Abstract: A system or method of image-based login authentication of a user on an access device using a mobile device registered to the user can include receiving login information at the access device, displaying an image reference at the access device, the image reference being one among a plurality of image references provisioned at the mobile device and an authentication authority, displaying the image reference selected by the authentication authority along with other image references, and receiving an authentication token at the authentication authority from the mobile device corresponding to a selection at the mobile device of one of the plurality of image references provisioned at the mobile device. The method can further include receiving validation by the access device of a completed authentication if the selection matches the image reference displayed at the access device and allowing login at the access device if the authentication token is validated.

Abstract: A system or method of secure data entry can include one or more processors and memory having computer instructions which when executed by the one or more processors causes the one or more processors to perform the operations at a client edge device of executing a user interface data entry application on the client edge device, receiving data by the user interface data entry application, wherein the data entered is a graphic input pattern corresponding to characters, communicating the data entered to a server, and receiving access to the server if a data processing application at the server interprets the data entered as a credential based on rules negotiated between the data entry application and the data processing application and a template for the graphic input pattern.

Abstract: A system and method for backing up critical data of edge devices includes originator, surrogate, and target edge devices as well as a vault-broker server. The critical data, encrypted, is transmitted to and stored by a surrogate. The association of originator and surrogate is managed by the vault-broker server. Encryption protects the data from recovery by unauthorized parties while allowing surrogate edge devices to determine if recovery attempts are made by authorized parties.

Abstract: A system and method for backing up critical data of edge devices includes originator, surrogate, and target edge devices as well as a vault-broker server. The critical data, encrypted, is transmitted to and stored by a surrogate. The association of originator and surrogate is managed by the vault-broker server. Encryption protects the data from recovery by unauthorized parties while allowing surrogate edge devices to determine if recovery attempts are made by authorized parties.

Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.

Abstract: A server accesses a user identifier associated with a first user device and a reference image as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image the server authenticates the user.

Abstract: A server accesses a user identifier associated with a first user device and a reference image, as a first image set, to be displayed. The server sends to a second user device an image, as a second image set, to be displayed, and a user request to select an image within the first image set. The second user device displays the second image set and the user request. The user of the first user device selects at least one displayed first image, the selected first image matching an image visually selected within the displayed second image set, according to a rule known to the user and the server. The first user device sends to the server the first user device identifier accompanied with data relating to the selected first image. If the data relating to the selected first image matches the data relating to the first reference image, the server authenticates the user.

Abstract: A method for authenticating a user includes connecting to a server from a user device, loading from the server to the user device data including executable data, detecting by the user device, while executing the executable data, whether an identifier relating to a short range communication device exists in a vicinity of the user device, sending from the user device to the server a user identifier accompanied with the detected short range communication device identifier, verifying by the server for the identified user whether a detected short range communication device identifier matches a predetermined part of a reference short range communication device identifier. Access is granted from the server only if the detected short range communication device identifier matches the predetermined part of the reference short range communication device identifier.

Abstract: A mechanism for using a mobile device connected to a security device to authenticate a user to a service provider using a security device operating according to an applet without storing keys or user interface text on the security device or the mobile device. Registration and authentication messages to the mobile device are routed to a security device. These messages include a nonce. The security device encrypts responses from the user using the nonce and transmits an encrypted response message including the encrypted response to the authentication server, wherein the nonce is unique for each communication between the authentication server and the security device. Other systems and methods are disclosed.

Abstract: The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.

Abstract: A method to manage modification of encryption credentials for an encryption server. The encryption server is used to encrypt data uploaded by a user after provision of user encryption credentials associated with an encryption account. The data is encrypted by using a user encryption key stored in a cloud storage server.

Abstract: A method to manage modification of encryption credentials for an encryption server. The encryption server is used to encrypt data uploaded by a user after provision of user encryption credentials associated with an encryption account. The data is encrypted by using a user encryption key stored in a cloud storage server.

Abstract: The present invention relates to a web server having a web application using published API of one or more cloud storage providers, said web application being dedicated to secure and economical sharing of encrypted files residing at the cloud storage providers, said files being managed under a virtual folder which is shared by a group of different entities.

Abstract: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser. The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.

Abstract: A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.

Abstract: A system and a method for operating a device that is not capable of independently maintaining a local time clock to enforce a time-based transaction policy that requires a reliable time reference. The device establishes a secure communications channel to one or more network-attached time sources and inquires of each of the network-attached time-sources as to the current time using the secure communications channel. The device receives the current time from the network-attached time-sources and uses the received current times to estimate a current calendar time and to compute a reliability index associated with the estimated current calendar time. The device uses the estimated current calendar time and reliability index to enforce the time-based transaction policy.

Abstract: A method and system for providing authentication of a user to a first peripheral device connected to a host computer using an authentication of the user on a second peripheral device, thereby allowing the user access to both devices through a single authentication. A security function on the second peripheral device is used to create an authorization phrase. Subsequent accesses to the first peripheral device requires the second peripheral device to re-create the same authorization phrase thereby demonstrating that the same second peripheral device is being used to access the first peripheral device and that a user was successfully authenticated to the second peripheral device. Other systems and methods are disclosed.

Abstract: The invention relates to a portable authentication token comprising connection means for connecting to a computer, browser communication means for communicating with a browser running on the computer, and user authentication means for authenticating a user of the token to a server. The user authentication means are triggered via the browser communication means when the user connects to the server from the browser of the computer. The user authentication means are set to authenticate the user by communicating with the server through the browser. The token comprises out-of-band token communication means set to validate user authentication by establishing a communication channel between the token and the server, the communication channel bypassing the browser. The invention also relates to an authentication method and to a system comprising a token, a computer and a server to which the user authenticates with the token.

Abstract: Secure communication between a resource-constrained device and remote network nodes over a network with the resource-constrained acting as a network node. The remote network nodes communicate with the resource-constrained device using un-modified network clients and servers. Executing on the resource-constrained device, a communications module implements one or more link layer communication protocols, operable to communicate with a host computer, operable to communicate with remote network nodes and operable to implement network security protocols thereby setting a security boundary inside the resource-constrained device.

Abstract: A system and method for effecting secure transactions over a computer network in a manner designed to foil identity theft perpetrated from an untrusted computer. A connection from a client computer to the network wherein the client computer provides a user interface for a user, a connection from a server computer to the network, and a connection from a portable secure computing device to the network provides for secure transmission of private confidential user information from the user to a server. The private information is transmitted directly from the secure computing device to the server over the secure connection without possibility of capture on the computer with which the user is interacting.