Abstract: A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.

Abstract: A communication system uniquely identifying a communication partner within a predetermined coverage area and transmitting and receiving information in a predetermined protocol, includes a device and an information processing apparatus with one performing wireless communication with the other within the predetermined coverage area. The device includes a random number generating unit, a device secret key storage unit, a communication ID transmitting unit, and a device transmitting and receiving unit. The information processing apparatus includes an apparatus encryption unit, an apparatus secret key storage unit, a communication ID storage unit, a random number acquisition unit and an apparatus transmitting and receiving unit.

Abstract: Provided are a method for authenticating a user terminal in an interface server, and an interface server and a user terminal using the same. The method includes receiving authentication request information from an application service providing server in order to request the interface server to authenticate the user terminal receiving an application service provided from the application service providing server, authenticating the user terminal according to the authenticating request information using an authentication method selected by the interface server or a user of the user terminal, and transmitting authentication response information including an authentication result of performing the authentication method to the application service providing server. The interface server provides an interface for a network to the application service providing server.

Abstract: Described are a system and method for securing an online transaction. A request is output from an electronic device to a verification server to perform an online transaction. The verification server generates a challenge request. The challenge request is encrypted with a private key of a pair of cryptographic keys. The encrypted challenge request is decrypted with a public key of the pair of cryptographic keys. The decrypted challenge request and the challenge request generated by the verification server are compared. A verification result is generated in response to the comparison.

Abstract: A system of Wi-Fi terminals and a channel operation method for the same are provided. The method includes selecting a user function of a sending terminal including a Wi-Fi module, determining whether the selected user function is a Wi-Fi related function, performing, when the selected user function is the Wi-Fi related function, by the sending terminal, a search for a terminal capable of handling the user function, selecting, by the sending terminal, a found terminal as a receiving terminal, automatically establishing, by the sending terminal, a Wi-Fi channel to the receiving terminal by automatically sending a Probe Request message containing a Personal Identification Number (PIN) code, sending, by the sending terminal, data generated by the user function to the receiving terminal through the Wi-Fi channel, and outputting, by the receiving terminal, the received data.

Abstract: An automated retail terminal in which a plurality of goods and/or services are provided in an integrated system. The integrated system generally avoids duplicating hardware or functions in the course of delivering the goods or services offered, so for example in a combination ATM and Internet kiosk the same credit card or smart card reader is used for both the ATM and the Internet kiosk functions, the same control screen activates the ATM functions and the Internet functions, and etc.

Abstract: A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is configured to receive at least one data entry. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault. and transfers the data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault.

Abstract: A system controlling online access to a study course verifies the identity of an individual taking a study course over a global computer network from a first computer at a node of the network. The first computer has a biometric identification program and communicates over the network with a second computer that is at a network node other than a node of the first computer. The second computer includes study program material. The first computer operates a biometric reader, which obtains a first set of biometric data from the individual and a second set of biometric data from the individual while access is granted to course material. The biometric identification program compares the first set of data with the second set of data to make a verification of the identity of the individual and communicates the verification to the second computer.

Abstract: Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed.

Abstract: A method, a system, and a device for implementing device addition in a Wireless Fidelity (Wi-Fi) Device to Device (D2D) network are provided, which belong to the field of communication. The method includes: receiving, by a first D2D client device, a first add request message forwarded by a D2D master device, in which the first add request message carries an identifier of a new device to be added to the D2D network; receiving a first Personal Identification Number (PIN) code of the new device; and forwarding the received first PIN code to the D2D master device, in which the first PIN code of the new device is used for implementing that the D2D master device performs Wi-Fi Protected Setup (WPS) security configuration of the new device according to the first PIN code.

Abstract: An electronic lock box system includes a wireless portable transponder that communicates with an electronic lock box using a low power radio link. The portable transponder includes: a wide area network radio to communicate to a central clearinghouse computer, a motion sensor to activate its wide area network radio, and a connector to communicate with a secure memory device. The electronic lock box sends a hail message that is intercepted by the portable transponder; the hail message includes identification information. The portable transponder responds with a message that includes a time sensitive encryption key; the lock box authenticates this response message using its own time sensitive encryption key. If the messages are authenticated, the lock box sends an access event record to the portable transponder, and this access event record is stored in the secure memory device. If a wide area network is available, the portable transponder sends the access event record to the central clearinghouse computer.

Abstract: A communication session is established, via a wireless communication link, with a mobile communication device that is connected to a computer system. The mobile communication device is enumerated by the computer system as a locally attached mass storage device. An authentication executable file is sent to the mobile communication device. A response generated by the computer system executing the authentication executable file is received from the mobile communication device. Based on the response generated by the computer system executing the authentication executable file, access to a data file that is stored by a mass storage system via a network is granted.

Abstract: Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values.

Abstract: In at least one implementation a method includes receiving an identifier associated with a device, entering the identifier into a network controller device, inviting the device associated with the identifier to join a network, admitting the device associated with the identifier to the network, sending the device associated with the identifier a name of the network, and confirming that the device has joined the network as a device recognized by the network controller device.

Abstract: The present invention is designed to enable a secure device to authenticate a terminal application that operates on an information processing terminal and that accesses the secure device. An application issue request transmitter (301) of the information processing terminal (30) sends a request for issue of a terminal application to an application issuer (101). The application issuer (101) of an secure device (10) reads a terminal application (31) from an application storage (105) and embeds authentication information in the terminal application (31), associates an ID and the authentication information of the terminal application (31) and save them in an issue information storage (106), and sends the terminal application (31) to an application receiver (302) of the information processing terminal through an application transmitter (102). The application receiver (302) starts the terminal application (31).

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: A mobile communication terminal having a password notification function and a method for notifying a user of a password in the mobile communication terminal that allow the transmission of a stored password or a newly generated random password to a previously selected medium by entering a secondary password when an input password is not identical to the stored password. The method includes checking whether a password notification function is set; requesting input of a stored password, receiving an input password, and checking whether the input password is identical to the stored password. If the input password is not identical to the stored password, the method further includes requesting input of a stored secondary password, checking whether an input secondary password is identical to the stored secondary password, and sending a password if the input secondary password is identical to the stored secondary password.

Abstract: An authentication system, including a pattern module to provide a pattern, a function module to provide a one-way function having a plurality of input and output values, a function processor to find one of the input values for the one-way function such that a corresponding one of the output values has the pattern, a password module to provide the one input value as a password for use in password authentication against the one output value, the one output value being a check value having a length, a compression module to determine a storage value such that: the check value can be reconstructed from the storage value and the pattern, and the storage value has a length which is shorter than the length of the check value, and a storage module to store the storage value in a storage medium for later retrieval. Related apparatus and methods are also included.

Abstract: A named object view of a report is generated from an electronic data file. Objects in the file to be published are identified in the file. A named object view of the report associated with the file is generated by displaying published identified objects according to associated viewing rights. A viewer at a client is presented with the named object view of the report, according to the viewing rights, such that the viewer's attention is focused on the published objects.

Abstract: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.

Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.

Abstract: A CPU includes an address decoder that controls input of data from a JTAG I/F and output of data to the JTAG I/F, an authentication unit that performs predetermined authentication processing using an entered password and a predetermined key and, if the authentication is successful, output a predetermined authentication signal, and a selector that controls output of data to be outputted to JTAG I/F according to presence or absence of the predetermined authentication signal.

Abstract: A router based authentication system provides packet level authentication of incoming data packets and eliminates the risk of having data packets come in to the network whose source cannot be authenticated. In Router Based Authentication System (RBAS), a prior art router is adapted with an authentication function that works in conjunction with a security function in the client. Alternatively, a new router can be built that embeds an authentication function. The router based authentication function includes: (i) an ability to receive a telephone call and verify the caller by comparing with pre-stored caller id, (ii) generate a random alphanumeric code, deliver to the caller, and save in the system, (iii) reject all packets from the client that do not have a passkey embedded in the header of the packet.

Abstract: A plurality of subgroups of identifiers are identified including at least a first subgroup of identifiers and a second subgroup of identifiers within an identifier range. A first set of identifiers is selected in the first subgroup. The first set of identifiers in the first subgroup is compared with a second set of identifiers in the second subgroup and a first set of common identifiers is identified using metadata of the second set of identifiers. A third set of identifiers is generated by eliminating the first set of common identifiers from the first set of identifiers. The third set of identifiers is compared with a fourth set of identifiers in a repository of stored identifiers, to identify a second set of common identifiers. A fifth set of identifiers is generated by eliminating the second set of common identifiers from the third set of identifiers.

Abstract: A Wi-Fi router with an integrated configuration touch-screen, and method to use this integrated touch screen to provide enhanced security features. The Wi-Fi router, which has a wired or optical network interface, may be factory pre-configured with hard to anticipate passwords and encryption codes, thus making even its default Wi-Fi settings difficult to attack. Besides displaying interactive menus on the touch-screen, the router may also generate touch sensitive dynamic alphanumeric virtual keypads to enable administrators to interact with the device without the need of extra computers or software. Inexperienced administrators secure in the knowledge that they may access and change even difficult to remember security settings at any time through the built-in touch-screen controller and simplified user interface, are encouraged to set up secure Wi-Fi systems. The device may optionally include security software that, upon touch of a button, can provide new randomized or otherwise obfuscated router settings.

Abstract: A multifunction apparatus 21 of the present invention communicates with an information processing apparatus 51 via a communication network 50. The multifunction apparatus 21 includes an apparatus control section 7, a second web server section 8, and a web browser section 5 which communicates with a first web server section 53 or the second web server section 8. The apparatus control section 7 transmits login information entered by a user to an authentication server 91. The web browser section 5 (i) accepts, from the first web server section 53, control information for informing the second web server section 8 of a control instruction to obtain user related information from the authentication server 91 and (ii) carries out an informing process in which the second web server section 8 is informed of the control instruction. The apparatus control section 7 obtains the user related information from the authentication server 91 in accordance with the control instruction received by the second web server section 8.

Abstract: A system and algorithms to authenticate a person where a system only has some standard personal text data about the person, and cannot have a real biometric template obtained using an enrollment procedure. The authentication allows access to restricted resources by the person. This method is especially useful when it is used as an auxiliary authentication service with other methods such as password or Callback that dramatically lower the chances for an imposter.

Abstract: Password generation and extraction is described. In one aspect, a user inputs multiple characters, including a user password, variable characters, and multiple terminator characters. Locations of the terminator characters are identified and used to extract the user password from the multiple characters input by the user.

Abstract: A method and an apparatus for account and/or password output are disclosed. In the present invention, a hot-key corresponding to an account and/or a password is set in advance. By entering the hot-key, the related account and/or password is transferred and login automatically, thus the purpose of making login more conveniently is achieved. Besides, the present invention combines various input device to make the way of setting hot-key become more diversely, therefore security of password login is also enhanced.

Abstract: An automated retail terminal in which a plurality of goods and/or services are provided in an integrated system. The integrated system generally avoids duplicating hardware or functions in the course of delivering the goods or services offered, so for example in a combination ATM and Internet kiosk the same credit card or smart card reader is used for both the ATM and the Internet kiosk functions, the same control screen activates the ATM functions and the Internet functions, and etc.

Abstract: A mobile terminal includes a processor shifting a state between a first restricted state for restricting a key operation except for at least a code inputting operation, a second restricted state for restricting a key operation including at least said code inputting operation, and a unrestricted state for making a key operation unrestricted. The processor selects the unrestricted state when a code input by the code inputting operation in the first restricted state is a preset code. Furthermore, whether or not the number of executions of the code inputting operation in the first restricted state is above a threshold value is repetitively determined, and if the determination result is negative, the first restricted state is selected while if the determination result is affirmative, the second restricted state is selected. Then, a possibility of a key operator being a qualified person is repetitively determined, and as the possibility is high, the threshold value is made large.

Abstract: In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion.

Abstract: Systems and methods for authenticating a user of a service are disclosed. A Personal Identification Number (PIN) is generated using a plurality of variables, and a user is authenticated by comparing the PIN generated at the user's mobile device with a PIN generated on an authentication server. The authentication enables the user to access a service or resource hosted on a host server. When requesting access to the resource, the user generates a device PIN and transmits the device PIN along with their unique key into the host server. The host server forwards the device PIN and the key to the authentication server. The authentication server generates a server PIN and compares the server PIN to the device PIN. If the two PINS match, the authentication server transmits a successful authentication response to the host server.

Abstract: Provided personal information from a user may be determined, the provided personal information being associated with network publication thereof. A comparison of the provided personal information with password-related information may be performed. Based on the comparison, it may be determined that a risk level associated with the network publication relative to password security of at least one password associated with the password-related information exceeds a predetermined risk level. The user may be notified that the network publication of the provided personal information is associated with potential compromise of the password security of the at least one password.

Abstract: In one embodiment, a system and associated processes for transparent client-side cryptography are provided. In this system, some or all of a user's private data can be encrypted at a client device operated by the user. The client can transmit the encrypted user data to a content site that hosts a network application, such as a social networking application, financial application, or the like. The content site can store the private data in its encrypted form instead of the actual private data. When the content site receives a request for the private data from the user or optionally from other users (such as social networking friends), the server can send the encrypted user data to a client associated with the requesting user. This client, if operated by an authorized user, can decrypt the private data and present it to the authorized user.

Abstract: A system and method for permitting user access to a computer controlled device. A display device displays a group of items to the user. Some of the items are known to the user and some are unknown to the user. An input device receives user input from the user. The user input indicates the presence or absence of the known items within the group of items without specifically identifying which items are known and which items are unknown. A computer is programmed to automatically compare the user input to a predetermined answer. If the user input is correct an access device allows access. In one preferred embodiment the user input includes a count of the number of known items within the group of items. In another preferred embodiment the group of items includes subgroups. The user input includes an identification of which subgroup has the largest number of known items. In another preferred embodiment the group of items is displayed in a grid. The known items are displayed in a pattern within the grid.

Abstract: A display device is provided, and which includes a display panel; a gate and a source driving circuits, both coupled to the display panel, for driving the display panel; and a timing control circuit, coupled to the gate and the source driving circuits, for controlling the operations of the gate and the source driving circuits, wherein the timing control circuit comprises a personal identification circuit, and the personal identification circuit is used for receiving an input data; decoding a stored image to obtain decoded data; accumulating the decoded data to obtain an accumulated value; adding the accumulated value to the input data to obtain a compared value; setting the display device to operate normally and output images through the display panel when the compared value is identical to an initial value; and displaying a preset frame on the display panel when the compared value is different from the initial value.

Abstract: A method is provided for generating a human readable passcode to an authorized user including providing a control access datum and a PIN, and generating a unique machine identifier for the user machine. The method further includes modifying the controlled access datum, encrypting the controlled access datum using the PIN and/or a unique machine identifier to camouflage the datum, and generating a passcode using the camouflaged datum and the PIN and/or the unique machine identifier. A mobile user device may be used to execute the method in one embodiment. The passcode may be used to obtain transaction authorization and/or access to a secured system or secured data. The unique machine identifier may be defined by a machine effective speed calibration derived from information collected from and unique to the user machine.

Abstract: A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. The modified overlay image comprises a plurality of numbers. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned, in sequence, with two or more numbers from the overlay image that equal a pre-selected algebraic result when one or more algebraic operator is apply to the numbers.

Abstract: A system and method for using a host electronic computing device to prevent access to data in a preselected memory portion of an electronic computing device remote from the host electronic computing device. Each of the electronic computing devices is adapted for selective electronic communication with the other. The system and method comprises a first software program for the remote device, the first software program comprising a unique identifier, a current expiration time value, a comparator for comparing the current expiration time value against a time-based parameter of the remote device, and a security trigger. The system and method further comprises a second software program for the host device, where the second software program includes means for identifying the remote device, means for accessing an expiration time reset schedule, and means for resetting the current expiration time value.

Abstract: The authenticity of a website is determined using a unique string of characters known only to the user and the website on each page of the website that is displayed to the user, with a false site being incapable of displaying this unique string of characters, thereby putting the user on notice that the current site is not the authentic one the user desires to access. Voice methods for conveying one-time pass codes to users and for permitting customer institutions to select authentication rules are also disclosed.

Abstract: A method is provided for reducing a number of keys that a user is required to depress on a device having a keyboard with a limited number of keys when the user enters a password. The method comprising the following steps. A subset of characters used to define the password is determined. A filter to apply to the keyboard is determined in accordance with the determined subset of characters. The filter is applied when the user depresses the keys. Devices and computer readable medium for implementing the method are also provided.

Abstract: A method and system for controlling access of a user to a secondary system. A primary system sends a random string to a user system that is connected to the secondary system. The user is logged on the user system. The primary system receives from the user system first authentication information including an encryption of the random string by a private key of the user. The primary system generates a user-specific key consisting of the encryption of the random string. The primary system generates second authentication information from protected secondary authentication data stored in the primary system via application of the user-specific key to the protected secondary authentication data. The primary system provides the second authentication information to the secondary system to enable access of the user to the secondary system.

Abstract: In a method for managing use information of a measurement device, an operating interface of the device is locked before the device is operated. When a user starts to use the device, the method provides a login interface to verify whether the user is authorized to login the operating interface. If the user is authorized to login the operating interface, the operating interface is unlocked and the method records first information of starting to operate the device. After finishing the operation or when an elapsed time of the device not in use is greater than a predetermined time, the method controls the user to log out the operating interface, records second information of finishing the operation, and the operating interface is locked. The first information and the second information are saved in a text file.

Abstract: The present invention provides a method for preventing unauthorized access to the computer system, and more particularly, provides a method for preventing unauthorized access to the computer system by using the one-time password. The one-time password is produced by a one-time password generator, and decrypted and verified by the computer logon system, and is used to log on the computer system. The present invention increases the security of the computer system, and protects the computer system from unauthorized access and use in a cost-effective way.

Abstract: Described embodiments provide for authenticating a user request for access to at least a portion of an encrypted storage device. First, the request for access to at least a portion of the encrypted storage device is received. The request includes a plaintext password. A hash module generates a hashed version of the received plaintext password based on an authentication hash key. A hashed value of the generated plaintext password is retrieved from a key storage. A hash comparator compares the hashed version of the received plaintext password with the retrieved hashed value of the generated plaintext password. If the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, the user is authenticated for access to at least a portion of the encrypted storage device. Otherwise, the user is denied access to the encrypted storage device.

Abstract: According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.

Abstract: In a plural computer system executing a virtual computer, an exterior storage volume may receive unjustly multiple access, and contents of the volume may be destroyed. Provided are: a switch coupling a virtual computer and I/O, a virtual computer managing unit coupled to a computer and the switch, and a determination unit determining a login acceptance/rejection of a virtual computer and I/O. The virtual computer possesses a virtual HBA, and upon receiving a login inquiry to the I/O from a certain virtual computer, a determination unit compares an identifier allocated to the certain virtual computer with an identifier allocated to another virtual computer to be executed on a physical computer different from the physical computer on which the certain virtual computer is executed, and determines login acceptance/rejection. Accordingly, an access control to the I/O is performed.

Abstract: Apparatus and method for managing password information associated with a service account are disclosed. In some embodiments, a service account management system is configured to include a security account utility and a password information data store. In some embodiments, a security account utility is used when registering, tracking, and adjusting password change information. In some embodiments, notification of a password change date is transmitted to a service account owner and a security auditor for enforcement. Use of a security account management system with a middleware application is also disclosed.

Abstract: A domain key is securely distributed from a device in an existing network to a device outside the network. Each device generates the session key on its own using the first random number, the second random number, the Personal Identification Number, and the same key generation function. The device in the existing network sends the domain key encrypted with the session key to the other device.