Abstract: Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network and configured to: receive, from a sub domain registration settings control panel displayed on a client computer, rule or prerequisites required for a sub domain registrant to register a sub domain, and store these rules or prerequisites in a database. The server(s) may then receive: a sub domain registration request, an IP address directing HTTP requests to the sub domain; and an authentication verifying that the prerequisite has been fulfilled. If authenticated, the server(s) may automatically insert the IP address into an A record or NS record in a zone file for the domain.

Abstract: A keyboard includes a plurality of keys, a plurality of keyboard components coupled to the keys, and one-time password (OTP) generation hardware integrated with at least some of the keyboard components, where actuating at least one of the keys causes a one-time password to be generated. The OTP generation hardware may be actuated with a dedicated button on the keyboard, by pressing a button on the keyboard that is otherwise used for pairing the keyboard to a device, or by pressing a specific sequence of keys on the keyboard. The keyboard may maintain state information to cause input by the user for OTP generation to be provide to the OTP generation hardware instead of to a device paired with the keyboard. The keyboard may also include a display that is part of the keyboard, where the display shows the one-time password generated by the OTP hardware.

Abstract: An extensible servicing hosting platform is provided that supports the design, build and concurrent deployment of multiple web accessible services on a services hosting platform. The services hosting platform comprises a services hosting framework capable of hosting multiple service applications, each of which may be shared by multiple tenants that each customize their use of a particular application service by extending the application service to exploit run time platform services within a service execution pipeline. The services hosting framework may easily be leveraged by applications to decrease the time associated with developing, deploying and maintaining high quality services in a cost effective manner.

Abstract: A method includes sending a message to a mobile device via a first network, the message including set-up information related to a communication session. The method may further include establishing a wireless peer-to-peer communication session with the mobile device via a second network in response to a selection of a selectable link at the mobile device, the selectable link based on the set-up information.

Abstract: An information processing system includes at least one information processing terminal and a first information processing apparatus. When an instruction for selecting a user authentication mode, which is received, from a user, by a user interface of the information processing terminal, selects a second user authentication mode, circuitry of the first information processing apparatus determines whether a sum of charges for services used by the user while logging in the information processing terminal via the second user authentication mode after a most recent login via a first user authentication mode exceeds a predetermined amount, and generates an authentication result indicating that the user is not the authenticated user.

Abstract: Various aspects of a method and system for digital rights management of encrypted digital content are disclosed herein. The method includes determination of a seed value from a pre-stored vault file that corresponds to a registered user. The determination of the seed value is based on biometric information provided by the registered user. The method further includes generation of a set of intermediate values based on the determined seed value. The generation of the set of intermediate values is based on a pre-determined rule. The method further includes determination of a content key based on the generated set of intermediate values.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: Provided are an encryption processing method and device for an application, and a terminal. In the method, a first application to be encrypted is acquired, wherein the first application to be encrypted is selected by a user of the terminal; the user is prompted to input first information; a first key is generated according to the first information; the first application is encrypted by using the first key and the first key is stored in the first application. The technical solution can encrypt an application.

Abstract: A portable hardware device such as a USB memory stick is used to provide parental locking functionality to a computer. When the device is coupled to the computer, the computer is unlocked and allowed to operate normally. When the device is not coupled to the computer, the computer is locked, and some or all of the computing functionality is blocked. This enables parents to lock and unlock a child's computer with a “key.” A detecting module detects the coupling and uncoupling of devices to the computer. When a device is coupled to the computer, an identifying module identifies the device by reading its unique identifier, and determining whether the coupled device is the one being used as the key. If so, the computer is unlocked, and allowed to operate. If not, a blocking module blocks at least some capabilities of the computer.

Abstract: In embodiments disclosed herein disclose methods and systems for providing a multitenant facsimile server. The computer instructions may be executable to maintain a set of entity information, wherein the entity information defines a plurality of tenants, and maintain a database configured to store transmitted and received fax documents corresponding to a plurality of tenants. The computer instructions may be further executable to receive a facsimile document at the fax server, wherein the facsimile document comprises one of a document to be transmitted or a received fax. The computer instructions may be further executable to identify a tenant associated with the document based on an identifier. Further, the computer instructions may be executable to store the document in the database, wherein the document is associated with the tenant in the database.

Abstract: The invention is a method and apparatus for managing the secure acquisition, storage and disclosure of confidential information, to facilitate identity rights management; and/or preemptively authorized data querying techniques to preserve the anonymity of disclosed personal data.

Abstract: A method of providing an additional safety mechanism comprising enabling a setting up of a transaction using a mobile device, between a recipient and a provider, the transaction to be completed face-to-face, providing a wearable device, capable of connecting to the mobile device of the recipient and the mobile device of the provider, the wearable device used to identify an owner of the wearable device as the indicated provider. The method further comprising using the connection between the wearable device and the recipient mobile device to provide an authentication of the recipient to the provider.

Abstract: The present disclosure relates generally to secure data management techniques. Techniques are described for pairing devices and using the pairing information for granting or denying requests (e.g., data exchange requests) from the devices, for example, in a cloud environment, including Internet of Things (IoT) cloud. Devices can be paired with each other according to their identification information. Subsequently, when an original request is received from a first device, and a chasing request received from a second device, the pre-registered pairing information is used to determine whether the first and second devices form a valid pair and the original request is granted or denied based upon that determination. For example, the request may be granted only if it is determined that the first device and the second device have been previously paired.

Abstract: Aspects of a method and system for multi-level security initialization and configuration are provided. A security system may comprise a security processor, a host processor, and at least one security component, such as a descrambler. The security processor may enable a security component based on information stored within a non-volatile memory integrated within the security processor. The host processor may enable generation of at least one configuration command communicated to the security processor for configuring the enabled security component. The configuration command may correspond to a security control operational mode for the security component that may indicate, for example, activation or deactivation of the security component. The security processor may authenticate a digital signature in the configuration command. Initialization and configuration may be performed during a system boot sequence of the security system.

Abstract: An authentication system comprises a host computer; and a non-volatile memory that includes a memory cell array including a plurality of memory cells are arranged in array, the plurality of memory cells including: a memory cell in a variable state, in which a resistance value reversibly changes between a plurality of changeable resistance value ranges in accordance with an electric signal applied; and a memory cell in an initial state which does not change to the variable state unless a forming stress for changing the memory cell in the initial state to the variable state is applied thereto, a resistance value of the memory cell in the initial state being within an initial resistance value range which does not overlap with the plurality of changeable resistance value ranges, wherein in the memory cell array, data including first authentication data is stored on the basis of whether each of the plurality of memory cells is in the initial state or the variable state, wherein at least one of the host computer an

Abstract: Techniques are described for logically isolating data I/O requests from different operating systems (OSes) for a same multi-tenant storage system (MTSS). Techniques provide for OSes and the MTSS to obtain security tokens associated with the OSes. In an embodiment, an OS uses a security token to generate an authentication token based on the contents of a data input/output (I/O) request and sends the authentication token to the MTSS along with the data I/O request. When an MTSS receives such data I/O request, MTSS retrieves its own copy of the security token associated with the OS and generates its own authentication token based on the contents of the received data I/O request. If the authentication token generated by the MTSS matches the authentication token generated by the OS, then the data I/O request is successfully authenticated. Otherwise, if the authorization tokens fail to match, then the data I/O request has been compromised.

Abstract: Multiple factor authentication in an identity certificate service is disclosed. A certificate including a cryptographically-obscured identifier associated with the end entity is sent from an end entity to a service node. The service node uses both the certificate and the identifier to authenticate the end entity at least in part by comparing the identifier to a reference identifier. A service associated with the service node is accessed based at least in part on the authentication.

Abstract: In a networked environment, a client side application executed on a client device may transmit a request to an authorization service for access to a resource. The authorization service may authenticate the user of client device and/or the client device based on user credentials and/or a device identifier. In response to authenticating the user and/or the client device, the authorization service may send to the client side application a request for confirmation that the client device complies with a distribution rule associated with the resource, where the distribution rule requires a specific application or specific type of application to be installed, enabled and/or executing on the client device as a prerequisite to accessing the resource. If the client device complies with the distribution rule, the client side application accesses the resource. Accessing the resource may include receiving an authorization credential required for access to the resource.

Abstract: In an resource-on-demand environment, dynamically created server instances are allowed to boot from encrypted boot volumes. Access keys to the boot volumes are provided from a key provider that authenticates new instances based on possession of a security token that has been previously shared between the key provider and the new instance through an out-of-band communication.

Abstract: A system comprising at least one power device is provided. The at least one power device includes an input to receive power from a power source, an output operatively coupled to the input and configured to provide power, a data storage, a network interface, and a controller coupled to the input, the output, the data storage and the network interface. The controller is configured to provide, according to a reporting schedule, identification information directly to a cloud service via the network interface and provide, according to the reporting schedule, secured information directly to the cloud service, the secured information being descriptive of performance of the at least one power device.

Abstract: Disclosed are automated biometric enrollment workflow (ABEW) systems and method implemented on a mobile communications device that includes a processor, memory and a display. The method is executed by the processor and includes opening of ABEW user interface (UI), initiating automated biometric enrollment workflow in which first biometric mode of the automated biometric enrollment workflow is started, a biometric sensor/scanner connected to mobile communications device scanning or reading a first biometric, wherein the first biometric is associated with the first biometric mode, analyzing the quality of the read/scanned first biometric, determining if the quality is sufficient, if the quality is insufficient, repeating the scanning/reading, analyzing and determining for the first biometric until the quality of the first biometric is sufficient and if the quality is sufficient, storing the first biometric.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by a portable credential using data and algorithms stored on the credential. Since access decisions are made by the portable credential non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database thereby reducing the cost of building and maintaining the secure access network.

Abstract: A server for facilitating an electronic health record system. Each patient has a unique smart card. A processor: associates a security token with a patient; generates a one-time-use security code for storage based upon a security token; provides the one-time-use security code to the patient for storage on the smart card; applies two-factor authentication with the one-time-use security code for each login to a personal health record website presented by the processor; imports and exports the electronic health records associated with the patient based upon a request from the patient received through the personal health record website; generates a new one-time-use security code after each patient session based upon the respective security token; and provides the new one-time-use security code to the patient for storage on the smart card so that the personal health record website is accessed therewith.

Abstract: Methods and apparatuses to manage service user discovery and service launch object placement on a device. A method comprising: obtaining information to assist in identifying a portion of a user interface of a wireless device, the wireless device communicatively coupled to a network system over a wireless access network; determining a differentiating attribute of the identified portion of the user interface; obtaining one or more service launch objects for placement in the identified portion of the user interface; and sending configuration information to the wireless device over the wireless access network to assist the wireless device in placing the one or more service launch objects in the identified portion of the user interface.

Abstract: Methods, systems, and computer-readable storage media for selecting columns for using searchable encryption to query a database storing encrypted data. Implementations include actions of receiving a set of search indices, receiving a search token, and in response: searching at least one search index of the set of search indices based on the search token, and determining that the at least one search index is absent an entry corresponding to the search token, and in response, receiving one or more identifiers, each identifier being associated with a respective ciphertext that is determined to be responsive to the search token, and updating the at least one index to include an entry based on the search token and the one or more identifiers; and transmitting search results, the search results including the one or more ciphertexts that are determined to be responsive to the search token.

Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.

Abstract: Universal cards are used in place of all the other traditional cards which a person may want to carry. The universal card can include a short range communications transceiver to communicate with a mobile device. The mobile device can include a user interface and an e-wallet application so that the user can interface with the e-wallet application for programming the universal card via the short range communication link. Once programmed, the universal card emulates a function of a traditional card.

Abstract: An interconnect assembly is disclosed herein. An example includes a wireless connector to wirelessly transceive data to and from a first device and a connector to transceive data to and from a second device. The interconnect assembly additionally includes an interface selector to establish a communications protocol to exchange the data between the first device and the second device.

Abstract: A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.

Abstract: A method generating a cryptographic key and corresponding helper data includes measuring an analog value associated with a physical property of cells of a memory array; digitizing the measured analog value to generate the cryptographic key; quantizing the measured analog value to generate the corresponding non-leaky helper data.

Abstract: Provided is an information processing apparatus including a physical unclonable function (PUF) to generate a unique key using a process variation in a semiconductor manufacturing process, and an encryption unit to encrypt a password and/or bio-information received from a user using the unique key.

Abstract: An aspect of cipher text translation includes a memory configured to store predetermined conditions for performing an encryption operation, and a processor communicatively coupled to the memory. The processor is configured to execute computer readable instructions. The computer readable instructions include determining through analysis of an inbound key and an outbound key of the encryption operation that the encryption operation includes a translation from a first class of encryption to a second class of encryption. The second class of encryption is determined to be weaker than the first class of encryption. The instructions also include applying the predetermined conditions to the input key and the output key and authorizing the translation via the processor, based on the applying, when aspects of the predetermined conditions are satisfied.

Abstract: A method for transmitting and receiving a message for Downloadable-Conditional Access System (D-CAS) or Downloadable-Digital Rights Management (D-DRM) in Moving Picture Experts Group Media Transport (MMT) is provided. The method includes, upon receiving Composition Information (CI) from an MMT server, acquiring signaling information for D-CAS or D-DRM, which is included in the CI, acquiring, from the signaling information, an address of a server from which software of D-CAS or D-DRM is downloadable, generating a request for the software based on the signaling information, and sending the request for the software to the server address.

Abstract: An administrative system generates a sequence of passwords by iterative evaluation of a hash function, initiated from a private key value and continuing to a final, public key value. A current token is created that includes a current one of the passwords. A protected device tests the validity of the current password by inputting it to a hash function sub-chain. The current password is considered valid if, after hashing the current password n+1 times, where n corresponds to the number of tokens previously received, the result is a revealed value, such as a previously verified password of the public key value. At least one unit of a one-time programmable hardware device, such as processor fuses or anti-fuses, is then physically and permanently altered, thereby incrementing a count entry indicating the number of tokens received. The protected device performs a desired action only if the current password is verified.

Abstract: This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area.

Abstract: A device may receive a request for domain name system (DNS) information to be provided to a user device communicating via a visited network. The device may identify roaming policy information associated with the user device and, based on the roaming policy information, may determine that the user device is restricted from sending or receiving data via the visited network. The device may determine DNS information, to be provided to the user device, that includes information that identifies a restricted DNS server to which the user device is to be directed. The device may provide the DNS information to the user device to cause the user device to be directed to the restricted DNS server. The user device may be directed to the restricted DNS server to permit a user of the user device to authorize the user device to send or receive data via the visited network.

Abstract: A service providing apparatus configured to acquire a resource request from a terminal apparatus, specify destination information, which is associated with authentication information stored in a storage and coinciding with authentication information included in the acquired resource request, from the storage, determine whether domain information included in the acquired resource request and the specified destination information coincide with each other, and transmit a first response including information indicating that authentication is required and the domain information to the terminal apparatus when the domain information and the destination information coincide with each other, and transmit a second response not including the domain information to the terminal apparatus when the domain information and the destination information do not coincide with each other.

Abstract: A system is illustrated as including a One-Time Password (OTP) device operatively coupled to a computer system to receive data, and a server operatively coupled to the computer system via a network connection. A method is illustrated as including receiving and verifying credentials of a user accessing the site. In response to verifying the user, a request is transmitted to an authentication server for a first token value corresponding to the user. The first token value is received from the authentication server. The first token value is displayed to the user. The first token value is displayed at the same time as part of a list with other token values to the user. The user compares the list of token values to a token value generated by a password device to determine whether the token value generated by the password device is included in the list of token values.

Abstract: Techniques are described for logically isolating data I/O requests from different operating systems (OSes) for a same multi-tenant storage system (MTSS). Techniques provide for OSes and the MTSS to obtain security tokens associated with the OSes. In an embodiment, an OS uses a security token to generate an authentication token based on the contents of a data input/output (I/O) request and sends the authentication token to the MTSS along with the data I/O request. When an MTSS receives such data I/O request, MTSS retrieves its own copy of the security token associated with the OS and generates its own authentication token based on the contents of the received data I/O request. If the authentication token generated by the MTSS matches the authentication token generated by the OS, then the data I/O request is successfully authenticated. Otherwise, if the authorization tokens fail to match, then the data I/O request has been compromised.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a method for receiving initial filter criteria from a home subscriber server, transmitting information obtained from the initial filter criteria to a domain name system, receiving a multicast IP address from the domain name system, and transmitting a message to a plurality of IP multimedia subsystem network elements according to the multicast IP address. The message can be used for configuring the plurality of IP multimedia subsystem network elements. Other embodiments are disclosed.

Abstract: An HTML document includes a JavaScript element that manages CSRF token use. When the HTML document is rendered, the JavaScript element asynchronously requests a CSRF token from the server. In response, the server generates a JWT using a keyed HMAC algorithm. The resulting JWT, which functions as a CSRF token, is returned to the user where it is stored in a protected variable inside the JavaScript element. The CSRF token is therefore stateless and isn't stored in a server-side repository. When the user later requests access to a server resource, the CSRF token is included in such request. This may be accomplished by adding a hidden input field that includes the CSRF token to the submission that's transmitted to the server. If the server cannot validate the received token using the HMAC key that was originally used to generate the token, the request is considered unauthorized and is not processed.

Abstract: Multiple factor authentication in an identity certificate service is disclosed. A certificate including a cryptographically-obscured identifier associated with the end entity is sent from an end entity to a service node. The service node uses both the certificate and the identifier to authenticate the end entity at least in part by comparing the identifier to a reference identifier. A service associated with the service node is accessed based at least in part on the authentication.

Abstract: A client device communicates with a server and a relay device and includes a controller and a storage.

Abstract: A cryptographic key is generated using biometric data and a hierarchy of biometric descriptors. The hierarchy of biometric descriptors includes multiple levels, wherein a biometric descriptor at a first level is associated with a subset of the biometric descriptors at the next lower level. To generate a cryptographic key, biometric data is collected and compared to the biometric descriptors at the first level of the hierarchy. One of the biometric descriptors is selected at the first level, and a first key component is generated based on the first selected biometric descriptor. The biometric data is then compared to the subset of biometric descriptors at the second level of the hierarchy associated with the first selected biometric descriptor. This process of selecting a biometric descriptor and generating a key component continues for each level of the hierarchy. The key components are then used to generate a cryptographic key.

Abstract: Disclosed herein is an information processor configured to register user face identification data, the information processor including: a captured image display section adapted to display part of a captured image on a display; a guidance display section adapted to display, on the display, guidance prompting a user to rotate his or her face relative to an imaging device; and a registration processing section adapted to register face identification data based on user's face image included in the captured image after or while the guidance is displayed.

Abstract: There is disclosed a user authentication device for issuing authentication information. The user authentication device comprising a photovoltaic panel configured such that the photovoltaic panel can assist in powering the device in response to the device being exposed to the light.

Abstract: A wireless local area network configuration method and a wireless terminal. In embodiments of the present application, a first MCC is acquired from a user card of the wireless terminal, and then first wireless local area network configuration information corresponding to the first MCC is determined, so that wireless local area network configuration can be performed for the wireless terminal by using the first wireless local area network configuration information. Therefore, a problem in the prior art that an operation of wireless local area network configuration for a wireless terminal is complicated and error-prone can be resolved, thereby improving configuration efficiency and reliability.

Abstract: A biometric system comprises an identity proving system with a non-volatile memory for storing biometric verification data for a biometric feature of an individual. The biometric system also includes a first body coupled communication interface configured to transmit the biometric verification data via body coupled communication along or through the body of the individual to a second body coupled communication interface. The biometric system further includes an identity verification system comprising a biometric reader configured to measure the biometric feature of the individual to obtain biometric data. The second body coupled communication interface is configured to receive the biometric verification data via the body coupled communication along or through the body of the individual.

Abstract: A client device captures biometric data from a user and stores the biometric data to identify the user. To simplify access to content from a content source, the user identifies the content source to the client device, which identifies authentication information associated with the user by the content source. For example, the user specifies a username and password associated with the content source to the client device. The authentication information is stored in the client device using the user's biometric data. For example, the client device stores the authentication information so it is not accessible unless the client device receives the user's biometric data. When the user subsequently requests access to the content source, the user provides biometric data to the client device, which retrieves and communicates the authentication information to the content source.

Abstract: A network system includes: a network device; and a portable connection device capable of connecting thereto a terminal device which accesses the network device, where the portable connection device holds authentication information related to the connection between the network device and the terminal device, the authentication information being previously set. Here, the network device includes a processor, and the processor acquires the authentication information held in the portable connection device according to the connection of the portable connection device to the network device, acquires identification information on the terminal device from the terminal device according to the connection of the terminal device to the portable connection device, and compares the acquired authentication information with the identification information on the terminal device and device information on the network device to determine whether or not the access from the terminal device is allowed.