-in server receives registrant identification data, A first session is established between the log-in server and the subscriber server to validate the registrant identification data, and to generate a session password. A second session is established between the log-in server and the subscriber server. The second session is configured to authorize, based in part on the registrant identification data, access to at least a portion of a website associated with the subscriber server.07-25-2013
20120005737SECURE INTERACTIVE DIGITAL SYSTEM FOR DISPLAYING ITEMS TO A USER IDENTIFIED AS HAVING PERMISSION TO ACCESS THE SYSTEM - Methods and apparatus are described which provide secure interactive communication of text and image information between a central server computer and one or more client computers located at remote sites for the purpose of storing and retrieving files describing and identifying unique products, services, or individuals. A feature of the system is the ability to associate an identification image with a plurality of accounts, transactions, or records and identify a user not physically present at the client computer. Textual information and image data from one or more of the remote sites are stored separately at the location of the central server computer, requests for information are entered from remote terminals, the system being able to respond to multiple user requests simultaneously, and the information requested is recalled and downloaded for review to be displayed at the remote site.01-05-2012
20120030743Fingerprint authentication server, client computer and fingerprint authentication method - A fingerprint authentication server device is disclosed. The fingerprint authentication server device includes a database in which user IDs and the registered fingerprint data of plural users are stored; and a hash value table including user hash values of the user IDs and the registered fingerprint data of the users. The fingerprint authentication server device is configured to receive a hash value of a user ID of a user to be authenticated and a hash value of registered fingerprint data associated with the user ID from a client computer; perform a search in the hash value table to determine whether there are hash values corresponding to the received hash values in the hash value table; and transmit a determination result to the client computer, thereby to cause the client computer to perform a fingerprint authentication process for a user for which correspondence of the hash values has been confirmed.02-02-2012
20130198827SERVICE COMPLIANCE ENFORCEMENT USING USER ACTIVITY MONITORING AND WORK REQUEST VERIFICATION - Auditing system logs of a remote client device is provided. Login session information entered at a workstation device accessing the remote client device to perform an activity associated with a work request is received. An access token is generated based on the login session information and information associated with the work request on the remote client device. The access token is compared with an audit log report of the remote client device that includes the activity associated with the work request performed by the workstation device on the remote client device. It is determined whether information in the access token matches information in the audit log report of the remote client device. In response to determining that the information in the access token does not match the information in the audit log report of the remote client device, an action alert is sent.08-01-2013
20120036569SECURING PORTABLE EXECUTABLE MODULES - An import address table (IAT) and dynamic linked libraries (DLLs) security mender process is configured to store nominal IAT table entries and in-process binary images, from either a priori data and/or from computed values. Particular IAT table entries and in-process binary images are fetched for comparison with expected values. These particular IAT table entries and/or in-process binary images are then overwritten with nominal values for the IAT table entries and in-process binary images. The IAT-DLL security mender runs in parallel with the operating system and has access to its IAT and inline code in system memory.02-09-2012
20120042369Data Card, Method and System for Identifying Fingerprint with Data Card - A data card, and a method and system for identifying a fingerprint with data card in the field of electronic communications are provided. The data card includes a fingerprint collection module that is configured to collect user's fingerprint information by using a fingerprint scanner on the data card. A fingerprint authentication module is configured to compare the collected fingerprint information with a stored fingerprint template and output a comparison result. A control module is configured to control the data card according to the comparison result output by the fingerprint authentication module.02-16-2012
20120047566PASSWORD PROTECTED SECURE DEVICE - The invention relates to a password protected secure device associated to a password. The secure device is in a state chosen from a group of states comprising an unlocked state, a first locked state and a second locked state. The state changes from said first locked state to said unlocked state if a user input which matches said password is received, and the state changes from said first locked state to said second locked state if a predetermined number of user inputs which do not match said password are received. The password protected secure device comprises a receiver for receiving biometric sample data, a memory comprising biometric template data, and a processor configured to compare said biometric sample data with said biometric template data. A match between the biometric sample data and the biometric template data causes said secure device to provide information for changing the password protected device from a first state to a second state, wherein one of the first state and the second state is the second locked state.02-23-2012
20120066754SECURE MEDIA PERIPHERAL ASSOCIATION IN A MEDIA EXCHANGE NETWORK - A method for establishing secure access to a media peripheral in a home via a node in a communication network includes acquiring by the node, security data associated with the media peripheral; searching by the node, for a previously acquired security data associated with a location of previous operation of the media peripheral; and communicating between the node and the media peripheral, information associated with the media peripheral, while the media peripheral is located in the home, when the previously acquired security data is not found. The security data is a digital certificate. The security data may be read from the media peripheral. The security data may be transferred to a media exchange server coupled to the communication network. The acquired security data may be authenticated prior to the searching. At least one identifier may be established to facilitate communication of the media peripheral over the communication network.03-15-2012
20120066753AUTHENTICATION METHOD, AUTHENTICATION APPARATUS AND AUTHENTICATION SYSTEM - An authentication method includes: receiving second authentication information sent by an application server when first authentication succeeds; sending the second authentication information to a corresponding terminal through a telecommunication network; receiving an identifier (ID) for identifying the terminal and the second authentication verification information that are returned by the terminal through the telecommunication network; and performing a second authentication according to the ID and the second authentication verification information, or forwarding the ID and the second authentication verification information to the application server, so that the application server performs the second authentication.03-15-2012
20120066752SINGLE TOKEN AUTHENTICATION - A method that includes storing multiple, separate data sets where each data set is related to an access code that is based on a combination of data related to the user and data related to a service provider is described herein.03-15-2012
20120066751HIGH ASSURANCE AUTHORIZATION DEVICE - Methods and apparatus are provided for securing the transfer of data over the internet from malicious interference. The apparatus comprises a computing device and a data storage device in operable communication with the computing device. The apparatus also includes a set of high assurance security instructions resident on the data storage device and executing within the computing device and at least one input/output interface. The method comprises receiving data via a first communication interface and storing the data in a memory device and initiating an unsecured data indication. The method also provides for receiving an authentication code via the first communication interface and decoding the authentication code and determining the authenticity of the data. If the authentication code fails to indicate authenticity then the data is deleted. If the authentication code indicates authenticity, then the data is transferred to a destination device via a second communication interface.03-15-2012
20120066750USER AUTHENTICATION AND PROVISIONING METHOD AND SYSTEM - Disclosed are methods and systems to authenticate and provision new, unknown users into a computer network. A computer program utilizes a card reader to extract user information from a smart card and collect additional user information inputted by the user into a computer terminal. The computer program analyzes the secure electronic certificate extracted from the smart card to authenticate the user's credentials, and transmits the user information securely to a user provisioning application. Moreover, methods and systems consistent with the present invention, utilize secure communication protocols to enable the computer program to pass the user information from an unsecured area outside of a computer network perimeter through a network firewall to a secure provisioning application inside the computer network.03-15-2012
20130205380IDENTITY VERIFICATION - A method of verifying the identity of a user comprising: initiating (08-08-2013
20130205377METHODS USING BIOMETRIC CHARACTERISTICS TO FACILITATE ACCESS OF WEB SERVICES - Methods for facilitating access of a web service are provided. In an embodiment, a first web device first obtains at least one reference biometric characteristic. Then, the first web device receives at least one parameter for the web service. Next, the first web device associates the at least one reference biometric characteristic with the at least one parameter. Thereafter, a second web device obtains at least one biometric characteristic. Then, the at least one biometric characteristic obtained by the second web device is compared with the at least one reference biometric characteristic. If the at least one biometric characteristic obtained by the second web device matches the at least one reference biometric characteristic, the second web device applies the at least one parameter to the web service.08-08-2013
20130205378COMMUNICATION APPARATUS, SERVER APPARATUS, RELAY APPARATUS, CONTROL APPARATUS, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication apparatus is connected to a server apparatus that issues first authentication information used in communication. The communication apparatus includes a receiving unit configured to receive an execution instruction to execute a bootstrap authentication process of issuing the first authentication information. The bootstrap authentication process includes validation of capability information indicating a capability of the communication apparatus. The communication apparatus also includes a first authentication processing unit configured to execute the bootstrap authentication process with the server apparatus based on second authentication information including the capability information, when the receiving unit receives the execution instruction.08-08-2013
20130205379AUTHENTICATION METHOD BETWEEN CLIENT AND SERVER, MACHINE-READABLE STORAGE MEDIUM, CLIENT AND SERVER - An authentication method between a server and a client is provided. The authentication method includes transmitting, to the client, an inquiry message including a first modified secret key generated based on a first secret key and a first blinding value, receiving, from the client, a response message including a response value generated based on the first blinding value, a second secret key, and an error value, calculating the error value from the response value, and determining whether authentication of the client has succeeded based on the error value.08-08-2013
20130205381Service Protection - A method and system for determining whether user accounts in a client-server architecture are legitimate is described, the method and system including determining a first integer value, hereinafter denoted N, and a second integer value, hereinafter denoted K, such that K08-08-2013
20120096532Multimedia Aggregation in an Online Social Network - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages.04-19-2012
20120096531Multimedia Aggregation in an Online Social Network - Multimedia content is featured on user pages of an online social network using embed codes that are generated using a configuration file associated with the source ID for the multimedia content and a content ID for the multimedia content. The configuration file, the source ID and the content ID are stored locally by the online social network so that any changes to the embed codes can be made by changing the configuration file associated with the source and regenerating the embed codes. By managing multimedia content in this manner, greater control can be exercised by the online social network over the multimedia content that are featured on its user pages.04-19-2012
20120096530INFORMATION PROCESSING APPARATUS THAT PERFORMS AUTHENTICATION OF LOGIN FROM EXTERNAL APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - An information processing apparatus that, even when a user forgets a user ID or the like in remotely logging in to the information processing apparatus from an external apparatus, permits login from the external apparatus insofar as another authentication means satisfies predetermined conditions. Authentication information input by the user when logging in is transmitted to a management server connected to a network, and a login authentication result for the user is received from the management server. Whether or not to permit login by the user from an external apparatus connected to the network is determined based on identification information on the external apparatus. Login by the user from the external apparatus is permitted when the received login authentication result is indicative of successful authentication, and the identification information on the external apparatus is included in the authentication result.04-19-2012
20120096529Method and Device for Managing Authentication of a User - A method and apparatus are provided for managing authentication of a user of a telecommunications network of an operator. The method includes the following steps: on receipt of a request for access to a service provided by the operator of this network by the user, issuing a request for identification of an authentication server destined for an authentication location server, the request including at least one identifier of the user; and on receipt of a response comprising an identifier of an authentication server associated with the identifier of the user, issuing a request for authentication of the user at the server identified for the requested service.04-19-2012
20120096528IMAGE FORMING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - To provide an authentication method of enabling a user to use a multifunction machine in which user information of the user is not registered on an authentication table thereof, without deteriorating a maintenance capability of the authentication table, the method is characterized to include steps of obtaining user information from the user, determining whether or not the obtained user information is included on a user information table, and transmitting, when the obtained user information is not included on the user information table, the user information to an image forming apparatus registered in a redirect destination list. The method is further characterized to cause the transmission-destination image forming apparatus to authenticate the transmitted user information, and permit use of the image forming apparatus by the user according to an authentication result of the transmission-destination image forming apparatus.04-19-2012
20120096527POWERSHELL CMDLETS CODE GENERATING TOOL FOR COMMUNICATING TO THE WEB SERVICES - An objected oriented shell code generating tool receives data that identifies a Web service hosted by a server. The tool creates proxy code to generate a Web service client proxy to identify a plurality of methods for the Web service. For each method, the tool automatically creates object driven shell commands code that defines a class implementing parameters of the Web service method, wherein the object driven shell commands code is to be executed in an object driven shell platform to communicate with the Web service method via the client proxy. The tool generates invocation infrastructure code for communicating to the Web service method via the client proxy and deploys the proxy code, the invocation infrastructure code, and the object driven shell commands code in the object driven shell platform on the client to call a Web service method via the invocation infrastructure and the client proxy.04-19-2012
20130212662SECURITY ACCESS IN A COMPUTER-BASED FLOW OF TASKS - Implementing security access includes creating a coordinate system that includes a first axis and a second axis. Points on the first axis and the second axis specify corresponding coordinates. The security access also includes randomly selecting values from a database and populating the coordinate system with the values and selecting a set of the coordinates from the coordinate system. The set of coordinates is indicative of an instruction. The security access further includes generating an image from the coordinate system and the values, the image including labels for the coordinates along respective first axis and second axis, and identifying values corresponding to the set of coordinates. The values correspond to the set of coordinates indicative of an answer to the instruction. The security access also includes transmitting the image and the instruction to a user device, and using the image, the instruction, and the answer as a security access mechanism.08-15-2013
20130212663ENABLING SECURE ACCESS TO A DISCOVERED LOCATION SERVER FOR A MOBILE DEVICE - A method for obtaining a secure connection between a first server and a client. The method may comprise establishing a secure communication session between a second server and the client, wherein the second server is trusted by the first server, and the second server is configured to authenticate the client. The client may receive a client token, wherein the client token contains data associated with the first server, the second server, the client, and a digital signature. Then, the client may request secure communication access to the first server, wherein the request includes transferring the client token to the first server. Finally, the client may receive a grant of secure communication access to the first server based on authentication of the client by the first server, wherein the authentication is based on the client token validating the client and the digital signature validating the client token.08-15-2013
20130212664Player, Mobile Communication Device, Authentication Server, Authentication System and Method - Disclosed is an authentication method, including: acquiring authentication data recorded in an audio-visual product using a player and sending the authentication data to a mobile communication device; sending the authentication data to an authentication server using the mobile communication device; authenticating the authentication data using the authentication server to acquire the authentication result; and sending the authentication result to the player using the mobile communication device. Further provided are a player, a mobile communication device, an authentication server and an authentication system. By way of the above method, the technical solution provided in the present invention can provide reliable copyright protection for audio-visual products.08-15-2013