Abstract: Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.

Abstract: The invention provides a method and apparatus for the secure electronic signing of electronic documents and data. The method comprises the steps of: obtaining a first digital representation in a high level first data format of the set of application data; generating a second digital representation in a low level second data format of the application data whereby the low level second data format is different from the high level first data format; presenting an analog representation of the set of application data to a user, whereby the second digital representation is a precise and accurate representation of said analog representation; obtaining an indication whether the user approves the analog representation for signing; if the indication indicates that the user approves the analog representation for signing, generating the first digital signature over the second digital representation using a first signature key associated with the user.

Abstract: Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component.

Abstract: Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.

Abstract: An electronic circuit providing a linear keypad and an apparatus comprising such electronic circuit are provided. Methods for detecting that a button of a linear keypad is being pressed and for determining which button is being pressed are also provided. A method for calibrating an apparatus comprising a linear keypad to enable the subsequent determination by the apparatus of which button of the linear keypad is being pressed is also provided.

Abstract: Methods, apparatus, and systems for securing application interactions are disclosed.

Abstract: A digital programmable smart card terminal device and token collectively known as the token device is disclosed. The token device comprises a field programmable token device which accepts a user's smart card. The combination of token device and smart card may then be used for a variety of applications that include user authentication, secure access, encryption. One specific application is that of an electronic wallet. In one embodiment, an electronic smart card terminal includes a smart card reader adapted to receive and communicate with a smart card having smart card data stored thereon; token personality logic programmed based on the smart card data as a token personality subsequent to insertion of the smart card in the smart card reader; and a communications mechanism for communicating authentication data derived from the token personality. Since the smart card terminal only gains its token personality when a smart card is inserted, manufacture and distribution of the terminal on a wide scale is possible.

Abstract: Methods, apparatus, and systems for generating digital signatures are disclosed. An apparatus may present itself to a host computer as a mass storage device to provide cryptographic processing results through a standard mass storage access mechanism for exchanging files.

Abstract: An electronic power supply circuit for battery-powered hardware devices is disclosed which can be electronically switched to supply any of at least two predetermined voltages wherein the batteries are switched in parallel or in series depending on the desired voltage. Also disclosed is an electronic apparatus comprising the electronic power supply circuit, which in some modes of operation uses the highest of the two predetermined voltages and which in other modes of operation can function with the lower of two predetermined voltages, and includes control logic that switches the electronic power supply circuit to supply said higher voltage when the apparatus in a mode in which it uses this higher voltage and that switches said electronic power supply circuit to supply said lower voltage at least during some of the modes in which the apparatus can function with the lower voltage.

Abstract: Methods, apparatus, and systems for authenticating a user taking into account measurement values of characteristics of the purported environment of the user are described.

Abstract: Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.

Abstract: The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential.

Abstract: A secure smart card reader is disclosed that is enabled to make reader signatures on data representative of events and actions which may be security related and which may include data representative of reader commands received from a host or remote application, smart card commands exchanged with an inserted smart card, data presented to a user for approval, and/or configuration parameters applied when dealing with any of the foregoing. The smart card reader may be adapted to maintain logs of events and actions which may include exchanging reader commands, exchanging smart card commands, and/or interactions with a user. The logs may include data representative of the reader commands received, the smart card commands exchanged, data presented to the user for approval, and/or configuration parameters applied when dealing with any of the foregoing. The secure smart card reader may be adapted to generate a reader signature over the logs.

Abstract: A handheld authentication device comprising a data processor and a display is adapted to: generate an input value; submit the input value to an asymmetric cryptographic operation; obtain the result of said asymmetric cryptographic operation; generate an authentication message substantially comprising the result of the asymmetric cryptographic operation; encode the authentication message into one or more images; and display these images on the display.

Abstract: The invention defines a digital programmable smart card terminal device and token collectively known as the token device. The token device comprises a field programmable token device which accepts a users smart card. The combination of token device and smart card may then be used for a variety of applications that include user authentication, secure access, encryption. One specific application is that of an electronic wallet. The token device can be used both in connected and unconnected modes.

Abstract: A method of authenticating a user. The method comprises the step of sending an authentication request to a remote authentication device and generating a first piece of authentication information. A mobile device receives the first piece of authentication information from either an access terminal or the remote authentication device. The mobile device of the user generating a second piece of authentication information which is at least partially based on the received first piece of authentication information. The second piece of authentication information is sent to the remote authentication devices and the second piece of authentication information validated. If the second piece of authentication information is successfully validated an authentication signal is generated.

Abstract: Strong authentication tokens for generating dynamic security values having an acoustical input interface for acoustically receiving input data are disclosed. The tokens may also include an optical interface for receiving input data and may have a selection mechanism to select either the acoustical or the optical input interface to receive data. A communication interface may be provided to communicate with a removable security device such as a smart card and the token may be adapted to generate dynamic security values in cooperation with the removable security device. The acoustic signal received by the token may be modulated using a frequency shift keying modulation scheme using a plurality of coding frequencies to code the acoustical signal where each coding frequency may be an integer multiple of a common base frequency.

Abstract: An electronic device, which may be a USB device, includes a body part that is removably connected to a cap. The body part includes a connector for plugging the device into a host computing device. The cap includes a lever part and a main part. The lever part of the cap is attached to the main part and pivots at least partially around a pivot axis. The lever part includes an anchor part on one side of the pivot axis and an unlock part on the other side of the pivot axis. The anchor part includes a hook that engages a cavity in the body part when the cap is connected to the body part. Depressing the unlock part of the cap causes the lever to pivot around the pivot axis thereby disengaging the hook from the first cavity, and thereby releasing the cap from the body part.

Abstract: The invention relates to modulation and demodulation circuits, such as envelope detectors used to demodulate amplitude-modulated (AM) signals. By coupling an analog circuit to a port of a digital component, a compact envelope detector can be obtained, which achieves demodulation of AM signals for direct coupling into a digital input port. Accordingly, a compact envelope detector may be used in the data receiving part of a sealed device requiring post-manufacturing data transfer, in combination with additional components that provide electromagnetic coupling, such as inductive, capacitive, or radiative. An example of such a device is a credit card sized authentication token.