Abstract: A method of authorizing a user at a location is disclosed. A user data input device is used for receiving of user information. In dependence upon stored policy data, a location of the workstation and other characteristics thereof, an authorization method for the user is determined. In the authorization method, the user is first identified with the security server and then optionally authorized thereby. The stored policy data results in different determined methods for different authorization procedures based upon the user data and the characteristic of the user data input device and the workstation.

Abstract: A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.

Abstract: An anonymous secure messaging method and system for securely exchanging information between a host computer system and a functionally connected cryptographic module. The invention comprises a Host Security Manager application in processing communications with a security executive program installed inside the cryptographic module. An SSL-like communications pathway is established between the host computer system and the cryptographic module. The initial session keys are generated by the host and securely exchanged using a PKI key pair associated with the cryptographic module. The secure communications pathway allows presentation of critical security parameter (CSP) without clear text disclosure of the CSP and further allows use of the generated session keys as temporary substitutes of the CSP for the session in which the session keys were created.

Abstract: A method of authorizing a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.

Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.

Abstract: A method, system and computer program product which allows identification of an enrollment biometric template having a highest probability of matching a sample biometric template from a plurality of enrolled biometric templates without compromising or significantly compromising system security. In one embodiment of the invention, first feature set information is derived from sample and enrollment biometric templates. The first feature set information generally comprises spatially dependent information associated with a fingerprint. The first feature set information is then used to determine which enrollment biometric template has the highest probability of matching the sample biometric template. Second feature set information is then derived from the biometric sample template and the determined enrollment biometric template and used to perform a one-to-one match. The second feature set information generally comprises pattern dependent information associated with a fingerprint.

Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features therefrom. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.

Abstract: The present invention provides a method for activating and/or managing at least one Personal Security Device PSD (2040) with at least a first Remote Computer System (2050) over a first network (2045) using at least one Client (2010) as a host to said at least one PSD (2040), said method comprising the steps of: a) establishing at least one communications pipe (2075) over said first network (2045) between said at least one PSD (2040) and said at least first Remote Computer System (2050), b) retrieving proprietary information (I) by said at least first Remote Computer System (2050) from a remote storage location (2165), c) transmitting said proprietary information (I) from said at least first Remote Computer System (2050) said at least one PSD (2040) through said at least one communications pipe (2075), and d) storing and/or processing said proprietary information (I) in said at least one PSD (2040).

Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.

Abstract: A method for matching biometric data is disclosed. A biometric information source is sensed to provide an image thereof. The image is then analysed to extract features thereform. A feature is selected as a first feature and a plurality of polygons are generated with a location of the first feature as a vertex of each. The polygons are then used to search a lookup table in order to determine an orientation and translation of the image relative to stored reference data.

Abstract: An intelligent remote device equipped with a security token operatively coupled thereto is processing communications with a security token enabled computer system over a wireless private network. The intelligent remote device is adapted to emulate a local security device peripheral connected to the computer system. Multiple computer systems may be authenticated to using the intelligent remote device. Additionally, various secure communications connections mechanisms are described which are intended to augment existing security protocols available using wireless network equipment. Authentication of a user supplied critical security parameter is performed by the security token. The critical security parameter may be provided locally via the intelligent remote device or received from the wireless network and routed to the security token. Aural, visual or vibratory feedback may be provided to the user to signal a successful authentication transaction.

Abstract: A method of recognizing an injury pattern on a fingerprint is disclosed. The method comprises the steps of providing biometric information to a contact imager; imaging and characterizing the biometric information; comparing an image of the biometric information against previously stored templates; upon a comparison result of the comparison, determining an injury pattern; wherein upon an injury pattern determination, performing a comparison against a stored template based on features extracted from the biometric data and the damage data.

Abstract: The present invention provides a method and a system for establishing a communications path (the “pipe” 75) over a communications network (45) between a Personal Security Device (PSD 40) and a Remote Computer System (50) without requiring means for converting high-level messages such as API-level messages to PSD-formatted messages such as APDU-formatted messages (and inversely) to be installed on a local Client (10) in which a PSD (40) is connected.

Abstract: A method of securing security data stored on a computer system is disclosed. The method comprises providing a data key to the computer system. The data key is used for transforming the security data in a reversible fashion to produce an encoded secure data such that the data key is required in order to perform a reverse transform and extract the security data from the encoded secure data. The encoded secure data are stored secure data in a fashion such that a user authorization process is used to retrieve the encoded secure data. Furthermore, the encoded secure data are stored such that the data key and the user authorization process in combination provide access to the security data and such that the stored data within the computer system is encoded.

Abstract: An authentication mechanism for use with biometric systems which optimizes data extraction on areas or regions having a high probability of matching a reference biometric template, allows a reduction in both the size and number of data packet transmissions to be made to a biometric matching engine and includes data packet transmission prioritization.

Abstract: Provided is a biometric imaging device for imaging a biological feature, which includes a sensor for detecting an environmental parameter other than relating to surface topology of the biological feature. The detected environmental parameters like temperature and humidity levels are utilized in image reconstruction to eliminate erroneous structures caused by the environmental conditions. There is also provided a biometric imaging device, which includes a preparation device for use prior to sensing a biometric image. The preparation device is used for conditioning a parameter of the biometric information source, and/or for cleaning the biometric information source.

Abstract: A system and method of securely supporting password change is disclosed. The method performed by the system includes the steps of detecting an occurrence of a password change operation in execution on a system and receiving a new password by the system; detecting the new password when provided; storing data indicative of the new password in a database independent of the password database of the system for later retrieval; and providing the data indicative of the new password from the independent database to the password database.

Abstract: An authentication mechanism for use with biometric systems which optimizes data extraction on areas or regions having a high probability of matching a reference biometric template, allows a reduction in both the size and number of data packet transmissions to be made to a biometric matching engine and includes data packet transmission prioritization.

Abstract: A security framework for a host computer system which allows a host to control access to a compliant security token by ensuring enforcement of established security policies administered by a middleware application. Processing between the host computer system and the security token is performed using one or more modular security application agents. The modular security application agents are counterpart applications to security applications installed in the security token and may be retrieved and installed upon to ensure compatibility between counterpart token and host security applications. The security policies are a composite of host security policies and token security policies which are logically combined by the middleware application at the beginning of a session.

Abstract: In accordance with the invention there is provided a method of authorizing an individual comprising the steps of: receiving authorization data from the individual; determining based on previously stored data, at least a processor for performing an authorization process; using the at least a processor and the authorization data, performing the authorization process to one of authorize an individual and fail to authorize the individual; and wherein stored data results in different determined processors for different authorization operations and wherein at least some of the authorization operations are determined for performance by a same server processor.