Abstract: A detection is made that a first entity residing on a mobile device is requesting authentication. The first entity resides in a first portion of the mobile device. A determination is made that the mobile device is unable to establish network connections with a remote authentication server that is configured to authenticate the first entity. A local authentication process is performed in response to the determination that the mobile device is unable to establish network connections with the remote authentication server. Without accessing the remote authentication server, the local authentication process is performed by a second entity that resides in a second portion of the mobile device. The second portion has a greater level of security than the first portion.

Abstract: A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.

Abstract: The present disclosure involves a system that includes a computer memory storage component configured to store computer programming instructions and a computer processor component operatively coupled to the computer memory storage component. The computer processor component is configured to run a secure operating system and a non-secure operating system in parallel. The secure and non-secure operating systems are isolated from each other. The computer processor component is configured to execute code to perform the following operations: receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application; communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and authenticating and vetting the application based on the credentials of the application.

Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.

Abstract: Systems and methods are provided for a device to engage in a zero-knowledge proof with an entity requiring authentication either of secret material or of the device itself. The device may provide protection of the secret material or its private key for device authentication using a hardware security module (HSM) of the device, which may include, for example, a read-only memory (ROM) accessible or programmable only by the device manufacturer. In the case of authenticating the device itself a zero-knowledge proof of knowledge may be used. The zero-knowledge proof or zero-knowledge proof of knowledge may be conducted via a communication channel on which an end-to-end (e.g.

Abstract: A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.

Abstract: The present disclosure involves a system that includes a computer memory storage component configured to store computer programming instructions and a computer processor component operatively coupled to the computer memory storage component. The computer processor component is configured to run a secure operating system and a non-secure operating system in parallel. The secure and non-secure operating systems are isolated from each other. The computer processor component is configured to execute code to perform the following operations: receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application; communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and authenticating and vetting the application based on the credentials of the application.

Abstract: The present disclosure involves a system that includes a computer memory storage component configured to store computer programming instructions and a computer processor component operatively coupled to the computer memory storage component. The computer processor component is configured to run a secure operating system and a non-secure operating system in parallel. The secure and non-secure operating systems are isolated from each other. The computer processor component is configured to execute code to perform the following operations: receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application; communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and authenticating and vetting the application based on the credentials of the application.

Abstract: Methods and systems utilize a shake and transfer process to initiate a wireless communication and provide a user device with time and location information of the communication, which can be associated with contact information of a user of the other device. As a result, a user has additional information associated with a contact, and the time and location information can be used to determine or track elapsed time and distance traveled between communications.

Abstract: A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.

Abstract: Methods and systems utilize a shake and transfer process to initiate a wireless communication provide a user device with time and location information of the communication, which can be associated with contact information of a user of the other device. As a result, a user has additional information associated with a contact, and the time and location information can be used to determine or track elapsed time and distance traveled between communications.

Abstract: A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.

Abstract: Various methods and systems are provided for inserting a user-selected pattern below a main application display when sensitive information is being requested or to be communicated. The border of the main application layer may also be modified at this time, either with or without the underlying pattern. This visual change provides the user an assurance that the application or site is authentic and not a phishing attack. The user-selected patterns are stored in secure areas, such as a secure element on the user device or in a cloud accessible by the application or site.

Abstract: Systems and methods for use with a client device and a server provide interactive phishing detection at the initiation of the user. Detection of phishing is based on the user's comparison of a visual indicator sent from the server to the client device with a another identical looking visual indicator displayed, for example, on a trusted website. Several security measures may be employed such as changing the visual indicator periodically, generating the visual indicator in a random manner, and authenticating the client device to the server before the server will transmit the visual indicator to the client device. User comparison of the website-displayed visual indicator with the user's client device user interface-displayed visual indicator may facilitate user verification of authenticity of a software application.

Abstract: A system, according to one embodiment, includes a master key for encryption of data; an encryption key site accessible by computer and storing a first piece of the master key; a configuration file resident in a computer file system, the configuration file storing a second piece of the master key; a computer database storing a third piece of the master key; a master-key seal key used to encrypt the master key, wherein a secure self managed data (SSMD) key is obtained by assembling and decrypting the first piece, the second piece and the third piece using the master-key seal key; a unique ID for the data; a classification level for the data; and an expiration time for the data, wherein the data, the unique ID, the classification level, and the expiration time are encrypted together using the SSMD key to form an SSMD encoded data.

Abstract: The present disclosure involves a system that includes a computer memory storage component configured to store computer programming instructions and a computer processor component operatively coupled to the computer memory storage component. The computer processor component is configured to run a secure operating system and a non-secure operating system in parallel. The secure and non-secure operating systems are isolated from each other. The computer processor component is configured to execute code to perform the following operations: receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application; communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and authenticating and vetting the application based on the credentials of the application.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device over the network, distributing a resident application to the user device over the network, displaying a service icon on the user device, and receiving an authentication request from the user via the user device over the network. The service icon is linked to the resident application, and the authentication request includes user credentials inputted by the user via user selection of the service icon and resulting user access of the resident application. The system and method includes communicating with the resident application on the user device to request user confirmation of the authentication request, receiving user confirmation from the user via the user device over the network, authorizing the authentication request, and notifying the user of the authorized authentication request over the network via the resident application.

Abstract: Methods and systems for authenticating a user and a consumer electronic device (CED) to a financial services provider (FSP) for purposes of communications initiated from the device and needing security, such as purchases and financial transactions, are provided. The FSP may compile information about a user's behavior from various sources, both public and private, including the CED. The information may be of a stochastic nature, being gathered by sampling user data and behavior at chosen times. The information may include indicators of user behavior—such as the user using the device to check various accounts and web-pages—and data from the device—such as GPS location. Based on the compiled stochastic information, and using a sliding scale, a throttling mechanism, acceptance variation, and pinging information, the FSP can compare current information from the device with what is known about the user and the device to provide a more accurate and reliable authentication process.

Abstract: A user inserts a received random sequence into the user's password or PIN. The user enters and transmits this randomized password to a service provider. The service provider extracts the password to determine whether to authenticate the user.

Abstract: Various methods and systems are provided for inserting a user-selected pattern below a main application display when sensitive information is being requested or to be communicated. The border of the main application layer may also be modified at this time, either with or without the underlying pattern. This visual change provides the user an assurance that the application or site is authentic and not a phishing attack. The user-selected patterns are stored in secure areas, such as a secure element on the user device or in a cloud accessible by the application or site.