Abstract: A method for accessing content stored on a memory device is provided. In this method, a request to access the content is transmitted and a session ticket is received. The session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session. The content may be accessed based on the session ticket.

Abstract: A system and method for automatically managing a connection between a user device and a security token access device. The access device is adapted to wirelessly communicate with a plurality of user devices and to be securely paired with at least one of the plurality of user devices, and is further adapted to maintain connection information relating to each of the plurality of user devices. The connection information comprises security information for each user device securely paired with the access device. The access device automatically manages a connection by maintaining a store of connection information comprising security information for each of a set of at least one securely paired user devices; determining whether one of the securely paired user devices is a stale device; and if it is determined that one of the securely paired user devices is a stale device, implementing a management protocol for handling the stale device.

Abstract: A method, a computer readable medium and a system of multi-domain login and messaging are provided. The method for multi-domain login comprises inputting a local password by an agent, accessing a password vault with the local password, and retrieving at least one hidden password from the password vault, and logging the agent into at least one agent application using the at least one hidden password. The method for multi-domain messaging comprises retrieving information of an agent from a database, retrieving at least one skill group to which the agent belongs from the information, retrieving a message linked to the at least one skill group, and sending the message to the agent.

Abstract: A server apparatus capable of preventing unauthorized use of services by a third party through an electronic appliance that stores information used for user authentication by the server apparatus. The server apparatus receives, from an information processing apparatus, pieces of user identification information, pieces of appliance identification information, and pieces of use permission/prohibition information representing on a per service type basis whether uses of services are permitted or prohibited, and stores them so as to be associated with one another. When determining based on use permission/prohibition information, which is associated with a combination of user identification information and appliance identification information that are accepted from an electronic appliance, that use of a service represented by service type information accepted from the electronic appliance is permitted, the server apparatus transmits screen information for use of the service to the electronic appliance.

Abstract: A new identification (ID) technology comprising unified and standardized object identification within Cyber Space is disclosed based upon intrinsic properties of the entity to be identified. This Cyber Gene ID (or Cyber ID) technology extracts intrinsic information from either the physical users or their cyberspace counterparts, and such information is categorized into client parameters, dynamic parameters, static parameters, cloud parameters, connection parameters and user parameters.

Abstract: Integrity validation of a network device may be performed. A network device comprising a secure hardware module, may receive a root key. The secure hardware module may also receive a first code measurement. The secure hardware module may provide a first key based on the root key and the first code measurement. The secure hardware module may receive a second code measurement and provide a second key based on the first key and the second code measurement. The release of keys based on code measurements may provide authentication in stages.

Abstract: In one embodiment, the present invention includes a method for receiving a request from a user-level agent for programming of a user-level privilege for at least one architectural resource of an application-managed sequencer (AMS) and programming the user-level privilege for the at least one architectural resource using an operating system-managed sequencer (OMS) coupled to the AMS. Other embodiments are described and claimed.

Abstract: A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network.

Abstract: Embodiments of the invention provide a method and apparatus for establishing a synchronized interactive multimedia communication among a plurality of users. The method includes generating, at a first device, first information associated with a multimedia content selected by a first user. The first information is generated based on parameters. The method includes transmitting the first information to a second user. The first and second user is associated with a social computer network. Further, the method includes, at second devices, receiving the first information from the social network. The method includes processing the first information to establish a synchronized multimedia interactive communication between the second and the first user. The presentation of the multimedia content in the synchronized interactive multimedia communication is synchronized among the first device and the second device(s).

Abstract: Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed.

Abstract: A system and method is disclosed for sensing, storing and using personal trait profile data. Once sensed and stored, this personal trait profile data may be used for a variety of purposes. In one example, a user's personal trait profile data may be accessed and downloaded to different computing systems with which a user may interact so that the different systems may be instantly tuned to the user's personal traits and manner of interaction. In a further example, a user's personal trait profile data may also be used for authentication purposes.

Abstract: Restrictions are placed on the content of usernames and other online identifiers to help maintain the privacy of offline identities of online users. A proposed username is tested by comparing at least a portion of its content to a set of personal identification information tokens that reflect aspects of an offline identity. The username is accepted if it satisfies a predetermined privacy criterion, which is defined in terms of matches to the personal identification information tokens. The user may receive questions regarding a proposed username and its relation, if any, to the online user's offline identity. Answers to the questions can be used to create personal identification information tokens which are compared to the proposed username.

Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.

Abstract: Techniques for validating identities are provided. A sign-on request is authenticated for a given principal. Attributes associated with that principal are acquired from an identity service and compared against local maintained attributes for that principal. If the identity-service acquired attributes match the local attributes, then the principal is validated for access. During principal access, selective events drive updates to the identity-service acquired attributes, and the comparison with the local attributes is performed again to determine whether the validated principal is to be invalidated or is to remain validated.

Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.

Abstract: A sensor system includes a controller and sensors, the system configured to ensure unique identity for each device. Methods are provided to generate new identities for those devices having duplicate addresses, and to transmit the new identity information to those devices.

Abstract: A USB memory stick, or similar device, is provided having software installed thereon to enable a user to access restricted applications without a user device needing to handle user credential data. In use, the stick receives a request from the user device for access to an application, obtains first user identification information from the user device, uses the first user identification information and the application information to obtain user credentials from an identity management system, which user credentials are required by the application in order to grant the user access to the application, and provides the user credentials to the application without the user credentials needing to be provided to the user device.

Abstract: A method begins by a processing module outputting a registration request message that includes requesting access to a local dispersed storage network (DSN) and requesting access to a global DSN. The method continues with the processing module receiving a registration response message that includes a global universal unique identifier (UUID) and a local UUID. The method continues with the processing module generating a global public-private key pair and a local public-private key pair and generating a global certificate signing request (CSR) based on the global UUID and a private key of the global public-private key pair. The method continues with the processing module generating a local CSR based on the local UUID and a private key of the local public-private key pair, sending the global and local CSRs to a certificate authority (CA), and receiving a signed global certificate and a signed local certificate.

Abstract: An Enterprise Identity Management system includes a registration component, an ownership component, and an audit component. The registration component is configured to associate a user ID with specific accounts that are accessible via a computer system. The ownership component is configured to verify the ownership of the accounts. The audit component is configured to perform periodic checks to ensure the validity of the association between the user ID and the ownership of the accounts.

Abstract: An access management apparatus manages access to a local network via a wide area network and includes an access information acquiring unit that acquires access information that is used in accessing the local network; an authenticating unit that performs an authentication process for a portable storage device; and a recording unit that stores the access information acquired by the access information acquiring unit to a storage device authenticated by the authenticating unit.

Abstract: A system and method for authenticating a user with a wireless data processing device.

Abstract: A system for collecting, verifying, and managing identity data, skill data, qualification data, certification data, and licensure data of emergency responders. The system trusted verification of identity, skills, qualifications, certifications, and licensure, and disseminates information specific or related to identity, skills, qualifications, certifications, and licensure at the scene of an emergency. The system includes information collection devices, data storage media, information retrieval devices, and information management devices. The information collected, managed, and disseminated may include identity information, medical information, skills information, qualification information, certification information, licensure information. Data in the system is stored in multiple formats, allowing for the retrieval of trusted information in an environment that is part of a network or devoid of network connectivity.

Abstract: A method for realizing an authentication center (AC) and an authentication system are disclosed. The method comprises: a UE sends an authentication request to an AC and applies for temporary authentication information, the AC assigns a first authentication random code to the UE, then the UE calculates a first response code and sends it to the AC, the AC assigns the temporary authentication information to the UE after authentication and authorization; the UE sends a login request to the application system (AS) which assigns a second authentication random code to the UE, and the UE uses it and the temporary authentication information to calculate a second response code, and sends this code to the AS; the AS sends the second response code to the AC for authentication and authorization; the AC returns the authentication result to the AS which in turn returns the authentication result to the UE.

Abstract: A cloud storage method includes: connecting a portable electronic device having a hardware identification code to a mediation device; generating a first verification serial number by a first serial number generating module of the portable electronic device via the hardware identification code and transmitting the first verification serial number to a cloud server via the mediation device and a network system connecting to the mediation device and the cloud server; generating a second verification serial number by a second serial number generating module of the cloud server having a storage module via a hardware identification code pre-stored in the storage module; and a comparison module built in the cloud server comparing the first and second verification serial numbers so as to process the storage module according to an operating signal sent by the user when the first and second verification serial numbers are determined to be the same.

Abstract: Methods, systems, and articles of manufacture consistent with the present invention provide for administering a protected item. An anti-theft key encoded with a radio frequency identification of the user and biometric data of the user is provided. The anti-theft key is associated with the protected item such that the protected item is accessible with the anti-theft key.

Abstract: The present invention relates to a method and a system of securely storing data on a network (100) for access by an authorized domain (101, 102, 103), which authorized domain includes at least two devices that share a confidential domain key (K), and an authorized domain management system for securely storing data on a network for access by an authorized domain. The present invention enables any member device to store protected data on the network such that any other member device can access the data in plaintext without having to communicate with the device that actually stored the data.

Abstract: A method of auto updating a password comprises opening a password file and a new password file and reading information from the password file including user ID type. The method applies the user ID type to a predetermined application type and executes password-updating logic to generate a new password for the application type. The method further updates the new password file with the new password for the predetermined application type. A system comprises at least one of a hardware component and a software component configured to read information from a password file including user ID type. The hardware component and/or software component is further configured to determine that the user ID type matches to an application type and to apply the user ID type to the matched application type. The hardware component and/or software component is further configured to generate a new password for the application type and to update the password file with the new password for the application type.

Abstract: The present invention provides a method of securing transmission of content over a wireless network. The method may include initiating a relationship between a content source and a display system, establishing a relationship between the content source and the display system including negotiating a shared key and encrypting content for transmission between the content source and the display system.

Abstract: Verification facilitating company or companies X and verifying company or companies (e.g., credit service company or companies) Y may respectively manage member ID(s) and password(s) of user(s) 1 in mutually separate and mutually secret fashion. User(s) 1 may send member ID(s) to verification facilitating company or companies X from mobile telephone(s) 2, and verification facilitating company or companies X may use originating telephone number(s) and/or member ID(s) to carry out first-stage identity check(s). In the event of positive verification of identity as a result of such identity check(s), verification facilitating company or companies X may issue one-time ID(s) to user(s) 1 and may communicate such one-time ID(s) to verifying company or companies (e.g., credit service company or companies) Y. User(s) 1 may send one-time ID(s) and password(s) to verifying company or companies (e.g., credit service company or companies) Y from company or companies (e.g., store or stores) Z.

Abstract: A technique is utilized in the configuration and seeding of security tokens at third party facilities, particularly at facilities of a configuration agent, such that a token can be configured without the configuration agent having security-defeating knowledge about the token. Such a technique allows a third party to provision a token with a seed, but in such a way that the third party will not know, or be able to construct, the seed after the seed provisioning process is complete. The seed may include, by way of example, a symmetric key or other secret shared by two or more entities. In some arrangements, a method is used for secure seed provisioning. Data is derived from inherent randomness in a token or other authentication device. Based on the data, the token or other authentication device is provisioned with a seed.

Abstract: Disclosed is a method for encrypted communications. A first IPsec endpoint selects a security association (SA) from a security association database (SAD) by using a selector and then extracts an indexing parameter from SA. The indexing parameter is used to determine an active key location from a key storage database (KSD). Data packets are then encrypted using a key from the active key location. The first IPsec endpoint also forms a security parameter index (SPI) in a header of the data packet by using a keyID from the active key location and transmits the encrypted data packet with the header indicating the SPI to a second IPsec endpoint.

Abstract: A method and apparatus for managing and backing-up a set of security keys are disclosed. The keys are generated first at a backup site and then are transmitted from the backup site to the primary site. The primary site then uses these keys to generate message authentication code for messages generated at the primary site. A portion of the key information is transmitted to a client site in the message. The client site then provides the message authentication code back to the service in a subsequent request. The message authentication code generated at the primary site is readable by the backup site. The primary site then takes the portion of the key information and uses this to verify the received message authentication code. In alternative embodiments the actual values used for generating the message authentication code are not transmitted in the message nor are the exposed to the public side of the service.

Abstract: An authentication system and method for allowing an administrator to host a plurality of service principal names (SPNs) over a common network port of a backend server. The authentication system includes a client computer, a backend server, and a service principal name (SPN) apparatus. The client computer sends an authentication request to the backend server. The backend server performs an authentication procedure in response to a reception of the authentication request from the client computer. The SPN apparatus configures a plurality of service SPNs for the web service application over the common network port.

Abstract: Technologies are described herein for generating and changing credentials of a service account. In one method, a credential schedule is retrieved. The credential schedule specifies when a plurality of credentials are scheduled to be changed. A determination is made whether a current credential associated with the service account is scheduled to be changed according to the credential schedule. Upon determining that the current credential is scheduled to be changed, at least part of a new credential is generated. The current credential is replaced with the new credential for the service account.

Abstract: A processor communicating with a first memory configured to store first information and first data, and communicating with a second memory configured to store second information and second data, includes a computing unit configured to perform computation using the first data and the second data; an storing unit configured integrally with the computing unit to store first authentication information and second authentication information; a reading unit configured to read out the first information and the second information; an authenticating unit configured to authenticate the first memory by comparing the first information and the first authentication information, and to authenticate the second memory by comparing the second information and the second authentication information; and an controlling unit configured to control an access of the computing unit to the first memory and the second memory based on a result of the authentications.

Abstract: A system and method for providing a user with secure access to devices operatively connected to a network comprising at least one processing device that has access to a database. The database maintains information for each user of the system, such as the user's login credentials and access level or permissions, along with information corresponding to each network device, such as, for example, the device's login credentials, IP address, and port settings. The processing device authenticates each user and then provides each user with access to the network devices as defined by the data maintained in the database corresponding to the respective user and the network devices.

Abstract: An authentication system by which character strings in squares are selected by a rule determined by a user out of a table in which character strings are assigned to obtain a one-time password. The user memorizes a rule of successively selecting three out of the positions of the squares in a table having five rows and five columns, for example. To each square (402) in the table (401) to be presented to the user, a randomly generated two-digit number is assigned. The table (401) is presented to the user, who arranges the numbers in the squares (402) on the basis of the user's own rule to generate a six-digit number used as a one-time password for authenticating the user. Therefore, the rule for obtaining a one-time password is easy for the user to memorize and a long one-time password can be obtained.

Abstract: A programming interface for a computer platform can include various functionality. In certain embodiments, the programming interface includes one or more of the following groups of types or functions: those related to core file system concepts, those related to entities that a human being can contact, those related to documents, those common to multiple kinds of media, those specific to audio media, those specific to video media, those specific to image media, those specific to electronic mail messages, and those related to identifying particular locations.

Abstract: A protection mechanism(s) for a virtual universe account maintains integrity of the virtual universe account as well as the virtual universe. An avatar associated with a virtual universe account may be misappropriated and/or used inappropriately by a non-comporting user against the wishes or without the knowledge of the virtual universe account owner. A non-comporting user (i.e., a user not authorized to use the virtual universe account, an authorized user who misuses a virtual universe account, etc.) can use an avatar to perform potentially damaging and/or damaging activities in the virtual universe (e.g., destroy property, impact reputation associated with the virtual universe account, reduce value of the virtual universe account, etc.) Embodiments of the inventive subject matter detect when a user misappropriates and/or misuses a virtual universe account (i.e., detects a non-comporting user), and attempts to restore state of the virtual universe prior to the misuse and/or misappropriation.

Abstract: An authentication system for an instruction processing apparatus includes first and second authentication portions each for performing user authentication at the time of using the instruction processing apparatus, and a controller which makes the first authentication portion execute the user authentication and switches from the first authentication portion to the second authentication portion when the user authentication by the first authentication portion cannot be established.

Abstract: A method for content access control operative to enable authorized devices to access protected content and to prevent unauthorized devices from accessing protected content, the method comprising: providing a plurality of authorized devices; dividing the plurality of authorized devices into a plurality of groups, each of the plurality of authorized devices being comprised in at least one of the plurality of groups, no two devices of the plurality of authorized devices being comprised in exactly the same groups; determining whether at least one device of the plurality of authorized devices is to be prevented from having access to the protected content and, if at least one device is to be prevented, removing all groups comprising the at least one device from the plurality of groups, thus producing a set of remaining groups; and determining an authorized set comprising groups from the set of remaining groups, such that each device of the plurality of authorized devices which was not determined, in the determining

Abstract: Apparatus and method for managing password information associated with a service account are disclosed. In some embodiments, a service account management system is configured to include a security account utility and a password information data store. In some embodiments, a security account utility is used when registering, tracking, and adjusting password change information. In some embodiments, notification of a password change date is transmitted to a service account owner and a security auditor for enforcement. Use of a security account management system with a middleware application is also disclosed.

Abstract: A method, apparatus and program storage device for providing service access control for a user interface is disclosed. A service secret is combined with a user access code, such as a user ID/password. A system can extract the service secret and determine whether access to service functions should be allowed to provide authentication and authorization for service interface access in secure manner.

Abstract: A system that enables parties to a real estate transaction to remotely access the system via the internet to initiate and consummate the offer/counter-offer process leading up to and including execution of a definitive purchase agreement between buyer and seller, wherein parties to the real estate transaction include the Buyer, the Seller and their respective agents. The system provides for a user interface that enables input of the transaction specification information which is typically input by the real estate agent. Subsequently, the system enables secure routing of the transaction between the parties for their online review and response. The system also provides for unique identity verification, logging and tracking functions to ensure validity and enforceability of electronic acceptance of transactions and related purchase agreements and documents by all parties.

Abstract: A system and method for establishing two-factor security using a mobile device comprising authorizing one or more transactions requests received by a server, identifying one or more credentials required before the transaction can be processed, transmitting the list of credentials and a request session ID to a mobile device that stores, or is linked to, one or more required credentials, and pushing (or authorizing a credentials server to push) such credentials to the server that received the request in order to permit the associated transaction and/or upgrade the prior session to a secured or “authorized” connection.

Abstract: A server storing a pool of unassigned access credentials selects an access credential from the pool, assigns it to an individual, identifies a mobile communication device associated with the individual, and pushes the access credential to the mobile communication device over a secure and authenticated channel such that the access credential is receivable by the mobile communication device. If the mobile communication device supports a proximity technology and is proximate to an access node that supports the proximity technology, the mobile communication device employs the proximity technology to present the access credential to the access node.

Abstract: An information processing device, comprising a reading unit that reads, from a recording medium that records information relevant to authentication, the information relevant to authentication, an acquisition unit that acquires information about a contact destination designated in association with the recording medium, when reading of the information from the recording medium by the reading unit remains continuously possible during a period of time between completion of a process instructed by a user who is authenticated based on the information recorded in the recording medium and elapse of a predetermined period of time after the completion, and a transmission unit that sends predetermined information to the contact destination specified by the acquired information.

Abstract: An administration method and system. The method includes receiving by a computing system, a telephone call from an administrator. The computing system presents an audible menu associated with a plurality of computers to the administrator. The computing system receives from the administrator, an audible selection for a computer from the audible menu. The computing system receives from the administrator, an audible verbal command for performing a maintenance operation on the computer. The computing system executes the maintenance operation on the computer. The computing system receives from the computer, confirmation data indicating that the maintenance operation has been completed. The computing system converts the confirmation data into an audible verbal message. The computing system transmits the second audible verbal message to the administrator.

Abstract: A method for automatic user authentication is described. In response to a coupling of a separate hardware security device to a data processing system, credential information for each of a plurality of applications that the user uses is received from the separate hardware security device into an authentication credential container associated with the user. A plurality of applications accessible by a user are identified by examining authentication credential container of the user. A view of the plurality of applications accessible by the user is generated. The view is a consolidated user directory that contains user authentication information across the plurality of applications. The view may then be displayed to an administrator.

Abstract: Password management systems include a plurality of child nodes and a mother node. Each child node includes a secure resource, a target account, and a password management service. The target account can be password-protected, and the secure resource can be accessible through the target account. The password management service can periodically update a password of the target account by requesting a new password from the mother node. In response to such requests, the mother node can generate new passwords and forward the new passwords to the appropriate child nodes. The mother node can store the new passwords in a database of current passwords. When an authorized user of the mother node requests a current password for a target account of a child node, the mother node can provide the requested current password to the authorized user. Other aspects, features, and embodiments are also claimed and described.