Abstract: A method and apparatus provides first or second factor authentication by providing selectability of a plurality of second factor authentication policies associated with a second factor authentication article. The first or second factor authentication article includes authentication information, such as a plurality of data elements in different cells or locations on the authentication article, which can be located by using corresponding location information. The method and apparatus provides second factor authentication based on the first or second factor authentication article by enforcing at least one of the plurality of selected authentication policies.

Abstract: A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of one-time challenge-reply sets based on an on-line communication with a sender unit. In one example, each of the one-time challenge-reply sets includes at least a one-time challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored one-time challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit. The one-time challenge-reply sets may be associated with an article.

Abstract: A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of one-time challenge-reply sets based on an on-line communication with a sender unit. In one example, each of the one-time challenge-reply sets includes at least a one-time challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored one-time challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit. The one-time challenge-reply sets may be associated with an article.

Abstract: A method and apparatus provides first or second factor authentication by providing selectability of a plurality of second factor authentication policies associated with a second factor authentication article. The first or second factor authentication article includes authentication information, such as a plurality of data elements in different cells or locations on the authentication article, which can be located by using corresponding location information. The method and apparatus provides second factor authentication based on the first or second factor authentication article by enforcing at least one of the plurality of selected authentication policies.

Abstract: A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of challenge-reply sets associated with an article based on an on-line communication with a sender unit. Each of the challenge-reply sets includes at least a challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit.

Abstract: A method and apparatus provides first or second factor authentication by providing selectability of a plurality of second factor authentication policies associated with a second factor authentication article. The first or second factor authentication article includes authentication information, such as a plurality of data elements in different cells or locations on the authentication article, which can be located by using corresponding location information. The method and apparatus provides second factor authentication based on the first or second factor authentication article by enforcing at least one of the plurality of selected authentication policies.

Abstract: A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements.

Abstract: A method and apparatus for providing mutual authentication between a user and a sending unit, (i.e. target resource) in one embodiment, includes determining, for a user that has been assigned an article, such as a card or other suitable article that has indicia thereon, desired sender authentication information that corresponds to actual sender authentication information that is embodied on the article. The sender authentication information can be located on the article by using the location information provided by the sending unit in a challenge. The method includes determining for the user, corresponding article identification information, such as a serial number that has been assigned to the article, or a shared secret, and sending a challenge for the user wherein the challenge includes at least location information, to allow the user to identify desired sender authentication information located on the article, and sending the article identification information.

Abstract: A method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements. The generated challenge is sent for use in an authentication of a user to a sender. A method, apparatus and/or system also generates sender authentication and corresponding location information, having a data element from a stored pool of challenge data elements. Selection of the data elements is based on rule data and stored usage data associated with at least some of the data elements in the stored pool of data elements.

Abstract: A method and apparatus provides first or second factor authentication by providing selectability of a plurality of second factor authentication policies associated with a second factor authentication article. The first or second factor authentication article includes authentication information, such as a plurality of data elements in different cells or locations on the authentication article, which can be located by using corresponding location information. The method and apparatus provides second factor authentication based on the first or second factor authentication article by enforcing at least one of the plurality of selected authentication policies.

Abstract: A method for providing authentication of a user of a recipient unit when the recipient unit is off-line includes storing one or a plurality of challenge-reply sets associated with an article based on an on-line communication with a sender unit. Each of the challenge-reply sets includes at least a challenge-reply pair for use in off-line authentication of the user for a particular resource available through the recipient unit. When the user is offline, the method includes selecting at least one of the plurality of stored challenge-reply sets for off-line authentication of the user for the particular resource available through the recipient unit.

Abstract: A method and apparatus for providing mutual authentication between a user and a sending unit, (i.e. target resource) in one embodiment, includes determining, for a user that has been assigned an article, such as a card or other suitable article that has indicia thereon, desired sender authentication information that corresponds to actual sender authentication information that is embodied on the article. The sender authentication information can be located on the article by using the location information provided by the sending unit in a challenge. The method includes determining for the user, corresponding article identification information, such as a serial number that has been assigned to the article, or a shared secret, and sending a challenge for the user wherein the challenge includes at least location information, to allow the user to identify desired sender authentication information located on the article, and sending the article identification information.

Abstract: A method and apparatus for providing mutual authentication between a user and a sending unit, (i.e. target resource) in one embodiment, includes determining, for a user that has been assigned an article, such as a card or other suitable article that has indicia thereon, desired sender authentication information that corresponds to actual sender authentication information that is embodied on the article. The sender authentication information can be located on the article by using the location information provided by the sending unit in a challenge. The method includes determining for the user, corresponding article identification information, such as a serial number that has been assigned to the article, or a shared secret, and sending a challenge for the user wherein the challenge includes at least location information, to allow the user to identify desired sender authentication information located on the article, and sending the article identification information.