Abstract: A communication network employing a method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.

Abstract: Method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.

Abstract: Method and system for secure access from a security device at a local network location to a remote network location are disclosed. At the security device having a unique identifier (UID), processor, and memory, a security software is obtained from a remote network location, the security software obtaining a personal identification number (PIN) of a user, and the UID of the security device. The PIN, the UID and the private security software are forwarded to the remote network location for generating a credential code, including encrypting the credential code. At the security device, the credential code is obtained from the remote network location, and authenticity of the PIN and the UID is verified, without communicating over a network, including decrypting the credential code. Upon verifying the authenticity of the PIN and the UID, access credentials to the remote network location are retrieved.

Abstract: Methods and systems for authenticating a security device for establishing trusted email communication. The security device is authenticated by installing private security software on the security device. In order to authorize an email transaction, a transaction authorization is performed using the security device by display a QR (Quick Response) code from an authorization server on a user terminal and scanning the QR code into the security device. After scanning the QR code, an OTA (One-Time-Authorization) code is sent from the security device to the authorization server for verifying the transaction. Embodiments of the present invention provide trusted email communication. A corresponding system for authenticating a security device and preforming trusted email communication is also provided.

Abstract: Methods and systems for authenticating a security device for providing a secure access and transaction authorization to a remote network location are provided. The security device is authenticated by installing private security software on the security device. In order to authorize a transaction, a transaction authorization is performed using the security device by display a QR (Quick Response) code from an authorization server on a user terminal and scanning the QR code into the security device. After scanning the QR code, an OTA (One-Time-Authorization) code is sent from the security device to the authorization server for verifying the transaction. Embodiments of the present invention provide increased security and privacy. A corresponding system for authenticating a security device and preforming secure and private transactions is also provided.

Abstract: A method and system for automatically generating a new password from user selected characters via key press which are different from the user selected characters. Each key of a keypad can be entered within one or more contexts, manually selected by the user or automatically selected by the described system, such that the same key press within one context provides a unique code different than the same key press within another context. The code corresponding to the proper combination of a key press, the contexts of the selected key press, and the sequence of entry must match the previously stored code set by the user. Context selection is not based on any of the possible key presses selectable on the keypad. Therefore if the password characters are discovered without the context for each character, then it becomes difficult to access the content. The newly generated password can be the same length as the originally entered password, or can be longer or shorter in length than the originally entered password.

Abstract: Methods for authenticating a security device at a local network location for providing a secure access from the local network location to a remote network location are provided. A security device is registered by installing private security software on the security device that generates an asymmetrical encryption key pair including an encryption key and a decryption key. The encryption key is stored only on the security device and the decryption key is stored only on a remote server. Embodiments of the present invention provide increased security by not storing the encryption key on the remote server so that attackers stealing data from the server cannot pretend to a user having the registered security device. A corresponding system for authenticating a security device is also provided.

Abstract: System and method for providing access to remote computing services in an application server are described, where the authentication and authorization processes are separated, excluding service access privileges from the authenticating process and transferring the privileges to the authorization process. A client device and a user are authenticated, and upon successful authentication, the authorization process is performed, including establishing an authorization connection between the client device and the server computer; at the server computer, detecting and verifying the authorization connection; and upon successful verification, allowing access of the client device to the service on the server computer.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: System, method, and apparatus for providing access to remote computing services are described. The method includes authenticating a user and a client device; establishing a connection to a server computer including: a server program executing on the server computer detecting the connection; the server program creating a blocking process on the server computer to block access of the user to a service on the connection, authorizing, using a client program executing on the client device and the server program, the user to use the service on the server computer including: terminating the blocking process, the user using the service; and the user closing the connection to the server computer. Embodiments of the present invention provide secure remote access to computing services.

Abstract: A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user's PIN and the trusted device's UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device.

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: A two-level authentication system is described supporting two-factor authentication that offers efficient protection for secure on-line web transactions. It includes a global unique identity (UID) provided either by an institute-issued/personal trusted device, or based on client computing platform hardware attributes, and generated using institution authorized private software, institution-authorized authentication proxy software, and an institution-generated credential code which is pre-stored in the token and only accessible by the institute-authorized authentication proxy software. The institution-authorized authentication proxy software uses the user's PIN and the trusted device's UID as input and verifies the user and device identities through institution-generated credential code which was pre-stored in the trusted device.