Abstract: A method and system for facilitating interaction between an electronic device and a plurality of content provider websites are disclosed. In one embodiment, the method includes receiving at a server a plurality of information portions provided from the websites, where each of the information portions is associated with a respective copy of information that is available at each of the websites. The method also includes aggregating at the server the information portions so that they are combined into an overall grouping, with the respective information portions being maintained respectively as distinct subportions within the grouping. Further, the method includes sending from the server a message for receipt by a part of the electronic device, the primary message including the grouping. The grouping is sent together with an additional copy of the information or with an indication of that information to which the overall grouping relates.

Abstract: A method for integrating a dynamic token generator into a mobile device is provided. The method may include displaying a display. The method may also include transmitting a serial number to a provider. The method may also include receiving a quick response (“QR”) code from the provider. The QR code may contain token activation information. The token activation information may relate to the validated token serial number. The token activation information may include the serial number, an activation code, and an activation password. A dynamic token generator may be configured to internally recognize and scan in the quick response code displayed in the display. The dynamic token generator may also be configured to activate an OTP seed application using at least some of the information stored in the quick response code.

Abstract: The present disclosure is directed to methods and systems for user registration, where a user is logged in to a first device in communication with a server, including: receiving an anonymous registration of a second device comprising a token, where the second device is in communication with the server; receiving a credential of the user and the token; finding the second device using the token; and registering the user on the second device using the credential.

Abstract: An embodiment relates generally to a method of binding a token to a user. The method includes receiving a token embedded with an address and inserting the token into a computer. The method also includes connecting to the address stored on the token and binding a user to the token based on information from the address.

Abstract: Described herein is a technology for facilitating the integration of a collaboration environment. In some implementations, an activity associated with a business object is accessed via a work center. A request to post the activity is sent to a collaboration application. The collaboration application then returns an activity identifier, and the user is redirected to the activity identifier.

Abstract: A method and apparatus for changing authentication for a legacy access interface using an access adapter and a token device. The method enables to change authentication factors based on context and allows secure multi-user sharing of legacy applications.

Abstract: An application to be installed is acquired. Security policy geographic information, which is geographic information of an application's target distribution area where a user permits installation, is acquired from security policy that defines processing regarding the application. Application geographic information, which is geographic information of an application's target distribution area, is acquired from the acquired application. Based on a comparison result of comparing the security policy geographic information with the application geographic information, whether or not to permit installation of the acquired application is determined.

Abstract: Set forth herein are systems, methods, and non-transitory computer-readable storage media for processing media requests in a secure way. A server configured to practice the method receives, from a media player client, a request for media content. The server requests a playback token from a playback service associated with the media content and generates a tag containing the playback token. Then the server transmits to the media player client a response to the request for media content based on the tag, wherein the media player client retrieves the media content by presenting the playback token to the playback service. The media player client can be an embedded media player or other player in a web browser. The server and the playback service can operate based on a common, pre-shared feed token. Other playback client and playback service embodiments exist.

Abstract: Management of access control in wireless networks known as smart spaces includes a framework that presents non-expert users with a consistent and intuitive interaction mechanism to manage access to devices they own in the smart space without exposing to them the complexity of the underlying security infrastructure. Access control of devices in a network can include providing an interface between a user-level tool on a first device connected to a network and security components associated with the network, communicating a passlet between the user-level tool and the interface, verifying access permission at a second device on the network where access permissions are based on the passlet, and providing a response to the first device based on the verification of the access permission in the passlet. The passlet provides access permissions based on a particular user rather than a particular device.

Abstract: A method of authenticating a device for secure communications between the device and a server comprises transmitting a security token request via a data communications network using a data communications protocol. A message is received from the device that no security token is available. In response, an identification request is transmitted from the server to the device via the data communications network and an identification message is received from the device via a mobile communications network using a mobile communications protocol, the identification message including an identification of the device. The identification of the device is stored in a memory. A security token is generated and transmitted to the device via the data communications network. The security token is stored associated with the identification of the device in a memory connected to the server for use in future secure communications with the device via the data communications network.

Abstract: Establishing trust according to historical usage of selected hardware involves providing a usage history for a selected client device; and extending trust to a selected user based on the user's usage history of the client device. The usage history is embodied as signed statements issued by a third party or an authentication server. The issued statement is stored either on the client device, or on an authentication server. The usage history is updated every time a user is authenticated from the selected client device. By combining the usage history with conventional user authentication, an enhanced trust level is readily established. The enhanced, hardware-based trust provided by logging on from a trusted client may eliminate the necessity of requiring secondary authentication for e-commerce and financial services transactions, and may also be used to facilitate password recovery and conflict resolution in the case of stolen passwords.

Abstract: Techniques for providing internet services to a user through a toll free connection are provided. The techniques include receiving, from an Internet Access Point (IAP), a request for the internet services through the toll free connection provided by a Cloud Service Provider (CSP), wherein the CSP is selected by the user from a plurality of CSPs. Access credentials are received from IAP and are forwarded to the selected CSP. A token is received from the CSP if the user is authenticated by the CSP based on the access credentials. The token is sent to the IAP wherein the token is used by the user to access the Internet services through the toll free connection.

Abstract: A method for identity mapping across web services uses a delegated authorization protocol, such as OAuth. In response to a request from a first user at a first web service, a connection to a second web service is established using the protocol. The second web service responds by sending information associated with a second user of the first web service who previously logged into the second web service from the first web service using the protocol. The second user may be a “contact” of the first user. The information received from the second web service is a access token that was obtained by the second user during that prior login. The access token is provided in lieu of data associated with the second user's account at the second web service. Thereafter, the first web service uses the access token it received to map to an identity of the second user.

Abstract: Systems and methods for secure file portability between mobile applications in a cloud-based environment or cloud-based collaboration and file sharing environment. In one embodiment, a server-based key generation service generates an encryption key that is unique to each file transfer transaction between mobile applications accessed via a mobile device. Data packages leaving a mobile application are then encrypted using the encryption key to provide secure file portability between mobile applications. In another embodiment, a background service triggered by a mobile application detects when a user is logged out of the mobile application and revalidates the user session with the mobile application to maintain portability of files between mobile applications.

Abstract: Methods and systems for accessing customer account information involve, for example, binding a computing device with a customer's profile via one or more attributes of the computing device and an encrypted token stored on the computing device and thereafter receiving an authentication request consisting at least in part of the computing device attributes and the encrypted token stored on the computing device. A determination is made as to whether or not entry of a customer credential was received within a pre-determined preceding interval of time, and predefined customer account information is displayed on the computing device without requiring entry of the customer credential when a determination is made that entry of the customer credential was received within the pre-determined preceding interval of time.

Abstract: The present invention relates to the field of information security. Disclosed are a system and method for communication between a dynamic token and a tool, the system comprising a tool part and a dynamic token part; the tool part comprises a control module and a tool radio frequency communication module; the dynamic token part comprises an MCU and liquid crystal module and an OTP radio frequency communication module. The method comprises: the tool part transmits a modulated wake-up command signal to the dynamic token part in the form of an electromagnetic wave; when a wake-up response command signal returned by the dynamic token part is correctly received, the tool part transmits the modulated command signal to the dynamic token part in the form of an electromagnetic wave; and the tool part detects the amplitude variation of the generated carrier signal, judges whether the response signal is correctly received, and operates correspondingly.

Abstract: A method includes receiving a packaged application's request for access to a user's cloud- or network-based account. The packaged application runs outside a web browser on a computing device. If there is an outstanding user consent to access by the packaged application to the user's cloud- or network-based account, the method includes returning an access token to the packaged application. The access token gives the packaged application access to the user's cloud- or network-based account. If there is no outstanding user consent to access by the packaged application to the user's cloud- or network-based account, the method includes presenting a web-based user consent dialog in a webview container in an identity component application installed on the computing device.

Abstract: A wireless access point employs a wireless configuration database for retrieving a stored wireless profile corresponding to a subscriber device from a remote location that enables the user to establish an Internet connection using their subscriber device with the same network identifiers and settings employed from the home wireless profile. The network identifier is typically an SSID (Service Set Identification), and labels the wireless configuration using a mnemonic name familiar to the user. The wireless configuration also denotes authentication and security (passphrase) tokens required for access, and would therefore enable the user to sign on at the remote wireless access point using the passphrase already known from their home WiFi arrangement. Subsequent attempts automatically establishing a connection to the subscriber device upon detection and authentication using the retrieved wireless profile without broadcasting an open SSID receivable by other wireless devices within range.

Abstract: Systems and methods for device-based authentication are disclosed. In some implementations, a device receives a Single Sign On PIN from a backend server. The device transmits, to a token server, the Single Sign On PIN and credentials of a subscriber identity module (SIM) to request a token for accessing a network resource via a computer different from the device. The token is associated with a user account. The device receives the token from the token server. The device stores the token at a local memory of the device.

Abstract: The present invention relates to an identification process of application of data storage and identification hardware with IC (Integrated Circuit) card, and particularly to an IC card and within identification ICCID and GLN, which can be installed in a USB compatible flash memory, as identification hardware device. This can be as a useful authorization process of records companies or intellectual property owners. The hardware can also be used as storage media. Use non-duplication code in IC card and encryption system to ensure user authentication and data confidentiality on Internet or any other information system of computer. As using normal private key the invention is easy and convenient to use.

Abstract: A system and method for realizing specific security features for a mobile device that may store sensitive and private data by providing secured communications to a paired remote device. In this respect, both the mobile device (which may be a mobile phone, for example) and the paired remote device (which may be a keychain, for example) include a SIM card that may have identification data stored therein. Once paired, the two devices may communicate encrypted security messages back and forth in order to implement various security measures to protect data and wireless communications. Such messages may be generated from initial information known only to each respective device such as a randomly generated offset number and a common time reference.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: An intercepting proxy server processes traffic between an enterprise user and a cloud application. The intercepting proxy server provides interception of real data elements in communications from the enterprise to the cloud and replacing them with obfuscating tokens which are randomly generated. To the cloud application real data are only visible as tokens. Tokens included in results returned from the cloud, are intercepted by the intercepting proxy server, and replaced with the corresponding real data elements. The obfuscating tokens are not computationally related to the original sensitive value. Each intercepted real data element is stored in a local persistent storage layer, and indexed by the corresponding obfuscating token, allowing the real data element to be retrieved when the token is returned from the cloud, for delivery to the user.

Abstract: Apparatus and methods are provided that prevent cross-site request forgery at one or more web servers. A proxy dynamically monitors web server responses to client requests for content having a selected characteristic, adds a hidden token to content identified as having the selected characteristic prior to serving the content to a requesting client, and stores a copy of the hidden token for later verification that client request content sent to a web server is authentic. The proxy monitors client request content sent to the one or more web servers for a selected characteristic, and allows client request content having the selected characteristic to be processed by a web server application only if the client request content includes a token previously provided by the proxy and only if the token has a value matching a stored token value for the respective client.

Abstract: In a method for processing a data transfer, an electronic device accesses card-specific data and a card account number from a data-storing card. The electronic device generates a device-generated authentication number which is associated with the data transfer, and which is transmitted, together with the card account number and the card-specific data, to a network platform. The network platform compares an inputted authentication number from a portable device and the device-generated authentication number, and transmits to-be-transferred data to the portable device when the authentication numbers correspond with each other.

Abstract: One embodiment of the invention includes a system comprising: a personal digital key and a computer readable medium that is accessible when authenticated by the personal digital key.

Abstract: The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential.

Abstract: Systems and methods for authenticating a request submitted from a client device through a third party content provider to an electronic entity are described. In one embodiment, a method includes providing a trusted script to the third party content provider, passing a trust token to the third party content provider and to the client device, and, in response to a request submitted from the client device through the third party content provider, validating the trust token associated with the request with the token passed to the client device, and processing the request. The trusted script is configured to create a trusted window on the third party Web page displayed on the client computing device, receive a trust token from the electronic entity through the trusted window, and associate the trust token with requests submitted from the client computing device through the third party content provider to the electronic entity.

Abstract: Described herein are various technologies pertaining to constructions of a password-based authentication protocol that are configured to allow a user to register with and authenticate to an online service without the online service receiving a password or a deterministic function of the password of the user. When registering with an online service, a client computing device establishes a cryptographically strong random secret and stores an encryption of such secret with a data storage device. The storage device also never receives the password or a deterministic function of the password. When the user wishes to authenticate to the online service, the user employs her password to retrieve the encrypted secret from the storage device, decrypts such secret, and utilizes the decrypted secret to answer a cryptographically strong challenge provided to the user by the online service upon the online service receiving a username pertaining to such user.

Abstract: A method of managing policy information in a mobile terminal by requesting an external policy management server for information about whether a change has been made to policy information and updating the policy information in a smart card web server of the mobile terminal to control access to resources based on the updated policy information.

Abstract: Methods, apparatus and articles of manufacture for implementing cryptographic devices operable in a challenge-response mode are provided herein. A method includes storing a set of authentication information in a first cryptographic device associated with a user, receiving a challenge in the first cryptographic device in connection with a user authentication request responsive to a request from the user to access a protected resource, wherein the challenge comprises an index of at least one non-sequential portion of the authentication information stored in the first cryptographic device, and outputting a non-sequential portion of the authentication information from the set of authentication information stored in the first cryptographic device in response to the challenge for use in authenticating the user.

Abstract: A user authentication method and system. A computing system receives from a user, a first request for accessing specified functions executed by a specified software application. The computing system enables a security manager software application and connects the specified software application to a computing apparatus. The computing system executes first security functions associated with the computing apparatus. The computing system executes second security functions associated with additional computing apparatuses. The computing system determines if the user may access the specified functions executed by the specified software application based on results of executing the first security functions and the second security functions. The computing system generates and stores a report indicating the results.

Abstract: A system and method for using a GSSAPI security token to transport additional non-GSSAPI data that includes authorization data used by third-party software. The system includes a hook that intercepts a client process's interactions with the GSSAPI. When a client process requests a security context from the GSSAPI, the hook intercepts the security token the GSSAPI provides for the client process. The hook checks to see if there is additional authorization data to transport, adds the additional data to the security token, then gives the token to the client process. The client process sends the security token to the server process, which submits the token to the GSSAPI for evaluation.

Abstract: A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.

Abstract: A method and system are provided for co-browsing of patient records on communication devices. The method includes setting up a communication session between a first communication device and one or more second communication devices, where the communication session is initiated by the first communication device. Further, the method includes accessing one or more patient records via a server, where the one or more patient records are accessed at the first communication device. The method further includes sending a reference of the one or more patient records to the one or more second communication devices, where the reference is sent from the first communication device.

Abstract: Systems and methods for authenticating a media device or other information handling system so as to be able to receive content from one or more media content providers. Authenticating the device includes determining what authentication information the media content providers require for access and then to generating and providing to the media device an authentication token that includes the required information. In some embodiments this may be accomplished by a service center, which removes the need for additional authentication steps to be performed by the media device or the media content providers. In addition, the service center may also determine when changes are made to the authentication information and may then ensure that the authentication token is changed or updated to reflect these changes. This ensures that the media device is at least partially immune to changes to authentication.

Abstract: Methods and systems for operating a Smart Device 102 with a secure communication system. A SPARC Security Device (SSD) 104 is in communication with one or more Smart Devices 102. SSD 104 receives a request for a transaction from a Smart Device 102 executing an application obtained from an Application Controlling Institution (ACI) 101, and is asked to verify the validity of the transaction. A one-time identifier (SSD ID, which replaces the user's account number) is generated by the SPARC Security Device 104. The one-time identifier comprises a unique SSD 104 unit identifier and a one-time transaction number; and optionally comprises a date, a time, an ACI 101 identifier, and a subject matter field. In one embodiment, the Smart Device 102 is not able to send or receive messages to other external devices without first receiving approval from the SSD 104.

Abstract: A smart card installed in a device receives from the device data to be scanned and determines whether a virus exists in the data. Accordingly, security of the device may be enhanced without using substantial resources of the device.

Abstract: This application discloses a method of provisioning an electronic device. The electronic device proactively broadcasts an advertising packet that includes a device identifier associated with the electronic device. A server receives the device identifier via a client device, and issues a link approval response when it verifies that the electronic device associated with the device identifier is available for provisioning in association with a user account. In response to the link approval response, the electronic device and the client device establish communication via a short range wireless link. The client device encrypts at least a portion of network credentials of a secure wireless network using a password key generated at the server, and provides the encrypted network credentials to the electronic device. The electronic device decrypts the encrypted network credentials using a key generated at the electronic device, and accesses the secure wireless network using the decrypted network credentials.

Abstract: The availability of software assets on electronic devices, such as mobile devices of users, is restricted based on the time as determined by a managing server. An application that runs on the electronic devices communicates with the server to obtain information regarding which software assets are permitted to be accessed, and restricts user access accordingly. The server may use a clock, in combination with administrator-generated access restriction policies, to determine which software assets are to be made available on each electronic device at particular points in time.

Abstract: In accordance with various embodiments, systems and methods which allow mapping and protecting communication services and granular access to subscriber information. Such a system can include a plurality of applications, executing on one or more application servers. The system can also include a services gatekeeper which is operable to intercept requests for access to communication services, obtain scoped authorization from a subscriber for access to specified communication services, and enable access to the specified communication services in accordance with the scope authorized by the subscriber.

Abstract: An example method is provided and includes intercepting an action request from an entity for an action to be performed with respect to a resource in a cloud environment, where the action request comprises a resource facet that controls access to the resource. The method also includes determining whether the resource facet is valid for the action by evaluating a policy associated with the resource; and allowing the action.

Abstract: A link is a software abstraction that represents a direct connection between two CoCo nodes. The link layer detects the presence of neighboring devices and establishes links to them. A protocol abstraction layer converts data frames that arrive on network interfaces into packet objects used by the COCO Protocol Suite.

Abstract: Certain embodiments enable authentication of an application session at a client machine by using authentication values and user-identification values that are received from a mobile communication device. The mobile communication device provides an out-of-band channel for validating the session and enables secure authentication for a variety of applications.

Abstract: An intermediary system facilitates a connection request from a client to a server. The intermediary system may participate in either or both of a token creation phase and a server connection phase. If participating in the token creation phase, the intermediary system generates a token that may later be used by the client during a server connection phase. The token includes a session identifier and is returned to the client. If participating in the server connection phase, the intermediary receives the token, which is sent from the client in conjunction with a connection request, extracts the session identifier from the token, and compares against the session identifier for the session in which the token was created. If the session identifiers match, then the intermediary connects to the server to complete the connection request for the client.

Abstract: A computer system receives user input indicating uniform resource identifiers (URIs) for a RESTful web service. The computer system identifies a programming language for a RESTful web service software development kit (SDK) client and creates methods for the URIs using programming code format of the identified programming language. The computer system creates the RESTful web service SDK client using the methods.

Abstract: A device may receive a command from a source device, may receive information that identifies a destination device associated with the command, may receive information that identifies a user associated with the source device, and may determine a network condition of a network associated with the destination device. The device may determine that the user is associated with an available token, where the available token is associated with the user, the command, and the network condition. The device may transmit, to the destination device and based on determining that the user is associated with the available token, the command.

Abstract: A method, apparatus and computer program product relating to software license tokens is presented. A client system requests launching of a software application and retrieves a first software license token associated with the software application. The client system determines whether the license token associated with the software application is valid, wherein when the license token is valid, the client system launches the software application. When the license token is not valid then the client system requests a replacement license token. The client system receives the replacement license token and stores the replacement license token. The client system then retrieves the stored license token and determines whether the license token is valid. When the license token is valid, then the software application is launched, when the software license token is not valid then the client system refrains from launching of the software application.

Abstract: A security process involves log-in and data exchange between a server and a user operating a computerized appliance. The process requires a user-specific token, independent verification of the server execution within a programmed time window. A hash created at the client side is reproduced at the server side from separate data and compared to the client hash. Too much time or incorrect hash denies access.

Abstract: A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.