Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for dynamic mode switching and management of communications between devices. Example methods include receiving a first event from a first application on a first device, determining a first application identifier of the first application, and determining that the first device is in a communal mode. Example methods may include determining a communal mode profile for the first device, where the communal mode profile is associated with a first user account identifier that is associated with the first device, determining a set of user account identifiers associated with an accessory device identifier of the accessory device, and associating the set of user account identifiers and the accessory device identifier with the communal mode profile. Example methods may include receiving an indication of a second event, and disassociating the set of user account identifiers from the communal mode profile.

Abstract: In some embodiments a wagering game system comprises a personal area network device configured to render media content including results of a wagering game. The system can include a wagering game machine configured to determine and provide the wagering game results to the personal area network device. The wagering game machine can include a personal area network device transceiver configured to exchange data with the personal area network device, the data including the wagering game results, and a personal area network controller configured to detect the personal area network device, to procure an identification code for the personal area network device without player input, and to authenticate the personal area network device by use of the identification code. The system can also include a repository configured to store the identification code in association with a player identifier and to provide the identification code to the wagering game machine upon request.

Abstract: Systems and methods for biometric subscriber account authentication are described. When a subscriber initially accesses subscriber account data maintained by the communication network, a first non-biometric authentication protocol is used. The subscriber may then be invited to set up biometric authentication, which includes generating a private key/public key pair. Subsequently, biometric authentication is performed at the user device to unlock the private key/public key pair, which is then used to support authentication of the subscriber to the communication network using a second authentication protocol.

Abstract: This invention is a method and system for tokenless biometric authorization of an electronic communication, using a biometric sample, a master electronic identicator, and a public communications network, wherein the method includes: an electronic communication formation step, wherein at least one communication comprising electronic data is formed; a user registration step, wherein a user electronically submits a registration biometric sample taken directly from the person of the user; a public network data transmittal step, wherein the registration biometric sample is electronically transmitted to a master electronic identicator via a public communications network, said master electronic identicator comprising a computer database which electronically stores all of the registration biometric samples from all of the registered users; a user registration biometric storage step, wherein the registration biometric sample is electronically stored within the master electronic identicator; a bid biometric transmittal

Abstract: The method disclosed herein provides for performing device authentication based on the of proximity to another device, such as a key device. When a key device is not near a mobile communications device, an unlock screen is allowed to be presented on a display screen. Based on the mobile communications device receiving a first code to unlock the mobile communications device, the mobile communications device is unlocked in a first mode. Based on receiving a second code while the unlocked mobile communications device is in the first mode, the unlocked mobile communications device changes from the first mode to a second mode, wherein a level of functionality of the mobile communications device in the second mode is greater than a level of functionality of the mobile communications device in the first mode.

Abstract: A password is secured using a first key. At least one of a password record, a username record, and as domain name record is created. The at least one password record, username record, and domain name record are associated. The associated records are encrypted using a second key, where the second key is different from the first key. A credentials record is created based on the encrypted associated records.

Abstract: A network of electronic appliances includes a plurality of network units of electronic appliances. The network units include a first network unit and a plurality of second network units. The first network unit is connected to at least one of the second network units. Each of the network units includes a stem server and a plurality of peripheral devices connected to the stem server. The stem server includes at least one passcode and at least one list of a plurality of registration codes. Each list is associated to a respective passcode. Each registration code of one list associating to one passcode corresponds to a respective peripheral device. Each registration code is generated in response to a respective passcode using physical randomness of a respective peripheral device in correspondence to the passcode. An address of each identification cell is defined by several word lines and bit lines.

Abstract: A method is described for operating a computer system comprising a computer and a display unit, wherein a reference pattern is formed based on input value fed into the computer, wherein image signals for the display unit are generated based on the input value, wherein the image signals fed to the display unit are detected, wherein the detected image signals are subjected to a pattern recognition to provide a recognized pattern, and wherein the recognized pattern is compared with the reference pattern.

Abstract: Systems and methods provide for clickjacking prevention code provided in an embedded webpage to prevent clickjacking when the embedded webpage is called by an embedding webpage determined to be illegitimate. When the embedded webpage is loaded on a user device, the clickjacking prevention code is executed and initially prevents content of the embedded webpage from being rendered. Additionally, the clickjacking prevention code sends a message containing a secret to a known domain that provides legitimate embedding webpages. When the embedding webpage sends a message to the embedded webpage, the message is checked to see if it contains the secret. If the message contains the secret, the embedding webpage is legitimate since it originated from the known domain, and the content of the embedded webpage is rendered. Alternatively, if the message does not contain the secret, the content of the webpage is not rendered.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: Disclosed is a user authentication method including at least: (1) performing a primary conversion to generate a first common authentication key and performing a secondary conversion to provide an encrypted first common authentication key, and registering the encrypted first common authentication key; (2) generating a first server authentication key, and performing an OTP operation on the first server authentication key to generate first server authentication information; (3) performing a primary conversion to generate a second common authentication key, performing a secondary conversion to generate an encrypted second common authentication key, generating a first user authentication key, and performing an OTP operation on the first user authentication key to generate first user authentication information; and (4) performing a user authentication or an authentication of the authentication server for determining a genuineness of the authentication server, based on coincidence of the first server authentication

Abstract: A method for aiding a user in recalling and generating a password. Many times it is easier for a user to remember a place, phrase, person, or other piece of information based on a certain context. The present invention allows for generating a password based on contextual information provided by the user. By providing a context type and a pass phrase, a secure password can be generated. The invention also provides a mechanism for “fuzzy matching”, in which a user only needs to provide a password that is close enough to a stored password to gain access to a website or service. The context type and pass phrase can be used to create a list of passwords (the list being limited to a certain number of entries), each matched against a database of passwords to validate entry.

Abstract: Automatic parameter value generation is disclosed. It is determined that a parameter value generation trigger associated with a parameter has occurred. A parameter value in accordance with a format of the parameter value is obtained. At least one location associated with a first component to which the parameter value is to be communicated is determined. The parameter value is communicated to the at least one location, and a parameter value refresh policy associated with the first component is determined.

Abstract: Unique customer identification and behavior is linked between either concurrent or sequential channels of engagement. Unique identifiers are created, captured, and/or passed between these multiple contact channels, e.g. Web, mobile, IVR, phone, automotive, television, to identify and tag the customer and their context, e.g. history, pass behavior, steps progressed, obstacles and/or issues encountered, etc., uniquely.

Abstract: To improve the convenience of a user and further provide service comfortable and safe for the user. A PK storing PMD as personal related information of a user communicates with a service system. When first using the service system, the PK stores the service ID of the service system and a spoofing preventing method. When the PK communicates with the service system for a second time and thereafter, a spoofing preventing process is mutually performed, and then the PMD is provided to the service system. The service system reads or changes the PMD on the basis of access permission information set in advance by the user. The present disclosure is applicable to PDAs.

Abstract: A non-transitory computer-readable medium storing instructions readable by a mobile terminal including a memory, an input interface, a first communication interface and a second communication interface, the instructions causing the mobile terminal to perform processes comprising: a storage processing of storing workflow information including device identification information and action identification information; a specifying processing of specifying the image processing apparatus, as a designated device; an information reception processing of receiving connection information from the designated device through the first communication interface; an extraction processing of extracting the workflow information coinciding with a first condition, among the workflow information; and an execution instruction processing of transmitting execution instruction information to the designated device through the second communication interface by using the connection information, wherein the execution instruction information

Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.

Abstract: A method for secure transactions on a mobile handset or tablet equipped with a touch screen controlled by a secure processor such as a master secure element or Trusted Execution Environment having gesture recognition capabilities. Since the touch screen is fully controlled by the secure processor, the user can securely enter the transaction amount using gestures to validate the transaction.

Abstract: An information processing apparatus which allows execution of NFC touch-to-print printing on condition that user authentication is successful, thus preventing NFC touch-to-print printing from being performed by every user. The information processing apparatus is equipped with an NFC (near-field communication) unit which has a memory. When authentication of a user is successful, connecting information for an external device to connect to the information processing apparatus is written into the memory.

Abstract: In one embodiment, a first computing device receives an access token from a second computing device, the access token being generated by the second computing device for a specific software application executing on a specific computing device; stores the access token; receives a request for the access token from a software application executing on a third computing device; verifies whether the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated; and sends the access token to the third computing device only when the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: Systems and methods for providing multi-factor authentication are discloses herein. A method for multi-factor authentication may include a step for receiving an authentication window request from an electronic device. The authentication window request may be configured to identify a user. The method may further include enabling an authentication window responsive, at least in part, to receipt of the authentication window request. The method may further include receiving a login verification request from an application server. The method may further include providing a response to the application server responsive, at least in part, to receiving the login verification request. The response may indicate whether the user may be selectively authenticated.

Abstract: A payment handling system may operate to handle payments for the cost of an open ticket transaction in which incremental authorization operations are performed. The payment handling system may receive items to add to the open ticket, payment instruments for paying the cost of the open ticket or adjustments to any bill splitting arrangement throughout the life of the open ticket. As items are added, payment instruments are received, and/or adjustments are input, the amount allocated to the one or more payments instruments may be updated. Incremental authorization values may be determined for some or all of the payment instruments. When the amount allocated to a payment instrument exceeds the incremental authorization value, an authorization of the instrument is attempted and a new authorization value is determined. At the end of the interaction, the open ticket is closed and payment is executed.

Abstract: A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS).

Abstract: Client devices with wireless functionality, but without wide area network or cellular network functionality, can obtain network access via a host device, where the host device has network access. Such network access can be obtained when a client device of a user is in local range of a host device, e.g., of a different user. An indication of a relative movement between the client device and a host device can be used to establish a network sharing connection.

Abstract: Systems, devices and methods for managing charging and power status for portable devices are disclosed. The systems, devices and methods of the present invention comprise determining existing battery level and charge status of a device, comparing the battery level and charge status with predicted battery usage of tasks associated with calendar events scheduled to take place before the next charge, and transmitting an alert to one or more devices when a threshold likelihood that the battery level will not be sufficient for the predicted battery usage is exceeded. The present invention advantageously displays available power based on time available for certain tasks, and manages device power and resources by modifying and/or transferring tasks from a device having a battery level below a threshold level to one or more other devices with a higher battery levels.

Abstract: According to one embodiment, a method for access configuration in a wireless network includes acquiring authentication information of a digital device and information needed to access an Access Point (AP) of the digital device, from a Radio Frequency IDentifier (RFID) tag, and accessing the AP.

Abstract: A method and apparatus for conducting a secure transaction involving generation of a dynamic authentication code on a mobile device, based on secret data which does not identify an account. The authentication code and financial account identifying information are transmitted to a validating entity, which shares information about the secret data, to authorize the transaction.

Abstract: A wearable device (“WD”) stores a token after its wearer completes a successful strong authentication on a primary protected device (“primary PD”). Other protected devices (“secondary PDs”) recognize the stored token as representing a strong authentication and grant the user access while the user continues to wear the WD within a “digital leash-length” proximity. The WD constantly monitors whether the user continues to wear the device. Upon sensing that the user has removed the WD, the WD deletes, disables, or invalidates the token, The user must then repeat the strong authentication to gain further access to the protected devices.

Abstract: A non-transitory computer-readable medium storing instructions readable by a mobile terminal including a memory, an input interface, a first communication interface and a second communication interface, the instructions causing the mobile terminal to perform processes comprising: a storage processing of storing workflow information including device identification information and action identification information; a specifying processing of specifying the image processing apparatus, as a designated device; an information reception processing of receiving connection information from the designated device through the first communication interface; an extraction processing of extracting the workflow information coinciding with a first condition, among the workflow information; and an execution instruction processing of transmitting execution instruction information to the designated device through the second communication interface by using the connection information, wherein the execution instruction information

Abstract: A system and method for facilitating users to obfuscate user credentials in credential responses for user authentication are disclosed. A string sequence may be presented to a user for prompting the user to input credential characters sequentially but not continuously. The string sequence may comprise a set of prompt strings containing a prompt character sequence associated with the user and a set of noise strings that do not contain the prompt character sequence. The individual prompt strings in the set of prompt strings may be composed by obfuscating the prompt sequence among noise characters. A user credential response may be received and a user provided credential may be extracted from the received user credential for user authentication.

Abstract: A method for maintaining a prepaid payment system comprises a user account that can be utilized to complete a purchase transaction with a merchant. A delayed processing window is introduced between a time when the merchant receives a payment approval notification from the payment system and a time when the payment system transmits a payment request to an issuer of a funding account associated with the user's payment system account. The payment system utilizes a user's stored value account maintained by the payment system to satisfy the requirements of a prepaid program, and therefore processes the payment request received from the merchant and transmits the payment approval notification without obtaining prior authorization from the issuer of the funding account. The payment system submits one or more payment requests for the funding transaction at a time after the completion of the purchase transaction between the user and the merchant.

Abstract: An electronic book distribution system includes electronic devices that reset their passcodes after specified authentication failures. The passcodes of an individual electronic device is reset to a value that is generated using a predefined function of a randomly generated support code. The support code is displayed to the user, and the user is instructed to contact a support service in order to obtain the new passcode. The support service independently authenticates the user, calculates the new device passcode using the same predefined function used by the electronic device, and provides the new passcode to the user.

Abstract: Aspects of the subject matter described herein relate to a simplified login for mobile devices. In aspects, on a first logon, a mobile device asks a user to enter credentials and a PIN. The credentials and PIN are sent to a server which validates user credentials. If the user credentials are valid, the server encrypts data that includes at least the user credentials and the PIN and sends the encrypted data to the mobile device. In subsequent logons, the user may logon using only the PIN. During login, the mobile device sends the PIN in conjunction with the encrypted data. The server can then decrypt the data and compare the received PIN with the decrypted PIN. If the PINs are equal, the server may grant access to a resource according to the credentials.

Abstract: The present disclosure provides methods and apparatuses for loading program data on to an unpowered electronic device, such as an RFID tag that includes volatile memory. Initially, the tag is unpowered. Thus, the volatile memory in the tag will not have any stored data. In order to load data into the memory of the tag, a reader can power the tag wirelessly. The reader includes an antenna configured to transmit electromagnetic radiation and receive backscatter electromagnetic radiation. The reader also includes a processing unit. The processing unit is configured to analyze the backscatter electromagnetic radiation. The processing unit may analyze the backscatter radiation to determine a supply voltage induced in the tag. In response to the induced voltage being greater than a threshold, the processing unit may alter the transmitted electromagnetic radiation to communicate tag data.

Abstract: An extranet includes a network which couples a plurality of non-related participants and a server coupled to the network. The server stores a plurality of applications including workgroup applicants, transaction applications, security applications and transport circuits and equipment. The server is programmed to load particular ones of the plurality of applications onto the network for use by the plurality of participants in response to a request by one of the participants for a particular application.

Abstract: Embodiments of the invention relate to methods of generating and using an image-based derived key. In various embodiments, the image-based derived key may be used to facilitate user authentication and data encryption. For some embodiments, a method is disclosed comprising determining an image-based derived key, wherein the image-based derived key is generated from a selection of authentication images chosen by a user, encrypting data using the image-based derived key, and transmitting the encrypted data.

Abstract: Generating a seed and/or a key from live biometric indicia, such that all the information necessary for generating the seed and/or the key is not stored, is provided. A method comprises receiving and enrolling a biometric template from a user; assigning an optimization value to the enrolled biometric template; encrypting an item of test data using the optimization value, such that the optimization value is an encryption seed; storing the encrypted item of test data on the storage medium; destroying the encryption seed after encrypting the item of test data; receiving a live biometric template; comparing the templates and determining an interval based on a probability that the templates are specific to the same user; iteratively testing values within the interval to identify the value in the interval for decrypting the encrypted item of test data; and generating the key using the seed.

Abstract: Methods and systems, related to a biometrically secured user input device for conducting a transaction are described. The user input device may comprise a biometric authentication device. At the biometrically secured user input device, a biometric sample may be received from a user. The biometrically secured user input device may transmit the biometric sample, provided by the user, to a host computer system. The host computer system may compare the biometric sample provided by the user to another biometric sample. Handwriting data from the user may then be received by the user input device. The handwriting data may be transmitted to a computer system by the user input device. Transaction data based on the handwriting data may be transmitted from the computer system to a host computer system. The financial transaction may be conducted using the transaction data transmitted to the host computer system from the computer system.

Abstract: A virtual universe system has a system and method for identifying spam avatars based upon the avatar's behavior characteristics through the use of Turing tests. The system may provide a Turing test unit for performing Turing tests and an analysis unit that compares the behavior characteristics of new or newly changed avatars against the behavior characteristics of known spam avatars to determine if the avatar has known spam avatar characteristics. It may further have a scoring system to calculate a spam score based upon similarities of the comparison and identifying the avatar as a spam avatar based upon the calculated spam score. It may further compare the calculated spam score with a spam score threshold wherein the avatar is identified as a spam avatar if the calculated spam score is equal to or greater than the calculated spam score.

Abstract: A system and method in a virtual universe (VU) system for identifying spam avatars based upon the avatars' multimedia characteristics may have a table that stores multimedia characteristics of known spam avatars. It further may have an analysis unit that compares the multimedia characteristics of avatars against the multimedia characteristics of known spam avatars to determine if the avatar has known spam avatar characteristics. It may further have a scoring system to calculate a spam score based upon the similarities of the comparison and identifying the avatar as a spam avatar based upon the calculated spam score. It may further compare the calculated spam score with a spam score threshold wherein the avatar is identified as a spam avatar if the calculated spam score is equal to or greater than the calculated spam score. Multimedia characteristics include graphics, audio, movement, interactivity, voice, etc.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: A password creating device and method is provided. In this method, two keyboard layouts are employed. Each key location of each layout is mapped onto an information unit comprising a plurality of information elements. The information units are different from each other among a specific layout. The two keyboard layouts are displayed, and two series of key location selections based on the respective keyboard layouts are received to obtain two information unit sequences. The two series of information units are compared with each other in accordance with the order of occurrence of each information element, an information element shared by two corresponding information units associated with a same key location is taken as an information element selected by the user as part of his password, and a password is created by joining all of the shared information elements together in sequence.

Abstract: The invention is directed towards methods, systems and apparatuses, see FIG. 1, (100) for providing secure and private interactions. The invention provides capability for verifying the identity of a party initiating an electronic interaction with another party through data input module (140) which is verified by the identity verification module (150), which further includes a self-destruct mechanism (153). Embodiments of the invention include secure methods for conducting transactions and for limiting the transfer and distribution of personal data to only those data that are absolutely necessary for the completion of the transactions. The invention facilitates the transfer of additional personal data contingent upon an agreement that appropriately compensates the provider of the personal data.

Abstract: A device, information processing system, and control method that perform authentication to determine whether a user is an authorized user, permit both an authentication-type application program that performs user authentication and a non-authentication-type application program that does not perform user authentication to access an authentication device when an authentication result indicates that the user is an authorized user, and permit each application program to access the authentication device when an authentication result indicates that the user is an authorized user for the each application program.

Abstract: Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; identifying a user identity associated with the secure request; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting and/or blocking the secure request based at least in part on determining that the secure request is directed to the domain name and based at least in part on the user identity associated with the secure request.

Abstract: Methods for enabling pattern-based user authentication are described. During a registration phase for establishing user credentials, an end user of a computing device may select a matrix size for a matrix and select a shape of a shape size. The matrix of the matrix size may then be displayed and the shape of the shape size may be displayed such that the shape appears to overlay the matrix. The end user may move the shape over the matrix and as the shape is moved, the symbols of the matrix may be updated such that symbols arranged inside the boundary of the shape are not repeated, while one or more symbols arranged outside of the boundary of the shape are repeated. The order of symbols selected by the end user inside the boundary of the shape may be used to determine a pattern-based password.

Abstract: A method for preventing unauthorized access to and/or modification of a page of a device and/or system according to one embodiment includes presenting a question via a graphical user interface; receiving a response to the question; allowing access to and/or modification of the page when the response to the question includes the answer; and not allowing access to and/or modification of the page when the response to the question does not include the answer. An answer to the question includes a characteristic of the device and/or system.

Abstract: A method of secured passcode entry is disclosed. The method, in one embodiment, includes: receiving a request to authenticate a user; in response to receiving the request, generating a passcode entry interface that includes a plurality of buttons for the user to compose a passcode entry, each button representing a character of a set of characters, the set of characters having a natural sequence, wherein said generating includes displaying the buttons on a touchscreen of the electronic device in an arrangement that does not reflect the natural sequence of the set of characters; detecting a touch event, represented as a coordinate on the touchscreen, interacting with the touchscreen while the passcode entry interface is displayed, wherein the touch event is indicative of at least a portion of a passcode entry by the user; and verifying an authenticity of the passcode entry based at least partly on the touch event.

Abstract: We propose a method that uses formatting options of Font, Font Size, Font Color, Shading, Font Style, Font Effects, Font Underline, Character Effects, Picture coloring, as a part of user passwords, credentials, electronic signature, challenge for user authentication and captcha verification. User personalizes user name and or password or text by choosing combination of proposed factors for each character or word in password. Method includes optional time range where user would have different password and factor combinations for each time range. We also propose a method to use these factors for multi-factor authentication where user is required to format given text as per remotely sent instructions. We propose variation of proposed method that would send text and the instruction to format it using different factors through separate communication channels. For user verification, our method asks user to format the given text or given picture as instructed using different formatting options.