Abstract: Systems and methods for selectively encrypting content segments within a document are disclosed. Also disclosed are methods for sharing such a document with other users in a way that ensures each recipient of the document can only view those content segments that correspond to the recipient's authorization level.

Abstract: Methods of determining whether to trust an entity before sharing information with the entity, as well as methods of verifying whether to trust information received from an entity, are disclosed. In the processes, two entities, referred to as a holder and a verifier, desire to engage in an exchange of digital information. Before the holder will share information with the verifier, the holder will determine whether the verifier is a trusted entity. Before the verifier trusts information that it receives from the holder, it will examine a proof that it received from the holder to determine whether the proof includes information from or about a trusted third party referred to as an issuer. Information from an identity authority may be used in each of these verification steps.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect payment credentials without the risk of malware and skimming attacks. When opened, the secure payment application generates a multi-dimensional transitory key. The user authenticates the multi-dimensional transitory key and validates the secure payment application, triggering an out-of-band outbound mechanism. The portable mobile device invokes the authentication server and the authentication server authenticates the user based on the authenticated transitory key. After authentication, the merchant is allowed access to the payment credentials to complete the transaction. The process of the invention includes an authentication server, a secure payment application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional transitory key) and handle incoming requests, and a portable communication device with a smartphone application.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect a large number of documents without the need to remember all the document passwords. When opened, the secure document application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the secure document application and triggers an out-of-band outbound mechanism. The portable mobile device invoices the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the secure document. The process of the invention includes an authentication server, a secure document application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect a large number of documents without the need to remember all the document passwords. When opened, the secure document application generates a multi-dimensional code. The user scans the multi-dimensional code and validates the secure document application and triggers an out-of-band outbound mechanism. The portable mobile device invoices the authentication server to get authenticated. The authentication server authenticates the user based on shared secret key and is automatically allowed access to the secure document. The process of the invention includes an authentication server, a secure document application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional bar code) and handle incoming requests, secret keys and a portable communication device with a smartphone application.

Abstract: The invention provides an easy to use credential management mechanism for multi-factor out-of-band multi-channel authentication process to protect payment credentials without the risk of malware and skimming attacks. When opened, the secure payment application generates a multi-dimensional transitory key. The user authenticates the multi-dimensional transitory key and validates the secure payment application, triggering an out-of-band outbound mechanism. The portable mobile device invokes the authentication server and the authentication server authenticates the user based on the authenticated transitory key. After authentication, the merchant is allowed access to the payment credentials to complete the transaction. The process of the invention includes an authentication server, a secure payment application to generate an authentication vehicle or an embodiment (i.e. multi-dimensional transitory key) and handle incoming requests, and a portable communication device with a smartphone application.

Abstract: A method of securely routing data traffic between communication networks. In an integrated security device, a host router supports a virtual router that peers with VRF (virtual routing and forwarding) instances associated with participating networks on the host router. Each VRF instance preferably runs its own dynamic routing protocol and determines when received data traffic may be directly forwarded from one network to another and when it must be forwarded to an OE (offload engine) for enforcement of security policies or NAT (network address translation) processing.

Abstract: A method of securely routing data traffic between communication networks. In an integrated security device, a host router supports a virtual router that peers with VRF (virtual routing and forwarding) instances associated with participating networks on the host router. Each VRF instance preferably runs its own dynamic routing protocol and determines when received data traffic may be directly forwarded from one network to another and when it must be forwarded to an OE (offload engine) for enforcement of security policies or NAT (network address translation) processing.

Abstract: Improved rule-based NAT techniques are disclosed that provide for tracking a translation address used in a first communication session across other, later communication sessions such that a firewall may process packets, i.e., make pass/reject decisions, associated with such other sessions based on state information associated with the previous session that used the translation address. This is facilitated by creating an association between the translation address and session information associated with the first communication session.