Abstract: A system and method that allows a mobile device to be shared between multiple users by establishing dedicated memory partitions for each user of the mobile device is disclosed. In one embodiment, the mobile device establishes a memory partition for a user of the mobile device when the user first uses the mobile device. Users are permitted to read and/or write digital data in their respective memory partitions, and are prevented from accessing digital data in other memory partitions. In some instances, a current user of a mobile device can authorize other users to access digital data stored in the current user's memory partition. In one embodiment, a user of the mobile device can also backup and/or synchronize digital data stored in the user's memory partition using a network synchronization service.

Abstract: A system and method for establishing a chain of trust from a registrant to a registry. A registrant request to a registrar to change a domain name record includes at least one registrant factor, such as a one time password. The registrar can formulate an extended EPP command that includes the factor to effectuate the change and send it to a registry. The registry can verify the at least one factor using at least one validation server. If the factor is successfully verified, the EPP can be processed by the registry. If the factor is not verified, the EPP command may not be processed and an error message may be generated and sent to the registrar.

Abstract: In accordance with an example embodiment of the present invention, an apparatus comprises at least one processor and at least one memory. The at least one memory includes computer program code. Further, the at least one memory and the computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following receive a service subscriber key request from an electronic device; determine a service subscriber key request from a subscriber identity module; and transmit the service subscriber key request to the electronic device.

Abstract: An automaton capable of providing an access control decision upon receiving an access control request is produced by processing context based access control policies specified in a formal descriptive language, and by converting the context based access control policies to the automaton.

Abstract: A peripheral device for a programmable logic controller includes an encrypter, an external storage that stores peripheral authentication data that has been encrypted, an internal storage that stores peripheral device authentication data that has been encrypted, a decrypter, and a verifier that determines whether or not use of the peripheral device for the programmable logic controller is authorized by checking the peripheral device authentication data read out and decrypted from the external storage, against the peripheral device authentication data read out and decrypted from the internal storage. If the verifier authorizes use of the peripheral device, encrypted authentication data is read out of the internal or external storage, decrypted, and transmitted to a PC for authorizing reading and writing of data in the PC.

Abstract: A contents player including: a reading unit which accesses data carrier and reads out contents including multimedia data and a script from the data carrier; a playing unit which plays the multimedia data included in the contents; an interpreting unit which interprets the script included in the contents; an access unit which accesses an internal or external storing device; an acquiring unit which acquires an access ID of the contents from the read contents or the data carrier when the script includes an access instruction description which instructs access to a specific storing region in the storing device: and a determining unit which determines whether the access to the specific storing region is permitted or not, on the basis of the acquired access ID.

Abstract: A data processing system accepts a removable hardware device, which becomes electrically engaged with a system unit within the data processing system, after which the removable hardware device and the hardware security unit mutually authenticate themselves. The removable hardware device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable hardware device. In response to successfully performing the mutual authentication operation between the removable hardware device and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable hardware device remains electrically engaged with the system unit.

Abstract: Authorized persons are recognized based on unique identifiers allocated to the authorized persons and biological information of the authorized persons and a database of identifiers and biological information of authorized persons. When a person provides his identifier, biological information corresponding to the provided identifier is retrieved from the database and writing in a storage unit. Then, when the person provides his biological information, it is checked whether provided biological information matches with the biological information in the storage unit. When the two match, the person is recognized as an authorized person.

Abstract: A secure memory device which can be used for multi-application smart cards for secure identification in data transfer, or for component verification in a computer system, without the requirement of an internal microprocessor. The secure memory device features a dual authentication protocol in which the memory and host authenticate each other. The secure memory device also includes an encrypted password feature, as well as using stream encryption to encrypt the data.

Abstract: Certain aspects of a method and system for using shared secrets to protect the access of testing keys for a set-top box may comprise receiving within a security processor within a set-top box a plurality of secret keys from a plurality of users. A password may be generated utilizing secret sharing based on the received plurality of secret keys. The generated password may be compared with a generated response. The plurality of users may be authenticated access to the set-top box based on the comparison.

Abstract: Without modifying application programs in a smart card, data and functions of the application programs can be used by one authentication operation if an apparatus has an invented authentication information management function utilization part. Even if the apparatus not implemented with the invention can use the smart card in a similar manner to the conventional manner. An authentication information management program for managing information necessary for authentication of each application is introduced into the smart card. When each application is utilized, the authentication information management program acquires the application authentication information after an authentication request message from the application program is captured, and transmits the application authentication information to the application program. It is possible to realize a method of utilizing data and functions possessed by the application programs through one authentication operation.

Abstract: Embodiments of the invention are concerned with smart-card devices and in one aspect provide a mobile communications device for providing a user with access to information relating to authorized take-up of a service for which authorization is provided using a contactless smart-card device. The device includes a plurality of personal information managers, each having a data store comprising a plurality of data fields. The device is configured to access an interface for receiving data from the smart-card device and a a parser arranged to parse the received data so as to identify content therein and to identify, from the parsed content, content portions corresponding to at least some of said plurality of data fields.

Abstract: Technologies are generally described for secure authentication tokens that employ hardware public physically unclonable functions. Each unique token can be implemented as hardware such that manufacturing variations provide measurable performance differences resulting in unique, unclonable devices or systems. For example, slight timing variations through a large number of logic gates may be used as a hardware public physically unclonable function of the authentication token. The authentication token can be characterized such that its physical characteristics may be publicly distributed to authenticators. Authenticators may then simulate the result from a particular input vector and then request the authentication token to generate the same result in a very short amount of time. The time may be specified such that the result could not be simulated by an imposter for a timely response.

Abstract: A method and apparatus is provided for generating reports for ensuring process compliance. The method includes the steps of receiving a sign-in event notification for a process, identifying a set of rules for controlling the process based upon a source of the sign-in notification, receiving a sign-out event notification for the process and associating a set of images from the area recording portions of the process with an event report in accordance with the identified rules.

Abstract: An identification method and system. A user is scanned by a Radio Frequency Identification (RFID) reader to read N RFID tags respectively embedded in N objects carried by the user. Each tag of the N tags includes a tag identifier. N may be at least 1 or at least 2. The N tags read by the RFID reader are compared with M tags in a registered record of data. The registered record comprises a reference to the user. Each tag of the M tags includes a tag identifier. M is at least N. The user is permitted access to a resource if the comparing has determined that the tag identifiers in the M tags include the tag identifiers in the N tags read by the RFID reader. The resource may be a computer resource. Alternatively, the resource may be a resource other than a computer resource.

Abstract: An electronic equipment includes: a first connecting unit that connects an external apparatus and a transmit and receive unit; a prohibit unit; an identification information storage; a second connecting unit that is connected to a key constituting member including memory unit storing therein authentication information corresponding to the identification information; a covering unit; a gain unit; a judge unit; and a permit unit.

Abstract: A method and system for distribution of scrambled data and/or services to at least one master terminal and to at least one slave terminal linked with the master terminal. The method and system transmit to the master terminal a first secret code and transmit to each slave terminal a second secret code in a biunique relationship with the first secret code, and authorize the reception of the data and/or services by a slave terminal only if the first secret code is previously stored in the slave terminal.

Abstract: An electronic memory device configured to store and transfer data with a host device via a memory device connector and a mating host connector is disclosed. The electronic memory device includes a memory storage, a plurality of key buttons disposed upon the memory device, and a display disposed upon the memory device. The plurality of key buttons is configured to allow entry of a security code comprising a plurality of fields, and the display configured to display the security code. The memory device is configured to allow data transfer to or from the memory storage in response to entry of the security code, but to prevent data transfer to or from the memory storage prior to entry of the security code and in response to disconnection of the memory device from the host device.

Abstract: A system and/or method that facilitates the installation and/or authentication of a device by invoking installation protocols and/or authentication protocols for a non-physical connection. A physical interface component provides a physical connection between at least one wireless device and at least one network entity in which the installation protocols and/or authentication protocols can be exchanged. The physical interface component can utilize a token key to establish multiple non-physical connections with multiple wireless devices. Additionally, the physical interface component can utilize a daisy chain scheme to install and/or authenticate a wireless device.

Abstract: A method and apparatus for providing a security system. The method includes the steps of providing an identity card for use by a person entering a secured area of the security system, reading the identity card at an entry point to the secured area, randomly generating an alphanumeric key upon the occurrence of a predetermined event, writing the alphanumeric key into the identify card at the entry point, reading the card within the secured area as a request for access to a computer and granting access to the computer by the person, but only when an alphanumeric key is found on the card that matches the generated alphanumeric key.

Abstract: The global access control system and method presents a solution to synchronizing the physical access devices that federal agencies must try to meet Federal Information Processing Standards (FIPS) 201 requirements. The method encompasses wire and wireless technology, IP Security (IPSec), the assignment of IPv6 addresses to every device, integrating with logical access control systems, and providing a homogeneous audit and control format. As part of FIPS 201, Government identification badges (Personal Identity Verification (PIV) cards) will include an IPv6 address that uniquely identifies every card holder. By assigning an IPv6 address to every access device and using the card holder's IPv6 address, every access device can be used for global access control. Moreover, common and interoperable audit records throughout an entire enterprise (logical and physical) are possible.

Abstract: According to one aspect of the invention a system and method for minimizing assembly line manufacturing including an override is provided. Each workstation is equipped with a docking station. A first database is in communication with the programmable controller and the docking station, and the docking station is also in communication with the workstation tools as well as the programmable controller. The override is disposed on a docking station. The system includes a checklist of tasks that each workstation tool is to perform. Accordingly the first database will receive the checklist for each part and will record whether or not each particular part had each of its tasks performed properly. The override may be actuated so as to allow a part to flow downstream the assembly line even though the all the tasks were not completed properly, thus minimizing manufacturing disruptions.

Abstract: Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

Abstract: The invention relates to a method of controlling access to a processing device using an access token with a machine readable identity. The method comprises reading the identity of the access token at the location of the processing device and querying a database comprising valid identities of access tokens, wherein each identity is associated with an access permission level. If the identity is a valid identity, the method further comprises determining the associated level of access and allowing a level of access to the processing device according to the associated access permission level. In some embodiments, the processing device is an Automated Teller Machine (ATM).

Abstract: A user recognition and identification system and method is presented in which text entered by a user at a keyboard is evaluated against previously recorded keystrokes by the user for the presence of repeatable patterns that are unique to an individual.

Abstract: In accordance with an example embodiment of the present invention, a mobile device comprising: a processor configured to receive security data from a dongle and activate, on the mobile device, at least one of the following: a power supply, an application, or a login based at least in part on the received security data.

Abstract: A system for authenticating an object is disclosed. The system includes an optical sensing device and a processor. The optical sensing device senses coded data provided on a surface associated with the object. The coded data is indicative of a position on the surface, an identity associated with the object, and a part of a signature. The signature is a digital signature of the identity. The processor determines, using the sensed coded data, a sensed identity and a sensed signature part, determines, using the position, a sensed signature part identity, determines, using the sensed identity, at least a determined signature, determines, using the determined signature and the sensed signature part identity, a determined signature part, compares the determined signature part to the sensed signature part, and authenticates the object using the result of the comparison.

Abstract: A multiple field nonce particularly suited for use in encryption algorithms associated with data storage has at least one field unique to each data storage device to avoid the possibility of the same nonce value being used to store more than one data string. Additional fields may be based on the number of times at least one encryption key is associated with the storage device and on a number assigned to the particular string of data.

Abstract: A device comprises a network interface and a programmable processor to execute software that performs an authorization process that is a function of network information received by the network interface. The network information comprises information indicative of a network with which the network interface is able to communicate, and the software causes the device to perform a boot process such that if the authorization process is not successful, the device does not successfully complete the boot process.

Abstract: A token handler API which can be instantiated to allow for custom token types. The token handler API can interact with a web service security handler and security service provider interfaces of security framework in order to do a number of security functions such as authentication, digital signatures and encryption for SOAP messages in a Web Service security system.

Abstract: A method and apparatus for accessing a document-processing device is provided. A request to access the document-processing device is received by the document-processing device. For example, the request may be a request to configure the document-processing device or a request to produce an electronic copy of a document. The document-processing device reads authentication data from an authentication token, which is a portable physical object associated with the user that issued the request. For example, the authentication token may be a proximity card, a common access card (CAC), a smart card, a credit card, a driver's license, or a cell phone. The document-processing device determines, based on the authentication data, whether the user has sufficient user access privileges to perform the request. If user has sufficient user access privileges to perform of the request, then the document-processing device performs the request.

Abstract: Exposure of a security mechanism, over time and/or in particular markets, increases the likelihood that the security mechanism will be compromised. A security dongle, however, can resist/delay being comprised by compounding one or more security techniques with the security dongle security mechanism (e.g., a unique identifier of the dongle stored in a secure area of the dongle, a cryptographic token with a private key that cannot be retrieved from the memory of the security dongle, etc.). A dynamic element (e.g., a changing key) and/or an unexposed element (e.g., a private key secured by an owner) can be used in conjunction with a security dongle to buttress against being compromised. Using the dynamic element and/or the unexposed element, the security dongle can be cryptographically bound to at least an identifier of a piece of software enabled by the security dongle.

Abstract: A data processing system is disclosed that includes a read unit configured to read unique information identifying an individual from an individual identification medium, an input unit configured to capture the unique information read by the read unit and convert the unique information into digital unique information, and a database unit having digital unique information registered beforehand which database unit is configured to register the digital unique information captured and converted by the input unit. A managing process is performed on the digital unique information captured and converted by the input unit that involves comparing and organizing the digital unique information captured and converted by the input unit and the digital unique information registered in the database unit according to a predetermined rule, and registering the organized digital unique information in the database unit, the registered digital unique information being output to a predetermined output unit.

Abstract: A communication device and method for securing data include connecting a processor and at least one storage device via active pins of a switch in the communication device, and setting a secure command for securing data stored in the at least one storage device. The communication device and method further include invoking the secure command to delete the data in the at least one storage device, if text data of a received message matches the secure command, and switching the active pins to the inactive pins so as to disconnect the processor and the at least one storage device, thereby disabling the at least one storage device.

Abstract: A method for controlling a pluggable port on an interface board of a communication device, pre-setting; the process of controlling the port includes: the communication device receiving an external inputted password and verifies the received password according to a pre-set password; the communication device enables or disables the pluggable port according to the verification result. Also disclosed is an interface board with a pluggable port, the line(s) connecting with the pluggable module includes one or more switches, after verification by the above-mentioned method, control the pluggable port on the interface board to be enabled or disabled by controlling the switch(es) according to the verification result. The present invention can efficiently avoid the false or illegal use of the pluggable ports of the interface board, thereby guaranteeing the stability and reliability of the communication device and the communication network.

Abstract: The present invention discloses a method and system for remote password based authentication using smart cards for accessing a communications network. The disclosed method does not require a remote authentication sever to maintain a table of passwords for all users. The disclosed method and system also support mutual authentication. It not only prevents the illegal use of system resources by an impersonator, the user can also authenticate the identity of the remote authentication server.

Abstract: A system and method for controlling the reproduction of secure documents includes detecting an electronic data storage device of a secure document; reading the electronic data storage device of the secure document; determining rules for accessing the information stored in the electronic data storage device of the secure document; obtaining a user identity; comparing the rules for accessing the information with the user identity; and determining which of the information stored in the electronic data storage device to allow access to.

Abstract: A method, apparatus, and system are provided for authenticating and authorizing user access to a system. According to one embodiment, a request for authentication and authorization of a user is received from a secondary site on behalf of the user who is seeking to access a primary site via the secondary site via a computer network. The request includes information relating to the user. The user information is then verified for authenticity, including determining whether the user satisfies the criteria for obtaining authentication and authorization as defined by the primary site. If the criteria are satisfied, a token, associated with the user, is generated at the primary site. A portion of the token is transmitted from the primary site to the secondary site on behalf of the user to permit the user to access the primary site via the secondary site, via the computer network.

Abstract: Certain aspects of a method and system for using shared secrets to protect the access of testing keys for a set-top box may comprise receiving within a security processor within a set-top box a plurality of secret keys from a plurality of users. A password may be generated utilizing secret sharing based on the received plurality of secret keys. The generated password may be compared with a generated response. The plurality of users may be authenticated access to the set-top box based on the comparison.

Abstract: A system and method verify a user's identity in an Internet-related transaction. One system and method use a personal computer having identification information, a card reader, and a personal identification card having access information, to verify a user's identity using the access information and the identification information. Another system and method use a personal computer, a card reader, and a personal identification card having access information, wherein the card reader is included as part of a mouse coupled to the personal computer and wherein a user's identity is verified using the access information. Another system and method use a personal computer, a device coupled to the personal computer having identification information, a card reader, and a personal identification card having access information to verify a user's identity using the access information and the identification information.

Abstract: The invention relates to a system and a method for assigning access rights in a computer system. The system transforms an existing system of access rights to a more structured system. In many cases this is a prerequisite such that role-based administration can be used. The method identifies the existing system of access rights and identifies new roles by means of a correlation approach. New roles are created and all old roles are deleted. All direct access rights are avoided making an administration of the system easier and the computer system more secure.

Abstract: An integrated circuit has a first component that has a dynamic characteristic that varies among like integrated circuits, for example, among integrated circuits fabricated using the same lithography mask. Operating the first component produces an output that is dependent on the dynamic characteristic of the first component. A digital value associated with the integrated circuit is generated using the output of the first component, and then the generated digital value is used in operation of the integrated circuit.

Abstract: An authentication information management apparatus manages authentication information for execution of authentication in an information processing device by utilizing a terminal device equipped with an IC card and a memory. The apparatus includes an identification information acquisition section that acquires identification information which is written in the IC card, and an authentication information setting section that retrieves stored authentication information corresponding to the identification information from the memory based on the identification information acquired by the identification information acquisition section, and sets up the IC card so that the retrieved authentication information is readable from the IC card.

Abstract: Authentication of a hardware token connected to a computer includes storing, in the hardware token, a computer public key Ck generated in the computer; reading out, from the hardware token to the computer, a user public key Uk, registering the user public key Uk from the computer with a certificate authority, and receiving a certificate issued from the certificate authority with respect to the user public key Uk, and storing the issued certificate for the user public key Uk in the hardware token.

Abstract: Systems and methods directed at transforming security claims in a federated authentication system using an intermediate format. The systems and methods described herein are directed at transforming security claims in a federated authentication system using an intermediate format. The federated authentication system includes an identity provider and a resource provider. The identity provider receives a request for information from the resource provider to authenticate an account by an application associated with the resource provider. A security claim associated with the account is retrieved where the security claim is provided by an account store in a format specific to the account store. The security claim is transformed from the account store specific format to an intermediate format. The security claim is then transformed from the intermediate format to a federated format recognized by the resource provider. The transformed security claim is provided in a security token to the resource provider.

Abstract: A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport.

Abstract: A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport.

Abstract: An authentication mechanism for use in network-based services generates an authentication token. The authentication token is provided to a client device as part of the code comprising a content page. The content page code is received and loaded by a browser application at the client device. When the content page code is received and loaded by the browser application, the authentication token is loaded by the browser as well. Upon receiving subsequent input, the browser application may send a content request to the server. The content request includes the authentication token maintained by the browser application in the content page. A server may validate the authentication token provided in the request using version information and one or more master authentication tokens.

Abstract: A portable mass storage device for use in two factor authentication systems and methods. A secure portable mass storage device protects content from being freely copied with security mechanisms and firmware. The security functionality also protects confidential user credentials and passwords, as well as algorithms and seeds needed for two factor authentication or asymmetric authentication methods. A client application residing in the mass storage device acts as both a password manager and an authentication manager that seamlessly performs the authentication procedures in the background while signing a user into various institutions of his choosing. A very high level of security is integrated into a mass storage device the user has for purposes other than two factor authentication, and the convenience of highly secure password management also comes in a convenient pocket sized package easy for the user to transport.

Abstract: A computer system includes an interface and a processor. The interface is adapted to receive a request from another computer system for identification of the first computer system. The adapter also furnishes a hash value that identifies the first computer system to the other computer system. The processor is coupled to the interface and is adapted to encrypt an identifier that identifies the first computer system with a key associated with the other computer system to provide the hash value.