Abstract: In a system comprising a transient storage device (TSD) or other type of peripheral configured for communication with a host device, a first one-time password or other type of code is generated in the peripheral and transmitted to the host device. The first code is presented by the host device to an authentication server for authentication. The host device receives a second one-time password or other type of code from the authentication server and transmits it to the peripheral for authentication.

Abstract: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.

Abstract: Methods and systems for storing secret information in a digital vault include obtaining from a user answers to a number of different questions, and identifying which subsets or combinations of the questions for which correct answers later provided by an entity will enable that entity to gain access to the secret information in the vault. The number of questions in each combination is less than the total number of questions, and at least one subset has at least two questions. For each subset, a corresponding string of answers is generated, the string is hashed, and the resulting hash value is combined with the digital secret. This hides the digital secret, which is then stored in the vault. Methods and systems for registering authentication material include storing a hashed string of answers for each combination, generating “multiple authenticators.

Abstract: An authentication server authenticates a first user, and generates a voucher code that is provided to the authenticated first user. The first user may provide the voucher code to a second user, responsive to a request by the second user for the first user to vouch for the second user, to thereby allow the second user to be authenticated. The authentication server receives the voucher code from the second user, and authenticates the second user based on the voucher code. The authenticated second user may be provided with a temporary password or other type of code utilizable for at least one additional authentication.

Abstract: Methods and systems for storing secret information in a digital vault include obtaining from a user answers to a number of different questions, and identifying which subsets or combinations of the questions for which correct answers later provided by an entity will enable that entity to gain access to the secret information in the vault. The number of questions in each combination is less than the total number of questions, and at least one subset has at least two questions. For each subset, a corresponding string of answers is generated, the string is hashed, and the resulting hash value is combined with the digital secret. This hides the digital secret, which is then stored in the vault. Methods and systems for registering authentication material include storing a hashed string of answers for each combination, generating “multiple authenticators.

Abstract: In a system comprising a transient storage device (TSD) or other type of peripheral configured for communication with a host device, a first one-time password or other type of code is generated in the peripheral and transmitted to the host device. The first code is presented by the host device to an authentication server for authentication. The host device receives a second one-time password or other type of code from the authentication server and transmits it to the peripheral for authentication.

Abstract: In accordance with a preferred embodiment of the invention, there is disclosed a process for verifiably communicating risk characteristics of an investment portfolio to an investor without disclosing the exact composition of the portfolio comprising: A procedure for the investment manager to describe acceptable characteristics of an investment portfolio within the portfolio's prospectus, An algorithm and procedure for the investment manager to cryptographically commit to portfolio contents without disclosing the exact composition, An algorithm and procedure to calculate the risk statistics concerning the limitations specified in the prospectus concerning the acceptable configurations of assets holdings without disclosing the exact composition, An algorithm and procedure employing cryptographic means to prove that each such statistic is within the numerical range specified in the prospectus, An algorithm and procedure to check the validity of proofs claiming that each statistic is within a particular range, an

Abstract: Techniques are disclosed for providing enhanced privacy in an RFID system comprising a plurality of RFID devices, each having an associated identifier, and at least one reader which communicates with one or more of the devices. A blocker device is operative to receive a communication directed from the reader to one or more of the RFID devices, and to generate, possibly based on information in the received communication, an output transmittable to the reader. The output simulates one or more responses from at least one of the RFID devices in a manner which prevents the reader from determining at least a portion of the identifier of at least one of the RFID devices. The blocker device may itself comprise one of the RFID devices. In an illustrative embodiment, the output generated by the blocker device interferes with the normal operation of a singulation algorithm implemented by the reader.

Abstract: Techniques are disclosed for providing enhanced privacy in an RFID system comprising a plurality of RFID devices, each having an associated identifier, and at least one reader which communicates with one or more of the devices. A blocker device is operative to receive a communication directed from the reader to one or more of the RFID devices, and to generate, possibly based on information in the received communication, an output transmittable to the reader. The output simulates one or more responses from at least one of the RFID devices in a manner which prevents the reader from determining at least a portion of the identifier of at least one of the RFID devices. The blocker device may itself comprise one of the RFID devices. In an illustrative embodiment, the output generated by the blocker device interferes with the normal operation of a singulation algorithm implemented by the reader.