Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine it's desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key.

Abstract: A hybrid authentication device that has a keypad, a display, an electronic communications interface and a processor and memory that can be removable, such as a Subscriber Identity Module. The device can operate in a stand-alone mode, in which a user enters a personal identification number and challenge using the keypad, and the device generates a response. The device can also function as a smartcard, and can be electronically coupled to an external device using the communications interface.

Abstract: A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine it's desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine its desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine its desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine ifs desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A privacy enhanced identity scheme that may use public and private key cryptography to selectively distribute attributes of a token holder to a relying party. A challenge message {Rnonce, RID}, where Rnonce is a reader nonce and RID is a reader identifier. Methods may also include, responsive to the challenge message, sending a response message including at least an encrypted private token identifier TID and a session key k. In response to a challenge from a reader. The token sends a message that includes token identifier that is un-linkable to other identifiers sent from the same token.

Abstract: A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key.

Abstract: A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine ifs desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine ifs desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A computer memory with cryptographic content authentication that provides a means of verifying that the contents of the memory are those intended. Said authentication code may be calculated directly from some or all of the contents of the stored memory or indirectly with respect to a trust statement used to establish the validity of a digital signature calculated over some or all of the contents of the stored memory.

Abstract: A cryptographic key exchange protocol that enables a device that does not have the capability to perform public key operations to securely establish a shared key with a host device without any information disclosing the key being revealed to the delegate key service.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine ifs desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A system and method for authenticating an application (client) to a server or service. During a registration phase, an application that requests access to a service can receive a service identifier, which it can authenticate. The application can generate and send to the server or service an application-service key that is based upon the authenticated service identifier and a secret application key; a service-application identifier that can be based upon the authenticated service identifier and an application identifier; and a registration nonce, all of which can be stored at the server. During the authentication phase, the client can send to the server the application-service identifier, which the server can use to lookup the stored registration data. The server can send the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of this key and compare it to the received key.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine it's desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.

Abstract: A privacy enhanced identity scheme that may use public and private key cryptography to selectively distribute attributes of a token holder to a relying party. A challenge message {Rnonce, RID}, where Rnonce is a reader nonce and RID is a reader identifier. Methods may also include, responsive to the challenge message, sending a response message including at least an encrypted private token identifier TID and a session key k. In response to a challenge from a reader. The token sends a message that includes token identifier that is un-linkable to other identifiers sent from the same token.

Abstract: A method for controlling a message from a sender. A referee can evaluate a credential associated with a message to determine it's desirability to the intended recipient, and take an action based upon the results of the determination. A sender that includes a trusted component can send a credential with the message, and the message can be controlled without a referee.