Abstract: A method, system, and computer program product for staged user identifier deletion are provided. The method includes checking a status of a user identifier in response to a triggering event. In response to determining that the status of the user identifier indicates a marked for deletion status, a notification action is performed. The method also includes monitoring a time value to determine whether a time for deletion associated with the user identifier with the marked for deletion status has been reached, and automatically deleting the user identifier with the marked for deletion status in response to determining that the time for deletion has been reached.

Abstract: A method comprises assessing a network environment in which an electronic device is present and implementing a security feature based on the assessment of the network environment. Assessing the network environment comprises identifying other network entities on a network to which the electronic device is coupled.

Abstract: According to one aspect, there is provided a method of controlling access to a network resource. The method comprises receiving a request to grant a user access to the network resource, the request including a user identifier, determining whether the received user identifier is stored in a local user data store associated with the resource, and where it is not so determined determining, from user details stored in a master user data store, whether the user is authorized to access the resource, and where it is so determined obtaining a password, and storing the obtained password and user details in the local data store associated with the network resource.

Abstract: To provide a user signature on a network transaction, a security server receives transaction information representing a transaction between a network user and a network site, such as a website. The security server calculates a one-time-password based on the received transaction information and a secret shared by the security server and the network site, but not by the user. The security server transmits the calculated one-time-password for application as the user's signature on the transaction. The one-time-password is independently calculable by the network site based on the shared secret.

Abstract: Systems and methods are provided to facilitate online transactions via mobile communications. In one aspect, a system includes a data storage facility to store account information with a phone number of the user and an interchange coupled with the data storage facility. The interchange includes a common format processor and a plurality of converters to interface with a plurality of different controllers of mobile communications. The converters are configured to communicate with the controllers in different formats; and the converters are configured to communicate with the common format processor in a common format to facilitate authentication of the user to sign in the account.

Abstract: The invention relates to an authentication system for a user possessing a means (3) for authentication at an authentication entity (1), said authentication means including a means (11) for storing at least one status variable and a single-use access-code generator (2) actuated upon a request of the user, said access code including at least one unpredictable portion and being transmitted to the authentication entity for validation, said validation authenticating the user at the authentication entity, characterised in that the status variable is updated in a random manner by and upon the initiative of the authentication means systematically and before any generation of a new access code, in that the generator is suitable for computing the access code using the status variable once it is updated, and in that the authentication entity is adapted for modifying the value of at least one internal status variable during the at least partial validation of the access code by using information previously known by the au

Abstract: A method and apparatus for disabling password-less remote logins. In one embodiment, the method comprises receiving a remote login request at a first computing system from a user of a second computing system. Both of the first computing system and the second computing system mount home directories from a file sever. The request includes a public key associated with the user. An authorized key file associated with the user is located in the home directories. The authorized key file has zero length and owned by a root user of the file server. The method further comprises prompting the user of the second computing system for a password in response to the request.

Abstract: A system is described comprising a service provider and an identity provider. A user requests access to the service provider and the service provider seeks user credentials from the identity provider. In use, the service provider issues an authentication request, which request specifies details of a plurality of acceptable authentication formats. The identity provider responds to the request either by providing authentication details for said user in one of the formats specified in the request, or by returning an error message indicating that it cannot support any of the specified authentication formats.

Abstract: Embodiments of the disclosure describe systems and methods for authenticating services running on a partition. In this regard, one embodiment of a system for authenticating a service includes a partition including a list of authorized services, and a service running on the partition; and a management processor in communication with the partition, wherein the management processor is configured to generate credentials for the service running on the partition if the service is listed in the list of authorized services.

Abstract: The present invention provides a new method of site and user authentication. This is achieved by creating a pop-up window on the user's PC that is in communication with a security server, and where this communication channel is separate from the communication between the user's browser and whichever web site they are at. A legitimate web site embeds code in the web page which communicates to the security server from the user's desktop. The security server checks the legitimacy of the web site and then signals both the web page on the user's browser, as well as the pop-up window to which it has a separate channel. The security server also sends a random image to both the pop-up window and the browser. If user authentication is requested by the web site the user is first authenticated by the security server for instance by out of band authentication. Then the security server computes a one time password based on a secret it shares with the web site and sends it to the pop up window.

Abstract: A method for creating a unique and secure mobile internet protocol version 4 connection for a packet data network is provided. The method includes generating an extended master session key to create a mobile internet protocol root key. The method also includes creating a mobile internet protocol security parameter index based on the mobile internet protocol root key and an access point name. The method further includes deriving a mobile node home agent key based on the access point name. Furthermore the method includes associating the derived mobile node home agent key to the created security parameter index. Moreover the method includes providing the unique and secure mobile internet protocol version 4 connection to transfer data for the packet data network connectivity.

Abstract: Methods and apparatuses for secure communication are provided. The secure communication method includes receiving a first credential of a remote device; receiving first authentication information of the remote device; storing a user record including the first credential and the first authentication information; and evaluating a security level of the received first authentication information.

Abstract: A configuration for preventing authentication processing due to continuous use of an old authorized device certificate, and illegal use of contents is provided. An arrangement is made wherein with playback or recording processing of contents accompanying data transfer between two different devices such as a drive and a host or the like, when performing mutual authentication between devices for executing data transfer, the number of times of authentication is counted, and in the event of this reaching a predetermined upper limit value of the number of times of authentication, authentication processing is cancelled, and it is necessary to update a certificate to be applied to authentication. The present configuration eliminates contents use due to continuity of authentication processing to which an old certificate is applied, and enables prompting a user to obtain the newest certificate.

Abstract: In one embodiment, the methods and apparatuses select a primary group name; identify a first device associated with the primary group name wherein the first device is a member of the primary group name; specify a privilege associated with the member of the primary group name; and store the primary group name, the first device, and the privilege within a profile.

Abstract: An exemplary system enabling credential roaming among a plurality of different computing devices may include an event handler to receive event notifications such as, e.g., a client logon. The event handler may invoke a management service in response to receiving an event notification. The management service may include a synchronizing module to synchronize a user's credentials with a remote directory service, such as, e.g., Active Directory, so that the user's credentials are available from any of a number of different computing devices.

Abstract: Application program network service requests are translated into specific actions that are then performed through the management plane and/or control plane. The translations and resulting actions are responsive to previously defined policies for the communication network, and may further reflect processing of previous service requests by the same or another application program. The amount of resources available for use by a given application program may be predefined based on a globally defined network policy. Each service request obtained from an application program may be translated into multiple actions performed using various specific protocols and/or interfaces provided by either the management plane, the control plane, or both the management and control planes. Reports of network activity, status and/or faults for a requesting application program may be tailored to the requesting program's view of the network, and passed directly and exclusively to the requesting program.

Abstract: When a PC transmits a content request to a device registration apparatus in which a permitted number of devices have already been registered, an expiration time management unit judges whether any registration information registered in a registration list management unit has an exceeded registration expiration time. If registration information with an exceeded registration expiration time is registered in the registration list management unit, the registration list management unit deletes this registration information, and newly registers registration information of the PC.

Abstract: A method and apparatus for issuing an attribute certificate for attributes of a Light Weight Directory Access Protocol (LDAP) entry stored in an LDAP repository. In one embodiment, the method includes receiving a request for an attribute of an LDAP entry. The method further includes, in response to the request, sending a reply that includes an attribute value of the requested attribute and a digital signature to authenticate the attribute value.

Abstract: Disclosed is an off-line user authentication system, which is designed to present a presentation pattern to a user subject to authentication, and apply a one-time-password derivation rule serving as a password to certain pattern elements included in the presentation pattern at specific positions so as to create a one-time password. An off-line authentication client pre-stores a plurality of pattern element sequences each adapted to form a presentation pattern, and a plurality of verification codes created by applying a one-time-password derivation rule to the respective presentation patterns and subjecting the obtained results to a one-way function algorithm. A presentation pattern is created using one selected from the stored pattern element sequences, and presented to a user. A one-time password entered from the user is verified based on a corresponding verification code to perform user authentication. The present invention provides an off-line matrix authentication scheme with enhanced security.

Abstract: A system for binding a subscription-based computer to an internet service provider (ISP) may include a binding module and a security module residing on the computer. The binding module may identify and authenticate configuration data from peripheral devices that attempt to connect to the computer, encrypt any requests for data from the computer to the ISP, and decrypt responses from the ISP. If the binding module is able to authenticate the configuration data and the response to the request for data from the ISP, then the security module may allow the communication between the computer and the ISP. However, if either the configuration cycle or the response cannot be properly verified, then the security module may degrade operation of the computer.

Abstract: A method for terminal configuration and management includes: acquiring a configuration file, where the configuration file includes server account information; configuring the server account information in the acquired configuration file onto a Device Management Tree (DMT) of a terminal; based on the server account information, establishing a management session between the terminal and the server, and performing management and subsequent configuration on the terminal during the session. A corresponding terminal device and a corresponding system are also provided. Through the method, the terminal can determine, according to protocol version information supported by or corresponding to the corresponding server and carried in a configuration packet, a protocol that should be used for communication with a server, and perform configuration according to the correct protocol version, thus improving the operation efficiency.

Abstract: A password setting device for an image forming apparatus includes: an image reading unit which reads image information on a document; an image forming unit which forms an image on a sheet based on image data read by the image reading unit; an acceptance unit which accepts setting of a password used for user authentication; a determination unit which determines whether the password accepted via the acceptance unit violates prohibition information of the password or not; and a notification unit which notifies a user of information to prompt the user to change the password when it is determined by the determination unit that the password violates the prohibition information.

Abstract: An image forming apparatus communicates with an authenticating server which stores user information for identifying a user and authentication information included in a storing medium. An authentication requesting unit transmits the user information input to the image forming apparatus to the authenticating server to authenticate the user. An authentication result obtaining unit obtains the user authentication result from the authenticating server. A display unit displays a registering mode for registering the authentication information corresponding to the input user information and a deleting mode for deleting the authentication information corresponding to the input user information so that the modes can be selected according to the obtained authentication result.

Abstract: A system and method for securing wireless transmissions is provided. A method for transmitting secure messages includes selecting a bin of codewords from a plurality of bins. The bin of codewords containing a plurality of sub-bins of codewords, and the selecting is based on a first message. The method also includes selecting a sub-bin of codewords from the plurality of sub-bins of codewords based on a second message, selecting a codeword from the sub-bin of codewords, and transmitting the selected codeword to a legitimate receiver.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token.

Abstract: Processes and techniques for tailoring operations management in a system are described. The processes and techniques allow a user to customize operations management based on the user's function within a system and the particular tasks that the user wishes to accomplish. Simplified user interfaces can be created by scoping the interfaces based on user profiles, preferences and system components.

Abstract: Embodiments of the present invention relate to a system and method for providing processing capacity on demand. According to the embodiments, a processor package has a plurality of processing elements. One or more of the processing elements may be made active in response to increased demand for processing capacity based on modifiable authorization information.

Abstract: The invention operates in connection with a secure storage compartment feature of a storage security appliance to allow users to see the encryption and permission relationships between hosts and storage in one view. The invention also provides a user tool that enables users to manage secure storage compartments (encryption/key relationship) easily and access permissions between them. The invention also provides a user tool that helps users find missing relationships/permissions easily when troubleshooting a host's missing storage after a storage security appliance is installed. The invention further provides a user tool that overlays cross mapping/relationship information on top of a topology view, thereby making it easy for a user to see missing or extraneous relationships between hosts and storage.

Abstract: An apparatus and method for integrating authentication protocols in the establishment of connections between a controlled-access first computing device and at least one second computing device. In one embodiment, network access user authentication data needed to access the at least one second computing device is transmitted to an authentication server automatically if the user has access to use the first computing device, thereby not requiring the user to manually enter the authentication data needed for such access at the first computing device. The network access user authentication data may be, for example, retrieved from a memory store of the first computing device and/or generated in accordance with an authentication data generating algorithm.

Abstract: Provided are a method and computer system that provide a virtual world. A server of the computer system includes a storage subsystem that stores two or more items of different personalized information about multiple different users, including different user identifications and passwords associated with the user identifications respectively representing the users. The server computer system is programmed to accept login credentials including a user identification and password and validate the login credentials. The server computer system is also programmed to control formation of a first user account and storage of the first user identification and first password. The storage subsystem stores information about registration codes that have not yet been entered.

Abstract: Techniques for secure transparent switching between modes of a virtual private network (VPN) are provided. A principal, via a client, establishes a VPN session in a first mode of operation with a server. The principal subsequently requests a second mode of operation during the same VPN session. The VPN session is transparently transitioned to the second mode of operation without any interaction being required on the part of the principal and without terminating the original VPN session.

Abstract: A method and system for managing role-based access control of token data using token profiles having predefined roles is described.

Abstract: The client requests authentication by transmitting the authentication information entered by the user, the MAC address of the network adapter, and the address change information as to whether or not the MAC address has been changed. When the authentication information and the MAC address are in agreement with the details of registration, and if a change in the MAC address is recognized from the address change information, the server regards the authentication as being a failure and issues an access refusal, thus completing the processing. If a change in the MAC address is recognized, the fact may be notified to the manager to issue an access permit or an access refusal in accordance with the manager's instruction.

Abstract: In the global information sharing and distributing service system, the public use of idle resources can be propelled and sufficient security can be guaranteed on the resources for private use. A node machine configuring an information network includes resources located in a private zone available to private use, resources located in a public zone for public service use, and a private resource security management unit for management of the security of the resources located in the private zone.

Abstract: A method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account, each login request including a login password to be matched against an access password associated with the access account. A database includes at least one account record including a password state field indicating whether the access password is a temporary password or a permanent password and a security hold field indicating whether a security hold has been placed on the access account by an administrator. Access is denied upon receipt of a login request when the login password fails to match the access password. Access is denied upon receipt of a login request when the login password matches the access password, the password state field indicates that the access password is a permanent password, and the security hold field indicates that there is a security hold on the access account.

Abstract: Control system of an electronic instrument for metrological measurements, comprising an electronic local processing unit including a handling application of said instrument. The system includes a control application for said handling application, which can be associated with said local processing unit, said control application being suitable for generating a univocal certification code for the application.

Abstract: The invention describes a method, firmware, and computer program product for generating one or more One Time Passwords (OTPs) for one or more applications. The firmware embedded in a computational device receives one or more registration details corresponding to an application from a user. Thereafter, the firmware generates a Dynamic Information Number (DIN) based on at least one of the registration details and an application identifier (SIID). The user registers with the application with the DIN and at least one of the registration details. Further, the user may access the application using an OTP generated by the firmware based on the DIN and the application identifier.

Abstract: A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.

Abstract: Simplifying any cumbersome URLs that are made public. The function of converting to simplify cumbersome URLs is performed by Web service providers for appropriate fees. Accordingly, the converted URL will have a new domain portion, i.e. the Web service provider's domain along with a simplified path portion defining the path with the Web service provider's domain that will point to the original URL, stored within the service provider. Within the service provider, URLs of said accessed Web documents are converted to include a domain section specifying the service provider's domain and a path portion within said service provider's domain that is simpler than the original URL path portion. The path portion in the converted URL is usually shorter than the path portion in the original URL.

Abstract: An architecture for A method for providing on-line charging in a network environment is provided that includes interacting with an application that is selected by an end user, and with a policy enforcement point to install corresponding policies that are inclusive of charging rules. The method also includes performing, via a policy server, on-line charging interactions on behalf of the selected application itself such that application-specific on-line charging for the application is enabled. In more particular embodiments, the policy server understands which application is interacting with it by use of application tokens, source, or service identifiers. Also, the application element can query the policy server indirectly to grant network resources and the policy server examines an end user's policy profile or a network-wide profile (or both) and recognizes that on-line charging applies to the selected application.

Abstract: Method and system are provided where a memory key structure is used for authenticating access to a memory location that is registered for a remote direct memory access (RDMA) operation. The memory key structure not only includes a standard memory key that is expected by an RDMA enabled network interface card (RNIC), but also includes an endpoint network address identifier and a transport identifier. The endpoint network address identifier and the transport identifier are verified before an entity is granted access to the registered memory location.

Abstract: A method of user authorization for services in a wireless communications network including the steps of: establishing a connection between user equipment and an authorization server of the network; the user equipment providing user identification to the authorization server; the authorization server retrieving authorization data based on the user identification as to a service available to that user; the authorization server returning authorization to the user equipment for a service indicated by the authorization data; and the user equipment establishing a communication path to the service using the authorization

Abstract: A method for secure electronic transaction over a computer network, comprising: at a trusted relationship profile server computer: storing a unique identity of a trusted computing unit; generating a confirmation message regarding the unique identity of the trusted computing unit in response to a request from the trusted computing unit; at a security proxy server computer: storing real credentials and local credentials of a customer in a secure vault; receiving the confirmation message and permitting a login process to be performed with the security proxy server using the local credentials, provided the confirmation message is valid; and replacing the local credentials submitted in the login process with the real credentials. A corresponding system for secure electronic transactions is also provided.

Abstract: A comprehensive platform for merchandising intellectual property (IP) and conducting IP transactions is disclosed. A standardized data collection method enables IP assets to be characterized, rated and valuated in a consistent manner. Project management, workflow and data security functionality enable consistent, efficient and secure interactions between the IP Marketplace participants throughout the IP transaction process. Business rules, workflows, valuation models and rating methods may be user defined or based upon marketplace, industry or technology standards.

Abstract: A framework is provided for securing and managing sensitive credential information required for a software program, such as an application or a script, to access a resource. The centralized framework validates a request for access to a resource received from the software program, retrieves the encrypted credentials associated with the requested resource, decrypts the encrypted credentials, and provides decrypted credentials to the software program for use in accessing the resource.

Abstract: A system and method for sharing data is provided. A request is received from a mobile device to transfer a set of data to a recipient. The set of data is stored by a server and controlled by a user of the mobile device. The request is authenticated, and the data is encrypted. The set of data is transmitted to a recipient specified by the user via the mobile device.

Abstract: A conversion device receives service data including first connection destination data and the authentication information about an authenticated user, generates second connection destination data for designation of the first connection destination data, then associates the authentication information, the first and second connection destination data with one another, transmits them to a relay device, and transmits to a client the service data in which the first connection destination data is replaced with the second connection destination data; the client transmits the second connection destination data selected by the user to the relay device; the relay device transmits the authentication information to a server indicated by the first connection destination data using the authentication information and the first connection destination data corresponding to the second connection destination data, and transmits the address of the server to the client; and the client communicates with the server using the address

Abstract: There is provided a system and method for creating a pre-shared key. More specifically, in one embodiment, there is provided a method comprising accessing an identifier associated with a computer system, and performing at least one mathematical function on the identifier to create a pre-shared key for the computer system.

Abstract: There is provided a method of determining user specific usage of a network, wherein a user is accessing the network for a session from a client system via a layer two access port of a switch, wherein the layer two access port of the switch is assigned to the user of the client system for that session, wherein a first value, which is indicative of the magnitude of a packet counter of the layer two access port, is determined when the layer two access port becomes active, wherein a second value, which is indicative of the magnitude of the packet counter, is determined when the layer two access port becomes inactive, and wherein the first value and the second value are stored.