Abstract: System(s) and method(s) provide access management to femto cell service through access control list(s) (e.g., white list(s)). White list(s) includes a set of subscriber station(s) identifier numbers, codes, or tokens, and also can include additional fields for femto cell access management based on desired complexity. White list(s) can have associated white list profile(s) therewith to establish logic of femto coverage access based on the white list(s). Various example aspects such as white list(s) management, maintenance and dissemination; automatic population or pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided. A component can implement automatic population of white list fields based at least in part on a set of received identifiers. In addition, autonomously determined identifiers can be employed to populate a white list.

Abstract: Disclosed embodiments include a computer system for receiving an encrypted password from an ID management system. The computer system sends the encrypted password to a decryption system, where the decryption system decrypts the encrypted password. The decrypted password is then transmitted to the computer system, and the computer system transfers the decrypted password to a configuration item disposed on a network. Based on the password, the configuration item sends data concerning the configuration item to the computer system.

Abstract: An automatic account generation system includes an account generator having an IP address and exhibiting an account management function, a printer and at least one apparatus capable of providing wireless Internet access. The Internet user access authentication information can be acquired and printed from the account generator via an input device of the printer. When a user inputs the Internet user access authentication information into a wireless access apparatus, such as a notebook or a PDA equipped with a WLAN card, he or she can automatically access the WLAN where he or she is located. Moreover, the present system is equipped with a payment apparatus that can be connected to the account generator, so that it can accept payment made, whether by cash or by credit card, for getting the Internet user access authentication information.

Abstract: Methods, apparatus and program products for using historical contextual data in a ubiquitous computing environment. The historical contextual data can be dispersed among components in an environment or logging services as well as stored on a particular component or logging service. The historical contextual data can be used to help create or re-create component configurations within the relevant environment through the use of abstract applications and abstract components. Abstract applications can be specified to create connections with specific components. Abstract applications can also be generalized so that they need not create connections with specific components, but can create component connections that perform a desired function by determining which components to use from the available components, and how to connect the selected components to perform the function.

Abstract: When an authenticated wireless computer loses connectivity to a wireless access point of a network and roams to another access point, the wireless computer (e.g., a hypervisor in the computer) determines whether the new access point is authorized for secure communication and if so, releases access to secure data on the network through the new access point.

Abstract: An embodiment of a method of managing a computer system begins with a step of placing a virtual machine monitor on a computer. The virtual machine monitor includes an interface for a module. The method continues with a step of forming a computing platform on the computer. The virtual machine monitor provides access control to the hardware resources for software executing on the computing platform. The method concludes with a step of adding a module to the virtual machine monitor through the interface. The module modifies the access control provided by the virtual machine monitor.

Abstract: A management apparatus capable of communicating with a plurality of external devices includes a storage unit to store management information including authentication information for authenticating a user in the external device, a first transmission unit to transmit an authentication result of the user in the external device and user information necessary for authenticating the user by the external device among the management information to the external device by referring to the management information stored in the storage unit in response to a request from the external device, a selection unit to, when a content of the management information is changed, select an external device to be a transmission destination of the changed management information based on the change thereof, and a second transmission unit to transmit the changed management information to the external device selected by the selection unit.

Abstract: The invention proposes a method for handling authentication requests in a network, wherein the authentication requests may have different types, the method comprising the steps of determining (S1, S3, S4) types of the authentication requests, and applying (S5-S7) a policy for handling the received authentication requests based on the determined types of authentication requests. The invention also proposes a corresponding network control element and a computer program product.

Abstract: A method for installing authentication credentials on a network device. An intermediary computing device (e.g., client computer) downloads an application for installing the authentication credentials from a secure website. The application on the intermediary computing device requests authentication credentials from a Network Access Control (NAC) credential service. The application passes the authentication credentials received from the NAC credential service through the intermediary computing device to an endpoint (e.g., video conferencing device). The application installs the authentication credentials on the endpoint.

Abstract: An apparatus for coordinating data sharing in a computer network with at least one physical display device is provided. The apparatus includes a code generator generating at least one unique temporary session connection code (SCC), and a storage device storing associations between each of the at least one SCC and one or more of the at least one physical display device. An interface receives requests from one or more source computers to establish communications sessions for sharing data, and a processor in response to a request establishes a communications session between the requesting source computer and at least one physical display device only in the event that at least one condition is met. The at least one condition includes that a valid SCC is received with the request. The establishing is based on the received SCC. Related methods and computer programs are disclosed.

Abstract: In one form, there is disclosed a system (100) for storing, validating and disseminating credential information about an entity. The system (100) generates data representing at least part of the credential information and a data representation of at least part of a document supporting that information and stores the credential information and data representation in a database (120) in an encrypted form.

Abstract: An apparatus may include a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service. The processor may be further configured to determine a request type, wherein the request type may be a user identification and password combination, a request token exchange, or an access token exchange. The processor may be additionally configured to extract one or more parameters included in the request based upon the determined request type and to perform one or more security checks based at least in part upon the one or more extracted parameters. The processor may be further configured to create an access token based at least in part upon the results of the one or more security checks and to provide the access token to the remote entity.

Abstract: The embodiments of the present disclosure disclose an authentication method, a system, a server, and a user node are disclosed herein. The method includes: generating, by a server, a server session key according to the identity information, at least one login information parameter, and the validity period included in the login information, generating at least one session key parameter of a user node according to the generator point of the algebraic curve, and sending at least one session key parameter of the user node to the user node; generating, by the user node, a user node session key according to at least one session key parameter of the user node; performing, by the server and the user node, mutual authentication according to the session keys. The authentication solution under the present disclosure is simple and practicable, and is also applicable to authenticating the user node in a grid computing platform.

Abstract: A method for installing authentication credentials on a remote network device. A remote network device without valid authentication credentials may be connected to a port of an authenticating network switch, and the authentication protocols of the port may be enabled. A Network Access Control (NAC) credential service validates the remote network device comparing a received remote device identifier against a previously stored remote device identifier. The received remote device identifier may be received from the remote network device using a network when the remote network device attempts to access a private network. The NAC credential service disables the authentication protocols of the port in response to validating the received remote device identifier. The NAC credential service installs authentication credentials on the remote network device using encrypted data, so an untrusted entity cannot view the authentication credentials.

Abstract: When an authentication request is made, processing for the authentication request is executed based on information about a first device even if account information set for a first storage system does not exist. When information is exchanged between a home storage system 10 and an online storage system 18 via the Internet 20, and if account information does not exist due to, for example, replacement with a new device, when making an authentication request, the home storage system 10 collects content relating to the relevant device and transfers both to the online storage system 18; and if the content collected by the home storage system 10 matches key-content recorded as authentication information, the online storage system 18 transfers the recorded account information to the home storage system 10. The home storage system 10 can execute user authentication processing by using the account information transferred from the online storage system 18.

Abstract: A system and method for distributing enduring credentials for a secure network in an untrusted network environment is disclosed. The method includes providing temporary credentials to an untrusted user. The temporary credentials can be communicated to a computing device connected to a network switch. The network switch can relay the temporary credentials to an authentication server within the secure network. The computing device can be authenticated to verify it is authorized to be connected to the secure network. Enduring credentials can be transmitted from the secure network to the computing device in an encrypted format to enable the computing device to communicate within the secure network through the network switch without providing access to the enduring credentials to the untrusted user.

Abstract: The systems and methods of the invention provide a technique for authenticating a finance related transaction. The method may include providing a token which contains a token counter, the token counter periodically advancing to generate a changing token value, the token counter being synchronized to a base counter that generates an authenticating value; transforming the token value into a token output sequence using logic; and outputting at least part of the token output sequence to an authenticating authority, the authenticating authority having access to the authenticating value.

Abstract: A system such as in a networked computer system comprising a user, an application server, a gatekeeper server and an authentication server. Communication within the system is managed by the gatekeeper server, wherein the user communicates with the authentication server and the application server through the gatekeeper server. Once the user has been initially authenticated by the authentication server, the user may request application services from a plurality of application servers within the networked computer system without having to be re-authenticated.

Abstract: Methods, systems and devices for cryptographic control and maintenance of organizational structure and functions are provided. A method for control and maintenance of an operational organizational structure, the method includes associating entities with cryptographic capabilities; organizing entities within the organizational structure as roles; and maintaining roles within the organizational structure. The system may involve at least a Public Key Infrastructure operation. Elements in said organizational structure may be assigned to roles and/or groups within said organizational structure.

Abstract: The hash extension technique used to generate an ECGA may be used to increase the strength of one-way hash functions and/or decrease the number of bits in any situation where some external requirement limits the number of hash bits, and that limit is below what is (or may be in the future) considered secure against brute-force attacks. For example, to decrease the length of human entered security codes (and maintain the same security), and/or to increase the strength of a human entered security code (and maintain the length of the security code), the security code may be generated and/or authenticated using an extended hash method.

Abstract: A secure credential validation compares stored and received modified credentials, e.g., biometric credentials, such that the validating system does not have access to the unmodified credentials. A capture system and a credential validation system are operatively coupled to a network (e.g., the Internet). The credential validation system is configured to store a set of modified stored credentials associated with the principal, receive a set of modified received credentials, and perform a credential validation procedure to validate the modified received credentials, wherein the credential validation procedure performs a one-way consistency test to compare the modified stored credentials and the modified received credentials. The credential validation procedure employs one or more similarity measures, e.g., a weighted quorum of exact matches, a discrete N-ball (or “N-shell”) intersection, or a client-based algorithm with encryption.

Abstract: System and methods for access control in a Universal Plug and Play (UPnP) network are based on a user identity. A control point has an identity assertion capability for identifying a user. The control point is configured to declare a value of an attribute associated with the identity assertion capability. A device is communicatively coupled to the control point via the UPnP network. The device has a first access control list and a trusted-to-identify access control list (TIA). The device is configured to permit the user to perform one or more actions based upon whether the user identity appears as a subject in the first access control list.

Abstract: A system for automatically generating and filling login information to improve the security in storage and use of the login information. The system comprises a monitoring module, a registration module, and a login module; the monitoring module is coupled to the registration module and the login module; the monitoring module is adapted to check for an entry of login information corresponding to the identifier of the current page, and prompt a result to the user, and transmit a signal to the registration module and the login module to perform a registration and/or login operation; the registration module comprises a login information generation unit, a login information storage unit, and a first user confirmation unit; and the login module comprises a login information input unit and a second user confirmation unit. A method for the same is also disclosed.

Abstract: A system and method for customizing the storage of data according to data attributes are provided. A user is provided with a graphical user interface for generating data archive profiles. The data archive profiles can include information regarding the attributes of the device data, specifications regarding the storage of the data, specifications regarding the retrieval of the archived data, and management of the archived data during storage. The execution of the data archive profiles facilitates the individual processing of specific data types or individual pieces of identifiable data.

Abstract: A method and apparatus are provided for signing a user into a computer network associated with an automatic contact distribution system. The method includes the steps of providing a sign-on list that identifies a plurality of subsystems of the computer network of the automatic contact distribution system that the user had previously signed onto, detecting the user signing into the system, retrieving the sign-on list and automatically signing the user into each of the plurality of subsystems identified by the list.

Abstract: Security systems for protecting assets are described, including password-based security systems that can provide different levels of access responsive to entry of a primary or secondary password. In some versions, user-configurable security rules can provide customized responses to entry of primary or secondary passwords, including feigned or limited access, security alerts, etc. Passwords comprising overt and covert components can be used to provide enhanced security and improved user control over system response. Improved security systems involving transactions between multiple parties are also considered, with options for user-customized security rules including primary and secondary passwords, and reverse challenge and response methods. Systems for Limited Use Credentials are also disclosed to reduce the risk of identity theft.

Abstract: Techniques are provided for improving security in a single-sign-on context by providing, to a user's client system, two linked authentication credentials in separate logical communication sessions and requiring that both credentials be presented to a host system. Only after presentation of both credentials is the user authenticated and permitted to access applications on the host system.

Abstract: The invention entails identifying the parties involved in a process of handling personally identifiable information; identifying the data involved in said process; classifying the data; expressing each relationship between each pair of said parties in terms of a privacy agreement; and representing the parties, data, and privacy agreements graphically in one or more privacy agreement relationship diagrams. The invention has the advantage of identifying opportunities to reduce privacy-related risks, including identifying unnecessary exchanges of data, for possible elimination, and identifying opportunities to transform data into a less sensitive form. Privacy agreements are based on a limited set of privacy-related actions: access, disclose, release, notify, utilize, update, withdrawConsent, giveConsent, delete, anonymize, depersonalize, and repersonalize. One aspect of the present invention is a method for improving the handling of personally identifiable information.

Abstract: A communication device, a communication system and an authentication system for preventing a disguising act by an illegal man-in-the-middle and improving the safety and certainty of authentication processing are provided. A slave (20) transmits an authentication request including device information to a master (10). The master (10) receives the authentication request and displays the device information included in the authentication request on a screen of a display section (13). The user visually checks the device information displayed on the screen of the display section 13 (13), determines whether or not to verify the authentication, and instructs the master (10) of the determination result via an input section (14). The master (10), instructed to verify or not to verify the authentication, transmits a response in accordance with the instruction to the slave (20).

Abstract: A method for providing e-token based access control to virtual world (VW) spaces includes intercepting a request from a first VW member to invite a second VW member to a VW space within a VW network, the request intercepted outside of the VW network. The access controls also include using a secret code associated with the first member to generate an e-token that includes an identifier of the second member and the space. The access controls further include sending the e-token inside the network. In response to a request for access to the space, the access controls include sending the e-token outside of the network for verification. Upon successful verification of the e-token, the access controls include accessing the network and controlling a guard bot inside the network to grant access for the second member to the space. The guard bot adds the second member to an access control list.

Abstract: A sub system (110) included in a robot that executes a program for performing a predetermined function includes a data receiving unit (115) that receives expansion data that expands the function of the robot, a data incorporation unit (116) that incorporates the received expansion data, a password output unit (113) that outputs a password corresponding to a predetermined condition, and a server sub system (100) that provides a plurality of expansion data includes a terminal communication unit (101) that accepts an input of the password by a user, an option presentation unit (125) that obtains the plurality of expansion data corresponding to the accepted password and presents to the user, a data selection unit (104) that accepts a selection of the user, and a data transmission unit (106) that transmits the selected expansion data to the robot sub system (110).

Abstract: Techniques for providing different levels of access based upon a same authentication factor are provided. A first message is received that is transformed with a first portion of a split private key, the first portion based upon a user password and another factor, and the split private key associated with an asymmetric key pair having a public key and the split private key. The user is authenticated for a first level of network access based upon the received first message being transformed with the first portion. A second message is received that is transformed with a second portion of the split private key, the second portion based upon the password only and not combinable with the first portion to complete the split private key. The user is authenticated for a second level of network access different that the first level based upon the received second message being transformed with the second portion.

Abstract: When a user makes a remote log-in to a server apparatus from a terminal apparatus, a password managing apparatus, which manages the name of a user of the server apparatus, his/her direct log-in password and transformation rule, displays an authentication purpose symbol sequence on a display apparatus. The user transforms the displayed sequence by his/her transformation rule and supplies, via the terminal apparatus, his/her user name and the post-transformation symbol sequence to the server apparatus, which then sends them to the password managing apparatus. If the result of applying the user's transformation rule to any authentication purpose symbol sequence generated in the past coincides with the post-transformation symbol sequence, the password managing apparatus sends the direct log-in password to the server apparatus to pass the remote log-in to the server apparatus by the terminal apparatus as a success.

Abstract: An embodiment of a method includes receiving a request from a user agent to use a communication network, determining that the user agent is not recognized on the communication network, and requiring submission of location information prior to allowing the user agent to use the network. An embodiment of a system includes a recognition module configured to determine whether the communication device is recognized in response to a request to use a communication network from the communication device, a notification module configured to notify the communication device that the communication device is not recognized, wherein notification that the communication device is not recognized indicates that location information must be submitted prior to the communication device using the communication network; and a location update module configured to receive submitted location information and update the location of the communication device based on the location information.

Abstract: The disclosed implementations generally provide a user access to a secure network resource (e.g., a website, chat application). In some implementations, access to a secure network resource is provided by a communication terminal in communication with a secure access service. The communication terminal detects a presence of a unique identifier (e.g., a Bluetooth MAC address stored in a mobile device), and passes the unique identifier and cryptographic information (e.g., a key code or digital certificate) to the secure access service. The secure access service validates the integrity of the unique identifier and authenticates the user of the device by reading the cryptographic information (e.g., reading the certificate).

Abstract: A system, method and apparatus for managing access across a plurality of applications is disclosed. The system may include a user store connector configured to connect to one or more user stores to retrieve attributes; an authentication connector configured to communicate with at least one authentication subsystem to authenticate a user; a policy engine configured to retrieve attributes from the user store connector corresponding to a user and use the attributes to evaluate access policies, if any, which are defined for protection of resources, to determine whether or not the user should be granted access to the resources; an admin component that is configured to enable the access policies to be defined relative to attributes and the resources; and a policy store configured to store the access policies.

Abstract: Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

Abstract: A communication device including an access authority data managing DB device for managing access authority data with which access authority for at least one of storage area defined logically or physically in a storage device and file data stored in the storage area is defined while at least one of a user making the access and a group to which the user concerned belongs is set as a unit, and a non-open WWW device for controlling an access to the storage device on the basis of the access authority data achieved from the access authority data managing DB device in accordance with an access from a terminal device.

Abstract: A universal plug and play (UPnP) device and method of providing a remote access service, the method including: receiving product identification number (PIN) information that is an identifier provided to a remote access server (RAS) device when manufactured and a uniform resource locator (URL) of the RAS device from the outside; generating WPS messages including a credential ID and remote access transport agent (RATA) capability information, which are generated based on the PIN information; encapsulating an extensible authentication protocol (EAP) packet including the WPS messages as an IP based application protocol packet; and transmitting the IP based application protocol packet to the RAS device.

Abstract: A system for client initiated authentication comprises a user agent client and a user agent server. The user agent client is operable to communicate a session initiation protocol request. The session initiation protocol request comprises an authenticate header and a require header that comprises a server authentication tag. The user agent server is operable to receive the session initiation protocol request. The user agent server is further operable to communicate a session initiation protocol response in response to the session initiation protocol request. The session initiation protocol response comprises an authorization header having a credential of the user agent server.

Abstract: A distributed computing system conforms to a multi-level, hierarchical organizational model. One or more control nodes provide for the efficient and automated allocation and management of computing functions and resources within the distributed computing system in accordance with the organization model. The model includes four distinct levels: fabric, domains, tiers and nodes that provide for the logical abstraction and containment of the physical components as well as system and service application software of the enterprise. A user, such as a system administrator, interacts with the control nodes to logically define the hierarchical organization of distributed computing system. The control node detects the addition of a node added to the network and automatically identifies attributes for the detected node.

Abstract: Consent management between a client and a network server. In response to a request for consent, a central server determines if requested user information is included in a user profile associated with a user and if the user has granted consent to share the requested user information. A user interface is provided to the user via a browser of the client to collect the requested user information that is not included in the user profile and the consent to share the requested user information from the user. After receiving the user information provided by the user via the user interface, the service provided by the network server is allowed access to the received user information, and the central server updates the user profile. Other aspects of the invention are directed to computer-readable media for use with profile and consent accrual.

Abstract: A system and method for reusable efficient key distribution is disclosed. Key distribution is effected through the application of self-repairing groups that obviate the need for key distribution messages in portions of a hierarchical tree. In one embodiment, the self-repairing group is based on a reusable power set.

Abstract: The present invention relates to a system and method for displaying commercial content within or alongside an application on a computing device, based on a user's browsing history. The commercial content can be displayed within or alongside an offline application, for example, when the computing device is offline, or on an online application such as a browser.

Abstract: A system for authenticating a prospective user is disclosed. The system has an address receiver for receiving an address of an email account associated with the prospective user. It also includes a device number receiver for receiving a device number of a device associated with the prospective user. The system has an email sender for sending an email containing authentication information to the email account and a message sender for sending different authentication information to the device. The system includes a message receiver for receiving a first message and a second message from the prospective user. There is a confirmer for confirming that the first message is the authentication information contained in the email and confirming that the second message is the different authentication information sent to the device.

Abstract: Mobile unit 16 which can activate Java-AP software obtains ADF 205 from IP server unit 13, receives SDF (security descriptive file) 204 by using ADF 205 from administering server unit 18 which a trustworthy organization (a communication provider which administers mobile packet communication network 15) administers, and obtains Jar file 206 by using ADF 205 from IP server unit 13. Then, mobile unit 16 installs Java-AP software containing these files. Java-AP, which is achieved by activating the installed Java-AP software, operates within the range of authorization expressed by policy information contained in SDF 204.

Abstract: A network boot system including one or more client terminals, a DHCP (Dynamic Host Configuration Protocol) server, a PXE (Preboot Execution Environment) server, a TFTP (Trivial File Transfer Protocol) server, a database administration server, one or more storage devices, and an authentification server (such as a Radius server) connected to each other via a TCP/IP (Transmission Control Protocol)/Internet Protocol) network. A plurality of LU provided in the storage devices as separated into a system area LU and a user area LU prepared per user.

Abstract: Systems and methods according to the present invention provide a proactive approach to controlling access to information that may be correlated with a governmentally issued personal identifier. Included are systems and methods for proactive control of information access and liability incursion. Further included are systems and methods for emulating information access to an authorized person. Generally, a method according to the present invention includes the steps of requesting verification from a subscriber at any time that information is requested from registered information holders and any time that liability may be incurred through registered information holders. In this way, the subscriber, rather than reacting to invasive information or identity theft, may proactively control access to such information, thereby preventing the theft in the first place.

Abstract: This invention is to enable to provide a network service, flexibly and quickly. In an embodiment of the invention, a network platform is achieved by a service providing network. The network platform provides common functions such as authentication and authorization, billing, and client management, and individual functions such as session control for client terminals connected with the service providing network. The client terminal generates and registers a service program to utilize functions in the network platform via a network management interface SMI. Then, by executing the service program, a service request for a specific function is transmitted to the network platform through a service control interface SCI, and the execution result is received from the specific function in the network platform.

Abstract: A method and system for authorizing communications sent from a sender to a recipient. The authorization system receives a communication sent from a sender to a recipient. The authorization system determines whether that sender is authorized to send communications to that recipient. If the authorization system determines that the sender is not authorized, then the authorization system sends an authorization communication to the sender. The authorization communication requests authorization information from the sender. When the authorization system receives the authorization information, it determines whether the information is correct. If correct, then the authorization system indicates that the sender is authorized and forwards the communication to the recipient. When a subsequent communication sent from the sender to the recipient is received, the authorization system may automatically determine that the sender is authorized and forward the communication to the recipient without re-contacting the sender.