Abstract: The present teaching relates to identity management. In one example, a trusted connector is instantiated in the enterprise system behind a security. The trusted connector is configured to communicate with the private resource via a communication protocol. Upon being triggered by the external system, a secure communication channel is established between the external system and the trusted connector. A request is received from the external source at the trusted connector through the secure communication channel. The request is interpreted for communicating with the private resource. The interpreted request is sent to the private resource. A response is received from the private resource. The response from the private resource is interpreted for communicating with the external system. The interpreted response is sent to the external system through the secure communication channel.

Abstract: The present invention relates to a method for electronically prescribing controlled substances on a wide area network that includes a health care provider system (MCP system), an electronic prescription system (EP system), a third party identification validation system (third party IDV system), and a pharmacy system, and includes: a) the EP system receiving from the HCP system an electronic prescription entered by a provider for a controlled substance, a first identification factor, and a second identification factor; b) the EP system authenticating the first identification factor and transmitting the second identification factor to the third party IDV system for authentication; and c) upon the first identification factor being approved by the EP system and the EP system receiving approval of the second identification factor from the third party IDV system, the electronic prescription being certified for transmission to the pharmacy system as a certified electronic prescription for the controlled substance.

Abstract: The present invention relates to a method for electronically prescribing controlled substances on a wide area network that includes a health care provider system (HCP system), an electronic prescription system (EP system), a third party identification validation system (third party IDV system), and a pharmacy system, and includes: a) the EP system receiving from the HCP system an electronic prescription entered by a provider for a controlled substance, a first identification factor, and a second identification factor; b) the EP system authenticating the first identification factor and transmitting the second identification factor to the third party IDV system for authentication; and c) upon the first identification factor being approved by the EP system and the EP system receiving approval of the second identification factor from the third party IDV system, the electronic prescription being certified for transmission to the pharmacy system as a certified electronic prescription for the controlled substance.

Abstract: The present invention relates to a method for electronically prescribing controlled substances on a wide area network that includes a health care provider system (HCP system), an electronic prescription system (EP system), a third party identification validation system (third party IDV system), and a pharmacy system, and includes: a) the EP system receiving from the HCP system an electronic prescription entered by a provider for a controlled substance, a first identification factor, and a second identification factor; b) the EP system authenticating the first identification factor and transmitting the second identification factor to the third party IDV system for authentication; and c) upon the first identification factor being approved by the EP system and the EP system receiving approval of the second identification factor from the third party IDV system, the electronic prescription being certified for transmission to the pharmacy system as a certified electronic prescription for the controlled substance.

Abstract: A system and method for securing pathways to a remote application server involves a gateway or authentication server, and a mobile code authentication and encryption client available for download from the gateway or authentication server. Upon connection of a user's computing device to the authentication server over the open network, the authentication server requests authentication information, such as a password, from the user, and upon authentication of the user by the authentication server, the authentication server downloads the mobile code authentication and encryption client to the user's computing device. The authentication and encryption client then authenticates itself to authentication server, after which a secure communications channel between the user's computing device and the authentication server is opened, the secure communications channel permitting transfer of data between the user's computing device and an application server.

Abstract: A system and method for securing pathways to a remote application server involves a gateway or authentication server, and a mobile code authentication and encryption client available for download from the gateway or authentication server. Upon connection of a user's computing device to the authentication server over the open network, the authentication server requests authentication information, such as a password, from the user, and upon authentication of the user by the authentication server, the authentication server downloads the mobile code authentication and encryption client to the user's computing device. The authentication and encryption client then authenticates itself to authentication server, after which a secure communications channel between the user's computing device and the authentication server is opened, the secure communications channel permitting transfer of data between the user's computing device and an application server.

Abstract: A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.

Abstract: A virtual private network for communicating between a server and clients over an open network uses an applications level encryption and mutual authentication program and at least one shim positioned above either the socket, transport driver interface, or network interface layers of a client computer to intercept function calls, requests for service, or data packets in order to communicate with the server and authenticate the parties to a communication and enable the parties to the communication to establish a common session key. Where the parties to the communication are peer-to-peer applications, the intercepted function calls, requests for service, or data packets include the destination address of the peer application, which is supplied to the server so that the server can authenticate the peer and enable the peer to decrypt further direct peer-to-peer communications.

Abstract: A shared secret key distribution system which enables secure on-line registration for services provided by an application server through an application level security system or firewall utilizes an authentication token containing a server public key. The server public key is used to encrypt a client-generated portion of the shared secret key, and the encrypted client-generated key is sent to the server where it is recovered using a private key held by the server and combined with a server generated portion of the shared secret key to form the shared secret key. The server generated portion of the shared secret key is then encrypted by the client-generated portion of the shared secret key and transmitted to the client for recovery and combination with the client-generated portion of the shared secret key, at which time both the client and server are in possession of the shared secret key, which can then be used for mutual authentication and development of session keys to secure subsequent communications.

Abstract: A system and method for preventing counterfeiting of an identification or transaction card, and for verifying that the user of the card is an authorized user, involves the use of a unique, unalterable serial number and an exclusive OR function to generate a private key protected digital signature. The digital signature is stored on the card together with a card issuer record which contains sufficient information to authenticate the record. User authentication is provided by a personal identification number which is stored on the card. The personal identification number is generated by enciphering the serial number using a password as the key. The same card can be used to store a plurality of card issuer records, each including its own digital signature, and with user authentication for all records provided by a single personal identification number.

Abstract: A system and method for establishing secured communications pathways across an open unsecured network, without compromising the security of any parties to the communication, involves establishing secured gateways or firewalls between the Internet and any party which desires protection by 1.) using a smart card to distribute shared secret keys between a computer which serves as the above-mentioned firewall and a client node on the Internet; 2.) using the shared private keys to establish mutual authentication between the gateway and the smartcard; 3.) generating a session or temporary secret key for use in further communications between the gateway and the client node once communications have been established; and 4.) encrypting further communications using the session key.

Abstract: A cyber wallet in the form of stored and protected account information, which may be "carried" on a tamper resistant portable electronic storage medium such as a smartcard, or stored on the customer's computer (or personal digital assistant, PCMCIA card, or the like) together with the browser/mosaic software, is provide to a customer for the purpose of making electronic payments from the possessor of the wallet to a merchant at a remote site on the Internet. Security of the information contained in the wallet is provided by a public key file containing public keys to be used for encrypting the payment information into an authorization ticket which is sent by the wallet to the merchant, and then forwarded to the account servicer for decryption, the decryption key being in the form or a private key held only by the account servicer, and to which the merchant and other parties have no access.