Abstract: The disclosure provides a system and method of authenticating a user to a network. For the method, if a request for a resource initiated by the device is related to a restricted resource, then the method: redirects the request to the authentication server; initiates an authentication process at the server to request a user account and a password from the device to authenticate the device if it has not been authenticated; automatically provides the device with access to the restricted resource if the device previously had been authenticated to access the restricted resource; and provides a signal to the device indicating whether it has been authenticated to allow the device to update its graphical user interface to indicate an access status for the restricted resource. If the request relates to a non-restricted resource, then the method automatically provides the device with access to the non-restricted resource.

Abstract: A method and mechanism for verifying information on a managed device is provided. A request is received at a managed device that contains one or more values that comprise proposals for a correct value of a managed object of the managed device. The managed object may be a SNMP MIB object. The managed object may store information for any attribute for the managed device. Next, a determination is made as to whether any of the one or more values in the request match the correct value of the managed object. Thereafter, a notification message is transmitted from the managed device to a management station that indicates whether any of the one or more values in the request match the correct value of the managed object. The notification message may identify which one of the one or more values in the request matches the correct value of the managed object.

Abstract: Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device.

Abstract: Once an individual is issued a Universal Identifier (UID) it uniquely identifies that person anywhere in the world. The UID could be embedded in any type of device, token or apparatus that is capable of transmitting it (only several bytes of data) to a reader device. Alternatively, for the purposes of authentication the UID could also be entered via a keypad or via any other means. The code scheme for a UID could be any type of symbol sequence that is capable of providing enough combination to cover the entire expected human population. Although it can also be used without biometric data the intended use of the UID is in conjunction with biometric authentication. The Universal Identifier is universal from two aspects: first it is a global or worldwide identifier for people around the world; second it is to be used most generally in any type of transactions, processes or scenarios where authentication is needed.

Abstract: The method of securing data transfer comprises: a step of attempting to transmit a document from a document sender to at least one document recipient, by implementing at least one transmission attribute and for at least one step of attempted transmission, a step of evaluating the value of at least one transmission attribute and a step of making the evaluation of the value of the transmission attribute available to the sender. Preferably, in the course of the evaluating step, the evaluation is dependent on the anomalies of correspondence that are observed for each attempted transmission. Preferably, in the course of the evaluating step, the evaluation is, moreover, dependent on the elements provided by the recipient in the course of a step of registering with an electronic document transmission service.

Abstract: A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature.

Abstract: The invention comprises an intrusion-detection system based on a switch 1 that provides more effective protection by means of an innovative arrangement of three intrusion-detection contacts 16-17-18 on an electronic circuit, connected to two different intrusion-detection electronic circuit and an intrusion-detection switch 1 with a special design that provides three different interconnections between said contacts in response to different intrusion attacks. The special arrangement of the contacts on the electronic board provides protection against different sophisticated attacks even without the participation of the intrusion-detection switch.

Abstract: A system and method for secure processing is provided, wherein a monitor application is injected into a secure application binary within the security perimeter of a secure processor. The components of the monitor application are injected into different portions of the application binary utilizing a seed value. In this manner, the positioning of the monitor application in the application binary is altered each time the application binary is booted. After the monitor application is inserted into the application binary, the secure process is passed to the host processor for execution. During execution of the secure process, a system and method is provided for the monitor application to communicate, to the secure processor, attempts to tamper with or attack the secure process.

Abstract: A method is provided in one example embodiment and includes establishing a connection between a first client and a messaging fabric of a conductor element associated with a video system; receiving a request to perform a companion service with a second client; authenticating the first client via a client directory based on an identifier associated with the first client; receiving a pair message from the first client for the second client; and verifying whether the two clients can be paired in order to perform the companion service. Companion service commands can be authorized/policy checked and resulting commands on the second client may appear as-if they had been triggered locally.

Abstract: A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.

Abstract: There is provided a system and method for distributors to use an interoperable key chest. There is provided a method for use by a distributor to obtain content access authorizations from a key chest or central key repository (CKR), the method comprising receiving a user request from a user device for access to an encrypted content identified by a content identification, transmitting a key request to the CKR including the content identification, receiving an encrypted first key from the CKR, decrypting the encrypted first key using a second key to retrieve the first key, and providing a DRM license for the encrypted content to the user device using the first key for use by the user device to decrypt the encrypted content using the first key. By generating such DRM licenses, distributors can unlock protected content even sourced from distributors using different DRM schemas.

Abstract: A method of handling cryptographic information in a communication comprising body elements and attachment elements to a mobile device includes the steps of determining if the communication includes an attachment element comprising cryptographic information and converting the attachment element into a body element upon determining that the communication includes an attachment element comprising cryptographic information.

Abstract: A method, a system, and a computer program product embodying computer readable code for configuring a rule file for a Web application firewall. The method includes: blocking a response created by a Web application; modifying the response by adding capturing code for capturing a regular expression and an associated parameter value embedded in the response while being executed; sending the modified response to the browser; receiving a request submitted by the browser and at least one regular expression and an associated parameter value captured by the capturing code; determining a parameter name and a regular expression associated with the same parameter value, and configuring the rule file of the firewall by use of the determined parameter name and regular expression associated with one another as a filtering rule.

Abstract: Methods and systems related to the secure transmission of information within a vehicle's computing systems are presented. Transmitting a message within the secure computer system includes receiving a message that includes a remote encryption key from a module, validating the module, loading security metadata, then validating the security metadata using the remote encryption key. Thereafter, the valid destination modules are determined and the message is sent to them. Metadata labels may be securely attached to data using a local encryption key, in order to maintain the integrity of the data.

Abstract: A system and method for sending encrypted messages to a distribution list. In one embodiment, the method comprises: identifying a distribution list address in a message; determining one or more member addresses associated with the distribution list address; for each member address, determining if a public key for a member identified by the member address is available on the computing device; and if so, encrypting the message to the member; sending the encrypted message to the distribution list address only if each of the one or more member addresses associated with the distribution list identifies a member for which a public key is available on the computing device.

Abstract: This method of receiving a multimedia signal scrambled by means of a control word uses a first cryptographic entity that can be connected to any one of P second cryptographic entities to form part of a device for receiving the scrambled multimedia signal. Only second cryptographic entities of a group of N second cryptographic entities selected from a wider set of P second cryptographic entities use a session key obtained by diversifying a root key identical to the root key used to obtain the session key of the first cryptographic entity.

Abstract: Various embodiments of the present invention generally relate to trademark searching and notification systems. More specifically, various embodiments of the present invention relate to systems and methods for informing requesters about trademarks similar to a provided input. Some embodiments of the present invention provide for a proactive system in which users are notified of similar trademarks before using specific term(s) and users proceed after understanding which trademarks actually exist and what areas those trademarks actually entail, and possibly being notified of newly applied trademarks and modified trademarks at later times that are similar to the specific term(s) being used.

Abstract: A password authentication mechanism is capable of determining whether a password has expired without referring to a database or other information repository. Additional information can be encoded in the password without unduly lengthening the password, so that the additional information can be extracted from the password when the user provides the password for authentication purposes. Thus, the password serves as an information-carrying data item as well as acting as an authentication mechanism. Such a password can be used, for example, to provide time-limited access to a vehicle in response to receipt of timely payment, and to disable the vehicle if payment is not made.

Abstract: A method includes receiving, via a server, a User ID and Password from a client device, and generating a Secret PIN (SPIN). Values for a Partial Password and an encrypted version of the SPIN (ESPIN) are determined. The method includes challenging a user of the client device with a challenge that prompts the user to enter the Partial Password and an ESPIN. An Additional Factor, e.g., a One-Time Password from a Shared Secret, is locked using the SPIN. The Partial Password and challenge unlock the Additional Factor. The method includes authenticating the identity using the unlocked Additional Factor. A system includes a server in communication with a client device, and a non-transitory memory device on which is recorded process instructions for authenticating the identity of a user of the client device. The server executes the instructions to thereby authenticate the identity of the user using the unlocked Additional Factor.

Abstract: A method for providing authenticated access to an encrypted file system includes generating a first seed; providing a request for a key to a key server, the request including at least a first seed block having a first encryption, a message block having a second encryption, and an encryption encapsulation block having a third encryption, the encryption encapsulation block including information for decrypting the message block; at the key server, decrypting the encryption encapsulation block and using the information therein to decrypt the at least a first seed block and the message block; and authenticating the message if the first seed in the at least a first seed block matches a first predetermined seed.

Abstract: A message is signed using a PUF without having to exactly regenerate a cryptographic key. Another party that shares information about the PUF is able to verify the signature to a high degree of accuracy (i.e., high probability of rejection of a forged signature and a low probably of false rejection of a true signature). In some examples, the information shared by a recipient of a message signature includes a parametric model of operational characteristics of the PUF used to form the signature.

Abstract: A secure hash, such as a Hash-based Message Authentication Code (“HMAC”), is generated using a piece of secret information (e.g., a secret key) and a piece of public information specific to each escrow key (e.g., a certificate hash or public key). Using the secret key ensures that escrow key validation data can only be generated by knowing the secret key, which prevents an attacker from generating the appropriate escrow key validation data. Using the certificate hash as the public data ties each escrow key validation data to a particular certificate, thereby preventing the attacker from simply copying the validation data from another escrow key. Any escrow key that is found to be invalid may be removed from the file container and a system audit log may be generated so that a company, individual, or other entity can be aware of the possible attempt at a security breach.

Abstract: A method for securely altering a platform component is provided, comprising: assigning certificates for public encryption and signature verification keys for the device; assigning certificates for public encryption and signature verification keys for an upgrade server; mutually authenticating a device containing the platform component and the upgrade server; causing the device and the upgrade server to exchange a session key; and providing an alteration to be made to the platform component from the upgrade server to the device using the session key.

Abstract: Systems and methods are provided for securely providing a place-shifted media stream from a place shifting device to a remote player via a communications network. A request for a connection is received from the remote player at the place shifting device via the communications network. In response to the request for the connection, an authorization credential is requested from a central server via the communications network. Further, in response to the authorization credential received from the central server, the place-shifted media stream between the place shifting device and the remote player can be established over the communications network. At least a portion of the place-shifted media stream may be encrypted based upon the authorization credential.

Abstract: An apparatus stores first divided trust information which is one portion resulting from division of trust information generated by a transmission target apparatus that is a transmission target for data, receives a transmission request for the data from the target apparatus and receives second divided trust information which is the other portion resulting from division of the trust information of the target apparatus and verification information generated using information indicating a state of the target apparatus that made the request, recovers the trust information using the first divided trust information stored and the received second divided trust information, verifies trustworthiness of the target apparatus using the recovered trust information and the received verification information, transmits the data indicated by the request to the target apparatus when the verification of trustworthiness is successful.

Abstract: A computer-implemented method for transferring authentication credentials may include 1) identifying a request to receive an authentication credential that is stored on a first computing device onto a second computing device, 2) identifying an asymmetric key pair on the second computing device, 3) generating an identifier of the asymmetric key pair on the second computing device, 4) transmitting an encryption key of the asymmetric key pair and the identifier of the asymmetric key pair to a credential repository, 5) displaying the identifier of the asymmetric key pair to facilitate retrieval of the authentication credential from the credential repository based on the identifier, and 6) retrieving the authentication credential, encrypted with the encryption key of the asymmetric key pair, from the credential repository. Various other methods and systems are also disclosed.

Abstract: A method and apparatus for client authentication using a pseudo-random number generation system. The pseudo-random number generation utilizes a secret key as well as state information as input into the hash function to generate a pseudo-random number. The state information that is part of the input can be any number of prior generated pseudo-random numbers. The authentication allows for synchronization of the client and server by exchanging state information. The authentication is not dependent on any absolute time and consequently the client and servers are not required to maintain a reliable shared time base.

Abstract: An audible authentication of a wireless device for enrollment onto a secure wireless network includes an unauthorized wireless device that audibly emits a uniquely identifying secret code (e.g., a personal identification number (PIN)). In some implementations, the audible code is heard by the user and manually entered via a network-enrollment user interface. In other implementations, a network-authorizing device automatically picks up the audible code and verifies the code. If verified, the wireless device is enrolled onto the wireless network.

Abstract: A system is disclosed that can be used to monitor for an attempted intrusion of an access system. The system detects an access system event in the access system and determines whether the access system event is of a type that is being monitored. If the access system event is of a type that is being monitored, the system reports information about the access system event. This information can be used by a rules engine or other process to determine if the access system event was part of an attempted intrusion of the access system.

Abstract: A method for creating a group signature of a message to be implemented by a member of a group in a system, the system including a trust authority, the group including at least the member provided with a secure portable electronic entity including storage elements and computing elements wherein are implanted a cryptographic algorithm. The method includes the following steps: generating via the computing elements a signature of the message using a private key common to the members of the group and integrating a data identifying the group member and a temporal data representing a temporal information of the member's membership to the group and of the date of the signature of the message, the private key common to the members of the group, the identifying data and the temporal data being stored in the storage elements.

Abstract: A method includes receiving at a network application function a request related to a generic bootstrapping architecture key originated from a user equipment. The received request includes a network application function identifier that includes a uniform resource locator, where the network application function has a fully qualified domain name. The method further includes causing a generic bootstrapping architecture key to be generated for the user equipment based at least in part on the uniform resource locator that is part of the network application function identifier. Apparatus and computer programs for performing the method are also disclosed.

Abstract: An information processing device includes a processing unit which performs user authentication. The processing unit includes a setting part that determines setting of operation of a target device using the user authentication. An authentication information setting part determines user authentication information. A password generation part generates a one-time password partially or fully. A transmission part transmits the setting of operation of the target device and the one-time password to the target device.

Abstract: Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.

Abstract: Applications, systems and methods for securely and remotely operating a remote computer from a local computer over a network while providing seamless, firewall-compliant connectivity. Secure and remote operation includes authenticating at least one remote computer for connection to at least one computer over the network and/or at least one local computer for connection to at least one remote computer over the network; establishing a secure connection between the at least one local computer and the at least one remote computer over the network; and integrating a desktop of at least one remote computer on a display of at least one local computer. The connections may be made over a public network, as well as through multiple firewalls without loss of functionality.

Abstract: A projection display device that operates, in case that the second authentication information which is input does not match the first authentication information which is stored, operates in the second operation mode in which the projection display device projects in a state that an operation to change the environmental setting information is disabled to be received.

Abstract: A system and method for preventing e-mail spoofing, in which a receiving e-mail checking server system sends a message to a confirmation server associated with a network domain of the sending system of a received e-mail message, to determine if the sender transmitted the message. The e-mail checking server sends a confirmation request e-mail, including a transmission time or unique message “key” associated with the received e-mail, to the sending domain's confirmation server. When a confirmation request is received at the confirmation server, it replies with an indication whether the message was sent at the time indicated in the confirmation request, and/or whether the message key matches that of a previously transmitted message. The confirmation server checks whether the message was in fact sent based on stored values corresponding to the send time and/or message key stored for the confirmation request message. A message may further include indication that its origin can be confirmed.

Abstract: An information processing apparatus includes: a disk to store data; a transmitting and receiving unit to exchange information with a recovery apparatus over a network; an authentication processor to, when receiving a first authentication key from the recovery apparatus, perform an authentication process based on the first authentication key and a second authentication key; and a writing controller to write an image file to the disk upon the authentication performed by the authentication processor and issue a completion message to the recovery apparatus on completion of the writing.

Abstract: Verifying the integrity of a received binary object by calculating a first displayable authenticator derived from an input binary object. The first authenticator is then attached to the input binary object, producing a first composite binary object, which is sent to a remote receiver. A second composite binary object is received back from the remote receiver, wherein the second composite binary object includes a received binary object, a received first displayable authenticator, and a second displayable authenticator. A third displayable authenticator is calculated, derived from the second composite binary object, then a display of the first displayable authenticator is compared to a display of the third displayable authenticator, and verification of the integrity of the received binary object is indicated by an exact match between displays of the first and third displayable authenticators.

Abstract: When performing secure processing using confidential information that needs to be confidential, the secure processing device according to the present invention prevents the confidential information from being exposed by an unauthorized analysis such as a memory dump.

Abstract: Data is transmitted between a first user and a second user via an information technology communications network, in a method comprising the steps of: generating a first hash value for a selected one of the data items; digitally signing and encrypting the first hash value with a secret identifier associated with the first user; transmitting to a second user the encrypted first hash value; receiving and storing the transmitted encrypted first hash value for audit purposes and generating a second hash value for the received encrypted first hash value; encrypting the second hash value with a private identifier associated with a second user and a public identifier associated with the first user; and returning the encrypted second hash value to the first user.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser may split or share a data set into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting an original data set into portions of data that may be communicated using one or more communications paths. Secure workgroup communication is supported through the secure distribution and management of a workgroup key for use with the secure data parser.

Abstract: A mobile node and its home system generate synchronized time-based codes at periodic time intervals. Each time-based code is valid for a predetermined time period. To facilitate anonymous operation when roaming, the mobile node identifies itself with a coded identifier instead of a public identifier. The coded identifier used at a given time includes the time-based code that is valid for that given time. To authenticate the mobile node, a serving system receives authentication information from the mobile node and forwards the authentication information to a home system. The authentication information includes the current time-based code and a timestamp. The home system identifies the mobile node from the current time-based code and the timestamp. The home system then uses the authentication information to authenticate the mobile node.

Abstract: Systems, methods and apparatus for a distributed security that provides authentication and authorization management. The system can include a state manager that is used to identify and maintain the source associated with a client browser that submits requests to the state manager. The state manager can allow requests that are authorized and request authorization for requests that are not. The state manager can maintain the states associated with each domain to reduce the number of transaction needed to authenticate and/or authorize subsequent requests to the same domain or to different domains.

Abstract: Systems, devices and/or methods that facilitate mutual authentication for processor and memory pairing are presented. A processor and a suitably equipped memory can be provided with a shared secret to facilitate mutual authentication. In addition, the memory can be configured to verify that the system operating instructions have not been subjected to unauthorized alterations. System integrity can be ensured according to the disclosed subject matter by mutual authentication of the processor and memory and verification of the authenticity of system operating instructions at or near each system power up. As a result, the disclosed subject matter can facilitate relatively low complexity assurance of system integrity as a replacement or supplement to conventional techniques.

Abstract: A method and apparatus for real-time insertion of services into an IP telephony call session are disclosed. A client initiates a service request message to a second server. The service request message includes the client identity and a requested service available from a second server. The first server determines if the client is authorized to use the requested service. If the client is authorized to use the requested service, the second server delivers the requested service to the client.

Abstract: A system generates a randomized hash value and/or verifies data against a randomized hash value. A hashing circuit can respond to data by randomly selecting a hashing algorithm parameter among a defined set of different hashing algorithm parameters, and by applying a hashing algorithm that uses the selected hashing algorithm parameter to hash the received data to generate a randomized hash value. Another hashing circuit randomly selects a hashing algorithm among a defined set of different hashing algorithms, and applies the selected hashing algorithm to hash the received data to generate a randomized hash value. Another hashing circuit applies a hashing algorithm to hash received data to generate an intermediate hash value that occupies a defined memory space, and randomly selects a partial segment of the hash value from a segment of the defined memory space to generate a randomized hash value.

Abstract: A method includes receiving by an OpenID network device a user log in; logging in, by the OpenID network device, the user to an OpenID account; receiving, by the OpenID network device and from a third party service provider network device, a request to authenticate the user and a request to receive user data associated with the user; providing, by the OpenID network device, a user interface to an end device to allow the user to confirm his/her sign-in to the third party service provider network device and release of the user data; receiving, by the OpenID network device, a confirmation with regard to the user's sign-in to the third party service provider network device and release of the user data; and sending, by the OpenID network device and to the third party service provider network device, a message indicating that the user is authenticated and the user data.

Abstract: In the fields of data security and system reliability and qualification, this disclosure is of a method, system and apparatus for verifying or authenticating a device to a host using a zero-knowledge based authentication technique which includes a keyed message authentication code such as an HMAC or keyed cipher function and which operates on secret information shared between the host and the device. This is useful both for security purposes and also to make sure that a device such as a computer peripheral or accessory or component is qualified to be interoperable with the host.

Abstract: A method and system for pre-shared-key-based network access control are disclosed. The method includes the following steps: 1) security policy negotiation is implemented between a REQuester (REQ) and Authentication Access Controller (AAC); 2) identity authentication and uni-cast key negotiation are implemented between REQ and AAC; 3) a group-cast key is notified between REQ and AAC. Applying the method and system, rapid bidirectional authentication can be implemented between a user and network.

Abstract: According to one general aspect, a method may include acquiring a message. In some embodiments, the method may also include determining if a relay station (RS) is allowed to manipulate portions of the message. In some embodiments, the method may also include, if so, generating a message authentication code (MsgAC) based upon a MsgAC key (MsgACK) known to the RS. In some embodiments, the method may also include combining the message with the MsgAC. In some embodiments, the method may also include wirelessly transmitting the combined message to the RS.