Abstract: Methods, apparatus and articles of manufacture for map-based authentication are provided herein. A method includes establishing a set of cryptographic information, wherein said set of cryptographic information comprises (i) at least one graphical-based input element and (ii) one or more graphical-based input sub-elements derived from said at least one graphical-based input element, wherein said at least one graphical-based input element comprises at least one given map and wherein said one or more graphical-based input sub-elements comprise one or more points of interest on said at least one given map; generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against the set of cryptographic information; and resolving the authentication request based on said processing.

Abstract: Encryption key(s) and/or other protected material are protected on devices. A secret splitting scheme is applied to a secret, S, that protects at least one data item to obtain a plurality of secret shares. At least one secret share is encrypted to provide at least one encrypted secret share using an encryption scheme that uses at least one other secret share as the encryption key. A subset of the plurality of secret shares and encrypted secret share(s) is required to reconstruct the secret, S. One or more secret shares and/or encrypted secret shares are provided to at least one device, for example, based on a corresponding key-release policy, to allow access to the data item(s) secured by the secret, S. The secret, S, comprises, for example, a secret key used to protect at least one content item and/or a key used to protect one or more of a content container and a vault storing one or more protected data items.

Abstract: A method includes (1) receiving, by a mobile computing device (MCD), user-specific data from a user, (2) processing (a) a user share of a cryptographic key, the user share being fixed based on the received user-specified data, and (b) a local share of the cryptographic key to recreate the cryptographic key, wherein the local share was created by applying a secret splitting algorithm to the cryptographic key and the user share to yield a set of non-fixed shares including the local share, the user share and the set of non-fixed shares making up a set of shares of the cryptographic key, the cryptographic key being recreatable from a strict subset of the set of shares, and (3) decrypting encrypted data stored on the MCD using the recreated cryptographic key, thereby providing access, using the decrypted encrypted data, to the resource.

Abstract: Methods, apparatus and articles of manufacture for increasing entropy for password and key generation on a mobile device are provided herein. A method includes establishing a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises one or more input elements and one or more interface input behavior metrics associated with the one or more input elements; generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against the pre-determined set of cryptographic information; and resolving the authentication request based on said processing.

Abstract: A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.

Abstract: An apparatus comprises a processing device configured to receive a request for access to a given protected resource, to receive a tokencode for validating the request for access to the given protected resource, to determine whether the processing device is connected to a network, to send the tokencode to a remote server over the network for validation responsive to determining that the processing device is connected to the network, and to validate the tokencode in the processing device to access the given protected resource responsive to determining that the processing device is not connected to the network.

Abstract: A system and method for sharing data is provided. A request is received from a mobile device to transfer a set of data to a recipient. The set of data is stored by a server and controlled by a user of the mobile device. The request is authenticated, and the data is encrypted. The set of data is transmitted to a recipient specified by the user via the mobile device.

Abstract: A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device.

Abstract: A system and method for recovering a security credential is provided. A security credential stored in the storage of a computing device is encrypted using a first encryption key generated by a server. A first decryption key for decrypting the security credential and a second encryption key for re-encrypting the security credential are received. The first decryption key and the second encryption key are generated by the server. The security credential is decrypted using the first decryption key. The security credential is communicated to a user of the computing device. The security credential is re-encrypted in the storage of the computing device using the second encryption key.

Abstract: A system and method for processing healthcare payments is provided. A payment request is received for a charge for healthcare services provided by a healthcare provider via a communications interface of a computer system. The payment request identifies an end-user receiving the healthcare services. A first payment is received from at least one healthcare insurance plan covering at least a portion of the charge for the end-user. A second payment is received from at least one funding account of the end-user from which the remainder of the charge is to be paid. A third payment is transferred to a financial account associated with the healthcare provider for the charge.

Abstract: According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device. Preferably, the device is a mobile device. The combination of attributes may include the following: a) a build secret, the build secret consisting of a string which is generated when the software application is created; b) a salt, the salt consisting of a random string; wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.

Abstract: A system and method for secure communication is provided. A first hash-based message authentication code is generated from a shared secret and a first counter value stored in storage of a computing device. A second hash-based message authentication code is generated from such shared secret and a second counter value. An encryption key is derived from a function of the first hash-based message authentication code and the second hash-based message authentication code. A message is encrypted using the encryption key, and communicated via a network interface of the computing device.

Abstract: A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.

Abstract: A system and method for sharing data is provided. A request is received from a mobile device to transfer a set of data to a recipient. The set of data is stored by a server and controlled by a user of the mobile device. The request is authenticated, and the data is encrypted. The set of data is transmitted to a recipient specified by the user via the mobile device.

Abstract: The invention consists of a method of automatically detecting and classifying a device, comprising: a) receiving information from the device; b) looking up the information in a device directory to identify the device; c) applying a series of identity rules if the information is not found in the device directory; and d) identifying the device from the identity rules. Preferably, the device is a mobile device.

Abstract: According to an aspect of the present invention there is provided a method of binding a security element to a device, comprising: generating a passkey to encrypt the security element, the passkey being a combination of attributes, and one of the attributes being a Device ID associated with said device. Preferably, the device is a mobile device. The combination of attributes may include the following: a) a build secret, the build secret consisting of a string which is generated when the software application is created; b) a salt, the salt consisting of a random string; wherein the build string and the salt are stored as non-printable strings within encryption code of the passkey.

Abstract: The invention consists of a method of automatically detecting and classifying a device, comprising: a) receiving information from the device; b) looking up the information in a device directory to identify the device; c) applying a series of identity rules if the information is not found in the device directory; and d) identifying the device from the identity rules. Preferably, the device is a mobile device.