Abstract: A transmitting terminal can transmit a content held by itself to a specific receiving terminal having no email software as if using a mailer. The transmitting terminal (10) and the receiving terminal (20) are connected to a delivery server (30) via a network (4). The delivery server (30) comprises: a database (36) for registering the device ID that specifies the receiving terminal (20); a content storage (39) for temporarily storing a content transmitted from the transmitting terminal (10); and table (33, 37) for managing contents separately on a per device ID basis of the receiving terminal. The delivery server (30), when receiving a request from the receiving terminal (20), refers to the tables (33, 27) and transmits to the receiving terminal (20) a content, the transmission destination of which corresponds to the device ID of the receiving terminal (20).

Abstract: Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device.

Abstract: A method and system for determining unauthorized account access is provided. The method includes receiving a username of a user and a passcode for access to a secure account or device belonging to a user. The passcode is determined to be incorrect. Unauthorized access attempts with respect to the secure account or the device are determined based on based on the incorrect passcode and in response, a quality factor associated with the incorrect passcode with respect to the secure account or device is determined. The quality factor is compared to a threshold value. Security functions associated with the secure account or device with respect to the incorrect passcode and the results of the comparison are performed based on the quality factor and the unauthorized access attempts.

Abstract: A banking system operates responsive to data read from data bearing records. The system includes an automated banking machine comprising a card reader. The card reader includes a movable read head that can read card data along a magnetic stripe of a card that was inserted long-edge first. The card reader includes a card entry gate. The gate is opened for a card that is determined to be properly oriented for data reading. The card reader can encrypt card data, including account data. The machine also includes a PIN keypad. The card reader can send encrypted card data to the keypad. The keypad can decipher the encrypted card data. The keypad can encrypt both deciphered card data and a received user PIN. The card data and the PIN are usable by the machine to authorize a user to carry out a financial transfer involving the account.

Abstract: Methods, systems, and computer-readable media for authenticating customers of an organization and managing authenticated sessions of various customers are presented. Some aspects of the disclosure provide ways for a customer of an organization to authenticate using a mobile computing device, such as the customer's personal mobile device, when interacting with the organization in various contexts, such as when accessing an automated transaction device or when interacting with an agent of the organization during an in-person session or during a teleconference session. In some arrangements, the customer's authentication status, which may be established on the mobile computing device and which, in some instances, may be verified based on the location of the mobile computing device, may be carried over from the mobile computing device to another computing device or system, such as an automated transaction device or a teller terminal device, which may be used by an agent of the organization.

Abstract: A method and system is provided for establishing credit on an automatic vending machine or vending device. A currency amount or a number of credits is established on a vending device in order to obtain a product, service or access time from a vending device using a cellular telephone, or other personal wireless communication device. The personal wireless communication device activates an applet, which may be downloaded at the site, to establish a link with a vending machine universal wireless interface coupled to the vending machine device controller and also establishes a link with a remote server for authorizing credit for a vending transaction, which allows the vending transaction to take place.

Abstract: An authentication system utilizes dynamic passcode from a user-defined formula based on a changing parameter value. The changing parameter is publicly accessible through the communication network and has a current value that is periodically updated, such as a stock value, temperature at a specific location, or a sports score. The user-defined formula is based on the changing parameter in order to derive a passcode which authenticates a user to an associated user account. As referred to herein, the user-defined formula is a mathematical formula in which the changing parameter is one variable (e.g., [changing parameter value]+1). Some formulas include more than one changing parameter.

Abstract: Embodiments are directed to token management. Embodiments initiate presentation of a digital wallet management interface including initiating presentation of a digital wallet; initiating presentation of an original token associated with the digital wallet; initiating presentation of a toggle switch comprising a first position and a second position and associated with the original token and configured for graphical manipulation by the user between the first position and the second position, wherein the first position corresponds to the original token being available for use as a payment credential; and where the second position corresponds to the original token being unavailable for use as a payment credential.

Abstract: The present invention relates to digital rights management (DRM) for content that downloaded and saved to a storage device. The storage may be a disk drive, or network attached storage. In addition, the storage device performs cryptographic operations and provides a root of trust. The DRM employs a binding key, a content key, and an access key. The binding key binds the content to a specific storage and is based on a key that is concealed on the storage. The binding key is not stored on the storage device with the content. The content key is a key that has been assigned to the content. The access key is determined based on a cryptographic combination of the content key and the binding key. In one embodiment, the content is provisioned based on the access key and stored in encrypted form in the storage device.

Abstract: A user may select or create a PIN at a non-secure input device, such as a web-enabled personal computer. PINs are stored at a financial host in encrypted form, as PIN offsets. The user selected PIN and a corresponding account number are sent in clear text form to the host, which selects a base PIN offset corresponding to the PIN. A host security module within the host converts the base PIN offset to an actual PIN offset using the actual account number. The actual PIN offset (corresponding to the new PIN and the account number) is then stored at the financial host.

Abstract: Disclosed are systems and methods of employing a multi-ring encryption approach to secure a data payload. Each ring of encryption may be encrypted from a key derived from a password, such that each subsequent ring of protection is protected by a key derived from the key used to encrypt the previous ring of protection. Further, hardware-based encryption may be employed in one or more of the rings of protection to bind the encrypted payload to the hardware. Such systems and methods may be used to reduce the ability to parallelize an attack on encrypted data while also permitting password-related data to be synchronized across a network.

Abstract: The present invention is a zero-configuration system including a registration server connecting (via the Internet) to a network terminal device through a network connection device, and a first network device located in a local area network same as the two devices and having a first identification name and a set of configuration values, wherein the registration server stores the first identification name corresponding to a user information. The network terminal device can login to the registration server by using the user information, and then scan the local area network and, when detecting a second network device having a second identification name not yet stored in the registration server, automatically receive the first identification name from the registration server, obtain the configuration values from the first network device, and configure the second network device according to the configuration values, so as to automatically connect to and access the second network device.

Abstract: The invention relates to generating and using secure transformable passwords. In one example, a user grants a third party access to an online account at a host server, and the user requests a transformed password from the host server. The host server associates an encryption key with the third party and generates a transformed password using the user's online account password and the encryption key. The user transmits the transformed password to the third party which may use the transformed password to access the online account. The host server generates a second transformed password and compares it to the password information received from the third party. If the received password information and the second transformed password are identical, access is granted. The invention also includes methods for invalidating the transformed passwords by changing the encryption keys to an invalid state.

Abstract: Leveraging a persistent connection to provide a client access to a secured service may include establishing a persistent connection with a client in response to a first request from the client, and brokering a connection between the client and a secured service based on a second request from the client by leveraging the persistent connection with the client. The brokering may occur before the client attempts to connect to the secured service directly and the connection may be established between the client and the secured service without provision by the client of authentication information duplicative or additional to authentication information provided by the client to establish the persistent connection.

Abstract: Systems and methods for performing token transactions are provided. In one embodiment, the invention provides for processing token transactions, including receiving an encrypted password for a debit card transaction, wherein the password was secured using encrypted debit-card information, decrypting the password using encrypted debit-card information for the debit card, recreating the password using actual debit-card information for the debit card, and forwarding the recreated password for subsequent transaction processing. The invention is suitable for implementation with other types of tokens in addition to debit-card tokens as well. The invention can be implemented in a scenario where the password includes a PIN block that is created by combining a clear or encrypted PIN for the token with token information.

Abstract: Provided are methods, systems, and devices for preventing hardware piracy.

Abstract: The invention provides a chip-and-PIN reader device, which includes a slot for a chip card and a plurality of keys including numeric keys 0-9 and possibly an enter key and a restart key. The enter key is used to indicate to the device that the PIN has been fully entered and the restart key is used to indicate to the device that a mistake has been made in entering the PIN and that the PIN is to be re-entered. A set of electrodes is provided for making contact with corresponding electrodes on the chip card. A reading means connected to the set of electrodes reads the entered PIN and the card-number data stored on the chip. A comparing means compares the PIN entered by the user with the PIN stored on the chip and provides a signal indicative of a wrong entered PIN. A restart means is provided, which allows the PIN to be re-entered.

Abstract: Systems and methods are provided for facilitating contactless payment using cloud-based wallet containing payment credentials (e.g. Visa, Mastercard, American Express) using a near field communication (NFC)-capable device and payment gateway servers. A user can use their existing payment card, herein referred to as a funding card, for contactless payments. A second payment card, herein referred to as a virtual card, is generated. The virtual card is associated with the funding card on a payment gateway server. The virtual card is used on a NFC-enabled mobile device. When a payment is initiated, the virtual card data is sent through the NFC system from a point of sale terminal. This information is sent to the payment gateway server, which retrieves the funding card to make the payment. The funding card, not the virtual card, is used to transfer the money to make payment.

Abstract: Certain exemplary embodiments relate to techniques for processing PIN-inclusive transactions in connection with an electronic device or terminal, e.g., where PIN code encryption keys are not necessarily stored on the electronic device or terminal, and/or where payment instrument data is maintained in a separate system from PIN code data at least until certain elements are combined in a highly secure system for submission to an electronic funds transfer network. One or more separate or physically separated systems may be used in this regard, e.g., taking advantage of more prevalent computer networks such as the Internet. Similarly, the ability to provide less expensive terminals or electronic devices at a point-of-sale, point-of-purchase, etc., may be advantageous. The interchange rate is not necessarily driven up in certain example instances.

Abstract: A system and method for processing POS payment transactions via mobile devices is described. Encrypted first identification information is received from a merchant mobile device. Encrypted second identification information is received from a cardholder mobile device. A determination is made regarding whether the encrypted first identification information and the encrypted second identification information are associated with one another. In response to a determination that the determination that the encrypted first identification information and the encrypted second identification information are associated with one another, the encrypted first identification information and the encrypted second identification information are decrypted. The POS payment transaction is processed based on the decrypted first and second identification information.

Abstract: Facilitating transactions using non-traditional devices and biometric data to activate a transaction device is disclosed. A transaction request is formed at a non-traditional device, and communicated to a reader, wherein the non-traditional device may be configured with an RFID device. The RFID device is not operable until a biometric voice analysis has been executed to verify that the carrier of the RFID equipped non-traditional device is the true owner of account information stored thereon. The non-traditional device provides a conduit between a user and a verification system to perform biometric voice analysis of the user. When the verification system has determined that the user is the true owner of one or more accounts stored at the verification system, a purchase transaction is facilitated between the verification system. Transactions may further be carried out through a non-RF device such as a cellular telephone in direct communication with an acquirer/issuer or payment processor.

Abstract: A subscription identifier is communicated between the billing server and subscription server. The billing server receives a subscription identifier text message from the user device. The billing server identifies a carrier server from the subscription identifier text message. The billing server receives an authorization text message from the user device in response to an authorization request text message and charges an account of the carrier server that has been identified. If the charge has been successful, then the billing server transmits a renewal notification text message to the subscription server. The subscription server updates an account having the subscription identifier to reflect a new expiration.

Abstract: The Electronic Payment Anti-Fraudulent System through Real-Time Phone based Verification Code is introduced to provide a method or a mechanism to secure the online payments and transactions for both registered online buyers and electronic merchants; this is mainly performed through 2 major sub methods: 1. Identity and Payment Card Owner Ship Verification. 2. Real-Time approval and verification for every online payment or transaction.

Abstract: An intelligent payment card and a method for performing a financial transaction using the payment card are disclosed. The payment card includes inter-alia a biometric sensor, an input module, and a display screen. The payment card is activated when a primary user successfully authenticates himself by the way of providing valid finger print(s) to the biometric sensor of the payment card. The payment card is removably embedded with criteria that dictate at least a maximum transaction amount, maximum number of transactions to be performed on the card and maximum threshold time for completing a transaction. The payment card also includes a processor unit which compares the authorization code input by the user with a unique identification number stored within the payment card, and upon successful authentication enables the user to perform desired financial transaction and also ensures that the removably embedded criteria are not violated during the financial transaction.

Abstract: A technique for associating data with an account is described. During this technique, a user uploads data to a computer system from an electronic device one or more times without providing log-in credentials for the account. Instead, the data is stored along with an identifier determined from characteristics or attributes of the electronic device. If the user subsequently logs into the account from the electronic device, the computer system determines that the identifier for the electronic device matches the previously determined identifier. At this point, the computer system associates data with the account.

Abstract: The present invention describes a method for carrying out smart transactions involving the use of a variable PIN. In this process the variable PIN is a set of numbers and letters that are modified through every transaction based on specific information of the person that is making the transaction. As the person prepares to make a transaction over the internet, at a bank teller, at a store, with a check or any other type of monetary transaction, the user or this invention will calculate their variable PIN by using certain information known only by the account owner such as home address, company address, home phone number, social security number, other types of personal information & transaction information like the check number, the time, amount to be paid, date of issue, expiration of the credit card or even use mathematical constants such as Pi (3.1416).

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: Systems and methods are provided for facilitating guided entry of a passcode. The exemplary guided passcode entry system provides additional security to traditional secret PIN or passcode entry systems by generating a randomized input sequence (order of entry) and prompting the user to input the passcode according to the randomized input sequence. The system also causes a test of the user's input data against a database of passcodes associated with the particular user for an exact match. The testing step can include comparing the characters of the input data to a particular passcode associated with the user which is stored in a database in accordance with the randomized input sequence in regard to the order that the input data was received. Based on the comparison of the received pin to the stored pin, the system can advance the transaction with the user.

Abstract: A method, non-transitory computer readable medium, and apparatus for authorizing a credit card transaction are disclosed. For example, the method receives a request to validate a transaction with a vendor using a credit card account, sends a request to an owner of the credit card account for a personal identification number (PIN) associated with the credit card account, wherein the PIN comprises one or more parameters, receives the PIN, determines that the PIN matches one of one or more PINs that were generated and associated with the credit card account and that each one of the one or more parameters associated with the PIN is met by the transaction and authorizes the transaction with the vendor using the credit card account.

Abstract: A method of performing a fund transfer at an ATM includes receiving an active authentication transaction key at an ATM from a mobile financial transaction instrument via a wireless communication protocol, generating a PIN at the ATM, and storing the PIN in a machine readable storage medium. An authorization request message is transmitted to a financial institution identified by the active authentication transaction key. The authorization request message includes the PIN and at least a portion of the active authentication transaction key. The PIN is received from a user of the mobile financial transaction instrument, and the funds are dispensed in response to receiving the PIN.

Abstract: A method for secure passcode entry is disclosed. The method, in one embodiment, includes: receiving a request for authenticating a user; in response to the request, generating a passcode entry interface including buttons corresponding to character options for composing a passcode entry, wherein the passcode entry interface is used to receive the passcode entry to authenticate a user of the payment card; identifying, on a touchscreen of the electronic device, a traffic region that experienced touch events prior to receiving the request; and displaying the passcode entry interface on the touchscreen such that at least a portion of the passcode entry interface is positioned in the traffic region.

Abstract: For secure user authentication using a one-time password (OTP) application is pre-stored on a device for generating a OTP value responsive to entry of a valid PIN, no part of the PIN is stored on the device and pre-storing on a server the PIN and a valid shared secret for the user. Upon receiving entry a purported PIN, a purported shared secret is dynamically synthesized on the device by the OTP application based on the purported PIN of the user and a purported OTP value is generated based on the purported shared secret. When entry of the purported OTP value is received by the server in an attempt to log on the server from another device, the server cryptographically calculates a purported shared secret based on the purported OTP value, and log on to the server from the other device is allowed if the calculated purported shared secret corresponds to the pre-stored shared secret.

Abstract: A method of secured passcode entry is disclosed. The method, in one embodiment, includes: receiving a request to authenticate a user; in response to receiving the request, generating a passcode entry interface that includes a plurality of buttons for the user to compose a passcode entry, each button representing a character of a set of characters, the set of characters having a natural sequence, wherein said generating includes displaying the buttons on a touchscreen of the electronic device in an arrangement that does not reflect the natural sequence of the set of characters; detecting a touch event, represented as a coordinate on the touchscreen, interacting with the touchscreen while the passcode entry interface is displayed, wherein the touch event is indicative of at least a portion of a passcode entry by the user; and verifying an authenticity of the passcode entry based at least partly on the touch event.

Abstract: Systems, methods and computer-readable media are disclosed for providing a cardholder with a card account identifier for temporary use in emergency situations in which an existing card account identifier has potentially been compromised, as a result of theft or loss of a transaction card or other potential misappropriation of the existing identifier, or situations in which the existing identifier is otherwise unavailable for use. The card account identifier for temporary use may be associated with conditions that restrict the manner and scope according to which the identifier may be used to gain access to funds.

Abstract: Systems, methods and computer-readable media are disclosed for providing a cardholder with a card account identifier for temporary use in emergency situations in which an existing card account identifier has potentially been compromised, as a result of theft or loss of a transaction card or other potential misappropriation of the existing identifier, or situations in which the existing identifier is otherwise unavailable for use. The card account identifier for temporary use may be associated with conditions that restrict the manner and scope according to which the identifier may be used to gain access to funds.

Abstract: Technology is described to monitor incoming channels or messages for a security confirmation code, capture a received confirmation code, recognize a designated field or other destination opportunity to enter a security confirmation code, and automatically inject the captured code to the recognized destination. Various other aspects of the technology are described herein.

Abstract: A transponder-reader payment system includes a fob including a transponder, and a RFID reader for interrogating the transponder. The system may further include a personalization system for populating onto the fob and RFID reader identifying information and security and authentication keys which may be used during mutual authentication of the fob and the reader and for completing a transaction. In exemplary operation, the fob and RFID reader may be personalized, the fob may be presented to the RFID reader for interrogation, the fob and reader may engage in mutual authentication, and fob identifying information may be provided to the reader for transaction completion. In another exemplary embodiment, operation of the transponder-reader payment system may be controlled by an activation circuit. Further, the fob may be responsive to multiple interrogation signals.

Abstract: Disclosed is a communication system, a method and a device for real time management, data analysis and geographic location of business deals. In one implementation, a system (100) for enabling a communication between at least two users (102) using said system (100), and a communication between at least one user and at least one payment processing server (110), using a specialized electronic card reader device (106) is disclosed. The system (100), a method (300), and the device (106) enabling team management, inventory management, payment processing and waste management tools to allow business owners, managers, employee and consumers to communicate within themselves and to the payment processing servers using single platform configured to allow business deals driven by real time management, data analysis and geographic location is disclosed. Further, the device (106) may be used for reading cards and the like and enabling multiple users to communicate with each other.

Abstract: Efficient methods and systems for verifying personal identifiers in transactions such as financial transactions are disclosed. In an exemplary method, an authentication server computer may provide an account number and a personal identifier such as a PIN to a payment processing network server computer. The payment processing network server computer may then determine which of a plurality of authentication processes to initiate.

Abstract: A system that includes an issuer system that receives, via a network, registration information from a mobile device, wherein the issuer system is associated with a financial institution that issues a smart card to a user and wherein the registration information includes an identifier of the mobile device, and a mobile device application associated with the issuer system, that when executed on a mobile device, communicates with the issuer system to validate the mobile device as a trusted device and enables the trusted device to communicate with the smart card and enable smart card management features mobile device application.

Abstract: A method for generating a personal identification number (PIN) debit child product for use in performing a debit payment transaction with a merchant entity. A payment processing platform receives a user selection of a financial institution made via a merchant payment page and directs the user to authenticate a user identity with the financial institution. The payment processing platform receives a user selection of a core account held with the financial institution, such that the core account provides financial backing for the PIN debit child product. The PIN debit child product is generated that includes a child card number and a virtual PIN associated with the core account. Advantageously, the method provides the ability to make PIN debit transaction on the Internet.

Abstract: Systems and methods for entering credential components are provided. The system includes an input device coupled to a computing device. The input device includes an input pad configured to receive a tactile input corresponding to the credential components, and one or more processors. The one or more processors of the input device are configured to recognize one or more characters traced on the input pad by the tactile input, encrypt the recognized one or more characters, and send the encrypted one or more characters. The computing device receives the encrypted one or more characters and includes one or more processors configured to display instructions to provide the tactile input, and send the received encrypted one or more characters to a remote server.

Abstract: Systems and methods are disclosed herein to allow a party to a multiple-party transaction to perform authentications using identification information received from another party while allowing the party generating the identification information to maintain confidentiality of information. A user may enter an access code to identify the user to a first party that will be generating identification information to a second party in the transaction. The access code may be entered without requiring the entry of an alphanumeric PIN (Personal Identification Number). The first party may convert the access code to a second code for transmission to the second party so that the access code is not revealed to the second party. The second party may use the second code to authenticate the user, to authenticate a payment transaction or other types of communications from the user or the first party. Thus, parties in a multiple-party transaction may perform authentications while maintaining the confidentiality of information.

Abstract: In transactions between a consumer and a merchant (or other third party) using services of a payment provider (e.g., credit card company, or financial services provider), methods and systems are provided for enabling any third party to accept chip and PIN payment and payment provider services using a payment provider device that is enabled using the third party's own application (referred to herein as “app”) and not the app of the payment provider. Enabling a merchant to accept chip and PIN payments usually requires the merchant to certify (accredit) their application (e.g., a point-of-sale (POS) system) end to end with the payment providers (e.g., Visa, MasterCard). A software development kit (SDK) modification to the application allows the merchant to accept chip and PIN cards the without the need to certify the application. The SDK includes the functionality that needs to be certified, and certifies it once with a service provider.

Abstract: The present invention relates to a method and system for synchronising a personal identification number (PIN) value stored in a mobile computing device, with a PIN value stored on a remote server. The remote server receives a request from the mobile computing device to record a PIN value, the request comprising the PIN value. The PIN value is recovered from the received request and stored at the remote server. An instruction set arranged to record the PIN value in a secure hardware element comprised within the mobile computing device is generated and transmitted to the mobile computing device. The instruction set executes on the mobile computing device in order to record the PIN value on the secure hardware element.

Abstract: Facial recognition is used to associate, organize, identify, select, execute, and transfer payment, data files, and personal information to and from a user's profile in the cloud through a C2C and B2C network. The information—financial, professional, and personal—is securely delivered to a POS system, to a credit-card company/acquirer, to a cloud database, to a checkout tablet, and/or to a consumer-owned and operated smartphone device or tablet.

Abstract: A method of encrypting sensor input entries for passcode entry security is disclosed. The method in one embodiment includes presenting a passcode entry interface on an electronic device for a user to input a passcode entry. The electronic device then receives an input event, which is indicative of at least part of the passcode entry by the user, from a sensor of the electronic device. The electronic device then encrypts a sensor value of the input event and transmits the encrypted sensor value to an external system over a network to cause the external system to decipher the passcode entry from the encrypted sensor value.

Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.

Abstract: The invention relates to a method for carrying out a transaction at a transaction terminal (40) by means of a mobile terminal (20), to such a transaction terminal (40), and to such a mobile terminal (20). The method has the step of identifying a user by means of the transaction terminal (40) and the step of authenticating the user with respect to the transaction terminal (40). The method is characterized in that the user is authenticated by checking whether a password, in particular a PIN, which is entered by the user via an input device (22, 24) of the mobile terminal (20) matches a password which is stored for the user in the transaction terminal (40) or in a background system (80) that is connected to said transaction terminal.

Abstract: A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.