Entries |
Document | Title | Date |
20080209221 | System, Method and Apparatus for Cryptography Key Management for Mobile Devices - A technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise. In one example embodiment, this is achieved by creating a new user account using the UID and the DPswd in an inactive state and communicating the UID and the DPswd to an intended user using a secure communication medium by an administrator. The intended user then logs into a cryptography key management system using the UID and the DPswd via a client mobile device. The UDID associated with the client mobile device is then hashed to create a H(UDID). The H(UDID) is then sent to the cryptography key management system by a local key management application module. The H(UDID) is then authenticated by the cryptography key management system. An encryption/decryption key is then assigned for the client mobile device. | 08-28-2008 |
20080229112 | ACCESS CONTROLLER - A deciding unit causes a database, by employing a table joining function, to join a plurality of real tables to generate a virtual table containing target data that can be provided to an authentic user, acquires the target data from the virtual table, and decides data to be displayed on a client device used by the authentic user based on the target data. | 09-18-2008 |
20080250248 | Identity Management System with an Untrusted Identity Provider - This invention describes an Identity Management system, in which the User uses the same set of credentials to log into multiple Web Service Providers (WSPs). However, unlike in traditional systems, none of the WSPs have to rely on assertions issued by the Identity Provider (IdP). The Identity Provider itself remains agnostic of User's credentials and User's personal information (the Identity). A 3-way cryptographic protocol is employed between the User, the WSP and the IdP that allows credentials re-use without exposing the IdP to any sensitive information. | 10-09-2008 |
20080250249 | Data access method against cryptograph attack - The present invention discloses a data access method accomplished by the following steps of: creating a predetermined password; generating a first encryption key; encrypting data based on the first encryption key; prompting for the predetermined password upon receipt of an access request; decoding a header of the NAND flash memory based on a user-entered password; examining the header to determine whether a mapping between the user-entered password and the first encryption key is defined; and decrypting and outputting the data by a decryption key when the mapping between the user-entered password and the first encryption key is defined. | 10-09-2008 |
20080276097 | Alternate to email for messages of general interest - This invention is an online system to forward and discuss messages of common interest among members of the system. The system is based on a central server that manages all member accounts, messages and message flow among the members. The system introduces the concept of private comments on a public message. While the message is open to all members of the system, each comment on the message is restricted to be viewed only by members to whom the comment is sent to. This allows an email like interface to forward and discuss the same message among different groups of people. The system also provides metrics related to the overall reach and popularity of the message. | 11-06-2008 |
20080276098 | ONE-TIME PASSWORD ACCESS TO PASSWORD-PROTECTED ACCOUNTS - Systems and methods facilitate secure one-time-password access to an account in a remote server from an untrusted client. The system consists of an intermediary component whose salient components are a proxy component, a webserver component, and an encryption/decryption component, and it preserves the characteristics of both the server and client. In a man-in-the-middle fashion, the proxy substitutes a one-time password entered at a login interface with a true password, and forwards it to the remote login server. True passwords are encrypted using a seed associated with user identifiers, and a list of one-time passwords is generated/updated and stored on media or transmitted to an electronic device. Substitution takes place by decrypting the one-time password with the seed used for encryption, ensuring the proxy avoids storing the true password. | 11-06-2008 |
20080282091 | Systems and Methods of Securing Resources Through Passwords - Disclosed is a method of authorizing access to an item that maintains a lockout count and blocks access to the item if the lockout count exceeds a predetermined value. One feature is that the invention “variably” increments the lockout count if the presented password fails to exactly match the stored password. In this process the invention increments the lockout count different amounts depending upon how closely the presented password matches the stored password. The invention also provides a methodology that allocates a plurality of the same passwords to a plurality of users who share the same userid. The invention allows continuous operation of the item being accessed by providing that each of the passwords has a different expiration date. Also, when dealing with situations where a plurality of users who share the same userid also share the same password, the invention maps information associated with the users to the password in a data file and periodically updates the data file. | 11-13-2008 |
20080301460 | REMOTE PROVISION OF CONSISTENT ONE-TIME PASSWORD FUNCTIONALITY FOR DISPARATE ON-LINE RESOURCES - Consistent one-time password (OTP) functionality is provided from a presentation server to secure various on-line resources. A seed file can be provided to or created by a service provider for execution as part of a hosted page displayed at a client to a user. A presentation server receives a call from the seed file. A user interface widget can be initialized at the presentation server in response to the call from the seed file. The widget can be displayed as part of the remotely hosted Web page so that the user perceives the UI widget to be embedded in the page as viewed on the client computer system. Security for the interaction between the servers can be provided through use of security assertion markup language (SAML). | 12-04-2008 |
20080307235 | METHOD OF PRESENTING FEEDBACK TO USER OF CHANCES OF PASSWORD CRACKING, AS THE PASSWORD IS BEING CREATED - A method, system and computer program product for automatically displaying the potential risk associated with cracking a password. While creating or modifying a password, feedback is provided describing the risk associated with cracking the password. Risk assessment may be presented as a percentage, accompanied by an explanation of why the value was ascertained. Risk feedback during password creation provides an opportunity to improve computer, document, and file security. | 12-11-2008 |
20080313470 | MULTIPLE USER AUTHENTICATIONS ON A COMMUNICATIONS DEVICE - A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user. | 12-18-2008 |
20090006856 | ADAPTIVE AUTHENTICATION SOLUTION THAT REWARDS ALMOST CORRECT PASSWORDS AND THAT SIMULATES ACCESS FOR INCORRECT PASSWORDS - In the invention, incorrect authentication information for accessing at least one secured computing asset can be received. A similarity score between the incorrect authentication information and correct authentication information can be determined. One of many different access levels can be assigned to a computing session based upon the similarity score. Access consistent with the assigned access level can be granted. One access level can be an emulation access level that grants access to at least one simulated asset designed to mimic the secured asset. Access to the simulated asset can be provided in a fashion so that a user, who is likely an intruder, is unaware that they are not receiving the secured asset information. A tracking action can he optionally initiated against the intruder. Further, user behavior with the simulated session or a limited access session can be compared against a behavior profile to dynamically increase or decrease session permissions. | 01-01-2009 |
20090006857 | METHOD AND APPARATUS FOR STARTING UP A COMPUTING SYSTEM - A computer system may be powered up or awakened from a power-saving state with one single user action. An authentication device may be used to detect a user action and to collect data from the user action. An authentication module may be used to authenticate a user based on the data collected by the authentication device. A controller may enable a user to access a non-volatile storage medium for user credentials necessary to power up or awaken the computer system. | 01-01-2009 |
20090019289 | NEGATIVE AUTHENTICATION SYSTEM FOR A NETWORKED COMPUTER SYSTEM - The disclosed invention is a method for screening access to a computer system using a negative authentication system. Input login requests are compared against a set of detectors comprising anti-passwords and only allowed further access if they do not match any of the anti-passwords. A method of generating a set of detectors comprising anti-passwords is also disclosed. | 01-15-2009 |
20090049306 | Method, Computer System, and Computer Program Product for Password Generation - The generation of a unique password using a secret key and an application name is disclosed. Other passwords may be generated for other applications using the same key. A user provides a key that is not easily able to be guessed by third parties. The user also inputs a name of an application for which a password is desired. The system utilises the application name and the secret key to generate a unique password for that application, using standard encryption techniques. The system generates the same password for that application and secret key combination every time. Alternate embodiments generate a user identifier from the same secret key and application name. | 02-19-2009 |
20090089588 | METHOD AND APPARATUS FOR PROVIDING ANTI-THEFT SOLUTIONS TO A COMPUTING SYSTEM - A manageability engine (ME) may be used to authenticate a user for a computer system. A data collection module may be coupled to the ME to collect data (e.g., fingerprint image, facial images, speech, etc.) from a user. The ME processes the collected data to authenticate the user. If the authentication is successful, the system may boot, resume from a sleep state, or become re-accessible by the user; otherwise, the user is prevented from using the system or accessing data stored therein. | 04-02-2009 |
20090113208 | WIRELESS NETWORK HAVING MULTIPLE COMMUNICATION ALLOWANCES - Multiple levels of wireless network resource granting. A user who has an authorized key, e.g., an encryption key or a key indicating that they have paid for service, gets a first, better level of access to the network resources. One without the key is granted lesser access, e.g., less total bandwidth, less bandwidth speed, no access to files or the like. | 04-30-2009 |
20090132827 | DEBUGGING PORT SECURITY INTERFACE - The present invention provides a secure JTAG interface to an application-specific integrated circuit (ASIC). In the preferred embodiment the invention operates through the combined efforts of a Security Module (SM) comprising a state machine that controls the security modes for the ASIC, and a Test Control Module (TCM) which contains the JTAG interface. The TCM operates in either a restricted mode or an unrestricted mode, depending on the state of the SM state machine. In a restricted mode, only limited access to memory content is permitted. In an unrestricted mode, full access to memory content is permitted. | 05-21-2009 |
20090144554 | Two-way authentication with non-disclosing password entry - A method of two-way authentication between a user and a known host using a non-disclosing password entry system generates a matrix of characters having a random characteristic with random characteristics being selected from a set of custom symbols, pictures or patterns (rather than alpha-numeric characters) that only the user recognizes. When the user sets up an account with the known host, a subset of these characteristics is predetermined for use specifically by the user. One or more of these may additionally be used in the user's PIN or password for easy memorization, allowing the user to first authenticate the log-in screen before the user enters the PIN for user authentication to the known host. Alternatively, randomized alpha-numeric characters may be used, but with a predefined grouping or subset of the characters in a predefined position on the initial character matrix presentation. If the user doesn't see the predefined special characters or figures in the character matrix, or the particular alpha-numeric subset in the character matrix, then the log-in screen is recognized as a fake. | 06-04-2009 |
20090150677 | TECHNIQUES FOR REAL-TIME ADAPTIVE PASSWORD POLICIES - Techniques real-time adaptive password policies are presented. Patterns for passwords are regularly analyzed along with other factors associated with the patterns to dynamically determine password strength values. The strength values can change over time based on usage statistics. When a strength value falls below an acceptable threshold, passwords associated with that particular pattern can be downgraded or rejected in real-time and existing policy can be adapted to reflect the undesirability of that pattern. | 06-11-2009 |
20090150678 | Computer and method for sending security information for authentication - The present invention provides a computer and a method of sending security information for authentication, which relate to transmission of data information in computers. The present invention solves the vulnerability of information when a user conducts network transaction activities by a terminal. The computer of the present invention comprises: a virtual system platform; a first guest operating system installed on the virtual system platform, which is for installing a service application module, wherein the service application module generates a security information input interface when it is being executed; a second guest operating system installed on the virtual system platform; the second guest operating system comprises: a dynamic password generation module for generating security information, the security information is input into the security information input interface and is sent to a network server for authentication. The security of network activities conducted by users can be enhanced. | 06-11-2009 |
20090172406 | METHOD AND SYSTEM FOR PROTECTING PATIENT DATA - A method for a medical system to transmitting patient information to an external USB storage device includes checking the validity of the USB storage device according to the registered information therein, generating a new identification file according to a new times of using value that is incremented each time the validity checks are passed, and a unique ID number of the USB device, and writing the new identification file into the USB storage device to replace the old identification file. | 07-02-2009 |
20090172407 | VIRTUAL SMART CARD SYSTEM AND METHOD - A public key authentication system and method for use in a computer system having a plurality of users. The system includes a virtual smart card server, storage connected to the virtual smart card server, and a virtual smart card agent connected to the virtual smart card server. The storage includes a plurality of virtual smart cards, wherein each virtual smart card is associated with a user and wherein each smart card includes a private key. The virtual smart card agent authenticates the user and accesses the authenticated user's virtual smart card to obtain the user's private key. | 07-02-2009 |
20090172408 | METHOD AND SYSTEM FOR MANAGING THE DISPLAY OF SENSITIVE CONTENT IN NON-TRUSTED ENVIRONMENTS | 07-02-2009 |
20090193263 | Identifying and processing an unauthorized access request - The system reuses the classic User ID & Password combination for authentication and adds a third component called a USE code for additional authorization check, as an example. This method allows access to a system when it is requested with correct User ID and Password (i.e., with correct pass code) but with an unauthorized USE code, the system identifies it as an unauthorized access and triggers the proper security measures to minimize the damage and monitor the actions in a way not to alarm the unauthorized user who is using the owner's credential to access the system. The USE Code is an extension to the pass code to raise various alarms and have a stepwise access level control based on different inputted values. | 07-30-2009 |
20090240949 | Identity authentication based on keystroke latencies using a genetic adaptive neural network - A system and method identify the person who is using a keyboard based on keystroke latencies as the person types certain key combinations. In some embodiments the latencies are monitored as the person types a password, while in others they are monitored as the person types other information and continues to use the computer. In some embodiments the identification yields a binary result (whether the latency profile matches the profile stored for a particular user), while in others a confidence level is given. A mismatch, or a confidence level below a particular threshold, results in a request for further identity verification, creation of a log entry, immediate notification of responsible personnel, or denial of access (or continued access). | 09-24-2009 |
20090249077 | METHOD AND SYSTEM FOR AUTHENTICATING USERS WITH A ONE TIME PASSWORD USING AN IMAGE READER - A method and system to authenticate users with a one time password by using a visual communication channel. The method and system may include using a device to capture a sequence of images being displayed and decrypt an encrypted one time password contained in the sequence of images. | 10-01-2009 |
20090265559 | USER AUTHENTICATION BY LINKING RANDOMLY-GENERATED AUTHENTICATION SECRET WITH PERSONALIZED SECRET - This patent application discloses techniques, devices and systems for user authentication based on linking between a randomly generated authentication secret and a personalized secret. | 10-22-2009 |
20090287936 | MANAGING PASSWORDS USED WHEN DETECTING INFORMATION ON CONFIGURATION ITEMS DISPOSED ON A NETWORK - Disclosed embodiments include a computer system for receiving an encrypted password from an ID management system. The computer system sends the encrypted password to a decryption system, where the decryption system decrypts the encrypted password. The decrypted password is then transmitted to the computer system, and the computer system transfers the decrypted password to a configuration item disposed on a network. Based on the password, the configuration item sends data concerning the configuration item to the computer system. | 11-19-2009 |
20090307498 | USER-DEFINED PASSWORDS HAVING ASSOCIATED UNIQUE VERSION DATA TO ASSIST USER RECALL OF THE PASSWORD - An electronic device includes password protected functionality using a password that can be changed by the user. A user-specified password is stored in association with unique version data that is subsequently provided to help user recall of the password associated therewith. | 12-10-2009 |
20090327740 | Securing a password database - An apparatus and a method for storing an encrypted username and password. In one embodiment, a username is encrypted. A password associated with the username is encrypted. A user identifier associated with the username is encrypted. The encrypted username, the encrypted password, and the user identifier are stored in one or more database. | 12-31-2009 |
20090327741 | SYSTEM AND METHOD TO SECURE BOOT UEFI FIRMWARE AND UEFI-AWARE OPERATING SYSTEMS ON A MOBILE INTERNET DEVICE (MID) - In some embodiments, the invention involves adding a capability for a platform owner or administrator to ensure that the firmware is only executed in an owner-authorized fashion, such as with signed components managed by a security processor. Embodiments may extend the Core Root of Trust for Measurement (CRTM), via use of a cryptographic unit coupled to the security processor in a mobile Internet device (MID) as a Root-of-Trust for Storage (RTS) Storage Root Key (SRK), into a unified extensible firmware interface (UEFI) Platform Initialization (PI) image authorization and boot manager. Other embodiments are described and claimed. | 12-31-2009 |
20090327742 | METHOD FOR MANAGING MULTIUSER DIGITAL PHOTO FRAME - A method for managing multiple users on a digital photo frame is disclosed. The method includes: adding a user account on the digital photo by a user inputting a username and a password, associating files with the username, prompting users to enter the username and password associated with the files to access the files and determining whether the username and password are correct, and if they are, allowing the user to access the files. | 12-31-2009 |
20100011221 | Secured storage device with two-stage symmetric-key algorithm - A secured storage device uses a user key set by user to encrypt a primary key that is for encryption or decryption of user data, to produce a first encrypted data. In the secured storage device, neither the primary key nor the user key is stored, but the first encrypted data, and a secondary key and a second encrypted data produced from the secondary key encrypted with the user key for verifying the password inputted by user are stored. Therefore, even though a storage medium in the secured storage device is detached and read, the primary key and the user key cannot be obtained by a third party for reading out any encrypted user data from the secured storage device. | 01-14-2010 |
20100017616 | WEB BASED SYSTEM THAT ALLOWS USERS TO LOG INTO WEBSITES WITHOUT ENTERING USERNAME AND PASSWORD INFORMATION - Systems and methods for securely managing Internet user passwords are presented herein. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website. | 01-21-2010 |
20100042847 | METHOD FOR AUTHENTICATION USING ONE-TIME IDENTIFICATION INFORMATION AND SYSTEM - The present invention relates to a method and system that can safely and conveniently perform user authentication by a service provider server and at a public terminal using one-time identification information. According to the present invention, when user authentication is performed using a public terminal to receive an Internet service provided by a service provider, personal identity information to be provided to the service provider can be prevented from being leaked due to fishing or hacking while the personal identity information is input. Therefore, the user can be safely and conveniently authenticated by the service provider. | 02-18-2010 |
20100058066 | METHOD AND SYSTEM FOR PROTECTING DATA - A method and a system for protecting data are provided. When a computer system is powered on, a verification code is compared with a predetermined verification code. If the verification code matches the predetermined verification code, an encrypted configuration data stored in a configuration data block of a storage device is decrypted with the verification code to obtain an original configuration data of the storage device. Thereby, data loss is effectively prevented and a data protection mechanism is provided. | 03-04-2010 |
20100077223 | AUTHENTICATION DEVICE, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD, PROGRAM AND RECORDING MEDIUM - To prevent an input password from being stolen by an invalid authentication device. An authentication device | 03-25-2010 |
20100082999 | Wireless Communication Device, Method for Wireless Connection, and Computer Usable Medium Therefor - A wireless communication device to be wirelessly connected to a wireless network is provided. The wireless communication device includes a password obtainer to obtain a password designated by a user for connecting the wireless communication device to the wireless network, and a wireless connector to connect the wireless communication device to the wireless network with the use of the obtained password. The wireless connector sequentially selects one set from two or more sets, and sequentially attempts to connect the wireless communication device to the wireless network with the use of the sequentially selected one set. Each set of the two or more sets has an authorization method and an encryption method. | 04-01-2010 |
20100153735 | Entering an identifier with security improved by time based randomization of input steps based upon time - A secure method, apparatus or computer program incorporates a method for entering private information such as a user identifier, password or other secret code comprising at least one symbol or character. According to method in one illustrated embodiment, the user selects characters for input starting from presentation of an initial suggested character, moving under user control to presentation of a user's desired input character, and then followed by the selection by the user of that presented character as a character for data input. The method includes randomizing the timing of the display and/or reaction time to user input so that the number and timing of the key presses required to select any specific desired character for input is made unpredictable. This makes it difficult during entry of information to determine by covert means what specific information is being entered. | 06-17-2010 |
20100169659 | GAMING CONSOLE-SPECIFIC USER AUTHENTICATION - Systems, methods, and computer program products are provided for user authentication required for conducting online financial institution transactions. The disclosed embodiments leverage the capabilities of platforms other than conventional personal computers and laptops, such as gaming consoles and wireless devices. Unique intrinsic user activities, such as controller motions or activities, built-in hardware signatures or other input data associated with a gaming console are used as the authentication mechanism, so as to provide a higher degree of security in the overall authentication process by lessening the likelihood of password replication or interception during network communication. | 07-01-2010 |
20100169660 | PUBLIC KEY INFRASTRUCTURE-BASED FIRST INSERTED SUBSCRIBER IDENTITY MODULE SUBSIDY LOCK - A method, telecommunication apparatus, and electronic device for securely creating an identity data block are disclosed. A secure memory | 07-01-2010 |
20100174912 | UNIQUE ACCOUNT IDENTIFICATION - A synchronization system includes a first account assigned a first unique identifier. Access to the first account is contingent on validation of a shared access credential. The synchronization system also includes a second account assigned a second unique identifier. Access to the second account is contingent on validation of the shared access credential. The synchronization system further includes a library of account operations. One or more account operations are configured to utilize the first unique identifier when addressing the first account, and one or more account operations are configured to utilize the second unique identifier when addressing the second account. | 07-08-2010 |
20100180126 | SECURE REMOTE PASSWORD VALIDATION - A method, system and apparatus for secure password validation can include a local authentication process configured for coupling both to local authentication data and to a remote authentication process. The system also can include a comparator disposed in the local authentication process and programmed to detect an extended password string in the local authentication data. Finally, the system can include a remote authentication handler disposed in the local authentication process and programmed to outsource password validation to the remote authentication process responsive to the comparator detecting an extended password string retrieved for a supplied user identifier. Preferably, the remote authentication handler can be a remote procedure call to the remote authentication process. | 07-15-2010 |
20100228987 | System and method for securing information using remote access control and data encryption - The invention relates to a system and method for enhancing the security of information by decoupling the user authentication from the data storage and access. User information, stored by a service provider, is encrypted using a hashed password and access to the encrypted user information is protected by a separate access control server. The access control server and service provider may be provided a uniquely hashed first and second password, respectively. The access control server uses the first hashed password to allow the user access to the service provider, and the service provider then decrypts the user information using the second hashed password. The system ensures that even if the malicious user manages to compromise either the service provider or the access control server the malicious user would remain unable to decrypt and access any stored user information. | 09-09-2010 |
20100235645 | APPARATUS AND METHOD FOR LIMITING ACCESS TO MODEL SPECIFIC REGISTERS IN A MICROPROCESSOR - A microprocessor having a control register to which the manufacturer of the microprocessor may limit access. The microprocessor includes a manufacturing identifier that uniquely identifies the microprocessor and that is externally readable from the microprocessor by a user. The microprocessor also includes a secret key, manufactured internally within the microprocessor and externally invisible. The microprocessor also includes an encryption engine, coupled to the secret key, configured to decrypt a user-supplied password using the secret key to generate a decrypted result in response to a user instruction instructing the microprocessor to access the control register. The user-supplied password is unique to the microprocessor. The microprocessor also includes an execution unit, coupled to the manufacturing identifier and the encryption engine, configured to allow the instruction access to the control register if the manufacturing identifier is included in the decrypted result, and to otherwise deny the instruction access to the control register. | 09-16-2010 |
20100325440 | Method and System for Single Sign-on for Multiple Remote Sites of a Computer Network - A system and method links first and second computers of a network to implement a single sign on feature. The first computer generates a link request having a plaintext component and a hashed component. The plaintext component includes an identifier associated with the first network computer and information for locating a resource of the second network computer. The hashed component includes a first hash result formed by applying a hashing function to the plaintext component and a secret known to the first network computer and the second network computer. The second computer authenticates the link request without using a two-way encryption process by generating a second hash result by applying the hashing function to the plaintext component of the link request and the secret and comparing the first hash result with the second hash result. | 12-23-2010 |
20110004769 | PASSWORD INPUT SYSTEM USING AN ALPHANUMERIC MATRIX AND PASSWORD INPUT METHOD USING THE SAME - The present invention relates to a password input algorithm, more particularly to a password input system and method using an alphanumeric matrix. An aspect of the invention can provide a password input system and method that can defend against keylogging attacks and shoulder surfing attacks, by having the final password inputted by way of certain alphanumeric matrix letters which are separated by a particular distance from the letters forming the password in the alphanumeric matrix. Also, an aspect of the invention can provide a password input system and method that can further increase the probability of defending against keylogging attacks and shoulder surfing attacks, by having the final password inputted by way of certain alphanumeric matrix letters which are separated by a particular distance from the letters forming the password in the alphanumeric matrix, but with the alphanumeric matrix rotated every time a letter is inputted. | 01-06-2011 |
20110029782 | Handling Expired Passwords - A method of operating a server comprises receiving an authorisation request comprising a password, accessing an expiry date for the password, transmitting a response comprising the expiry date, ascertaining whether the password has expired, and receiving a new password, if the password has expired. Optionally, the transmitted response further comprises a date representing the last use of the password and/or an integer value representing a retry parameter. | 02-03-2011 |
20110055584 | METHOD AND APPARATUS FOR ACCESS CONTROL TO INSTALLATION CONTROL SYSTEMS OF WIND ENERGY INSTALLATIONS - A method for access control to installation control systems of wind energy installations. The method includes receiving a requested user name and a requested password, wherein authorizations and checking information are coded in the requested password. The method further includes decoding the authorizations and the checking information from the requested password, checking the requested user name on the basis of the decoded checking information, checking the decoded authorizations if the check of the requested user name on the basis of the decoded checking information has a positive result, and allowing access to an installation control system of a wind energy installation when the decoded authorizations are sufficient. A wind energy installation for implementing the method includes an installation control system and a decoding unit. | 03-03-2011 |
20110055585 | Methods and Systems to Create Big Memorizable Secrets and Their Applications in Information Engineering - Main invention is methods and systems to create big and yet memorizable secret, which are later applied into many novel and innovated applications in information engineering. Among the big secret creation methods are (i) self-created signature-like Chinese character, (ii) two-dimensional key (2D key), (iii) multilingual key, (iv) multi-tier geo-image key, (v) multi-factor key using software token, and their hybrid combinations. Multihash key using hash iteration and hash truncation is further used to increase number of created secret for multiple offline and online accounts. Besides, multihash signature using multiple hash values of a message from different hash iteration provides object-designated signature function. The object may be recipient, action, feature, function, meaning, etc., as representation. Also, random space steganography using stego-data with random noise insertion is proposed. The main application of big memorizable secret is MePKC (Memorizable Public-Key Cryptography) using fully memorizable private key. Here, 160- to 512-bit MePKC can be realized. | 03-03-2011 |
20110060912 | PASSWORD INPUTTING SYSTEM AND METHOD THEREOF - A method for inputting password with a touch sensitive display is provided. The method includes displaying a password array comprising a plurality of characters on a touch sensitive display, the plurality of characters being arranged in a first order, detecting if a permuting signal is received, generating a new password array comprising the a plurality of the characters when a permuting signal is received, the plurality of characters being arranged in a second order different from the first order, and displaying the generated new password array on the touch sensitive display to replace the displayed password array. A password inputting system using the method is also provided. | 03-10-2011 |
20110099383 | METHOD FOR TRANSMITTING DATA AND PREVENTING UNAUTHORIZED DATA DUPLICATION FOR HUMAN-MACHINE INTERFACE DEVICE USING MASS STORAGE CLASS OPERATING ON UNIVERSAL SERIAL BUS - A method for transmitting data and preventing unauthorized data duplication for human-machine interface device (HID) using Mass Storage Class (MSC) operating on Universal Serial Bus (USB) simulating the HID as an external USB storage device to make data connection to an external computer thus driver installation is not required when the operating system used by the external computer is not compatible with the operating used by the HID. The method encrypted the transmitted data via a dynamic password and does not write the data to the File Allocation Table (FAT) therefore the transmitted data is not under threat of unauthorized data duplication by a third party. | 04-28-2011 |
20110119495 | METHOD AND ARRANGEMENT RELATING TO ENCRYPTION/DECRYPTION OF A MEMORY UNIT - A memory unit is disclosed comprising a security driver application providing an interface, a storage arrangement and a driver application for activation when connected to a memory accessing arrangement. The driver application is configured, when accessed, to authenticate a user using a password whereby the interface is configured to secure and/or unsecure data transactions to and from the storage arrangement. | 05-19-2011 |
20110119496 | Methods, Systems, And Computer Program Products For Entering Sensitive And Padding Data Using User-Defined Criteria - Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data. | 05-19-2011 |
20110154047 | USER-DEFINED PASSWORDS HAVING ASSOCIATED UNIQUE VERSION DATA TO ASSIST USER RECALL OF THE PASSWORD - An electronic device includes password protected functionality using a password that can be changed by the user. A user-specified password is stored in association with unique version data that is subsequently provided to help user recall of the password associated therewith. | 06-23-2011 |
20110154048 | Dynamically Mitigating A Noncompliant Password - Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices. | 06-23-2011 |
20110185185 | METHOD AND APPARATUS FOR PARENTAL CONTROL OF WIRELESS BROADCAST CONTENT - A method comprises detecting zapping to or from one or more services; determining whether the zapping includes termination of a password-protected service; and sending a trigger message ( | 07-28-2011 |
20110202773 | Method of generating a password protocol using elliptic polynomial cryptography - The method of generating password protocols based upon elliptic polynomial cryptography provides for the generation of password protocols based on the elliptic polynomial discrete logarithm problem. It is well known that an elliptic polynomial discrete logarithm problem is a computationally “difficult” or “hard” problem. | 08-18-2011 |
20110271118 | PASSWORD GENERATION METHODS AND SYSTEMS - Password generation and extraction is described. In one aspect, a user inputs multiple characters, including a user password, variable characters, and multiple terminator characters. Locations of the terminator characters are identified and used to extract the user password from the multiple characters input by the user. | 11-03-2011 |
20110307708 | ENABLING ACCESS TO REMOVABLE HARD DISK DRIVES - A method, apparatus, and computer program product for accessing a device. The device receives a key from an operating system in response to the device in a locked state being connected to a data processing system after the operating system for the data processing system is running. The device compares the key received from the operating system with a set of keys stored in the device. The key is based on a system identifier for the data processing system and a password. The device determines whether a match is present between the key and the set of keys. The device changes the device from the locked state to an unlocked state in response to a determination that the match is present. | 12-15-2011 |
20110307709 | MANAGING SECURITY OPERATING MODES - A storage device that supports Trusted Computer Group (TCG) security allows management of TCG security features by a Basic Input/Output System (BIOS) using non-TCG security commands supported by the BIOS. In one implementation, a BIOS that does not support TCG security but does support ATA security can use ATA drive unlock to invoke TCG drive unlock on the storage device. Further, the storage device can be transitioned among multiple security operating modes (e.g., Undeclared, ATA security or TCG security). | 12-15-2011 |
20110307710 | Tokenized Payment Processing Schemes - A payment processing system for accepting manually-entered payment-card numbers. Rather than entering a payment-card account number into an application module, the card number is instead captured and stored within a tokenizer prior to being sent to the application module. The tokenizer then returns a random token to the calling application as a pointer to the original payment-card number. The token has no algorithmic relationship with the original payment-card number, so that the payment-card number cannot be derived based on the token itself. Since the token is not considered cardholder data, the token may be used in an application module without the module or its connected hardware from being subject to regulatory standards compliance. Some embodiments involve browser-based schemes, and some embodiments involve PIN-entry device-based schemes. | 12-15-2011 |
20110314295 | Storage Device and Method for Communicating a Password between First and Second Storage Devices Using a Double-Encryption Scheme - A first storage device provides a host device with access to a private memory area by communicating a password between the first storage device and a second storage device via the host device using a double-encryption scheme. In one embodiment, a host device receives a twice-encrypted password from a first storage device, sends the twice-encrypted password to a second storage device, receives a once-encrypted password from the second storage device, decrypts the once-encrypted password to obtain the password, and sends the password to the first storage device. In another embodiment, a first storage device sends a twice-encrypted password to a host device, receives the password from the host device after the twice-encrypted password is decrypted by a second storage device and the host device, and provides the host device with access to the private memory area only if the password matches one that is stored in the first storage device. | 12-22-2011 |
20120011370 | PERSONAL IDENTIFICATION CODE ENTRY DEVICE AND METHOD THEREFOR - A data entry device for entering characters of a personal identification code comprising a pattern of chambers containing a character of a personal identification code which is required to be selected, said chambers being displayed in different lines on said pattern and each chamber containing a character therein; and a plurality of selection buttons each selection button being capable of selecting a sole line of said lines on said pattern. | 01-12-2012 |
20120066504 | METHODS, APPARATUS AND SYSTEMS FOR SECURING USER-ASSOCIATED PASSWORDS USED FOR IDENTITY AUTHENTICATION - Methods, apparatus and systems for securing user-associated passwords used in transactions are disclosed. The methods include a user computing device receiving a user-associated password such as a PIN from a user, where the user-associated password is operable to authenticate an identity of a user. The user-associated password may be received in response to the user receiving a request for the user-associated password from a third party such as a merchant. The user computing device may generate a temporary password such as a one-time password, dynamic password, or the like, and encrypt the user-associated password using the temporary password. The encrypted user-associated password may then be communicated to the third party in lieu of the user-associated password received by the user. | 03-15-2012 |
20120066505 | SYSTEM AND METHOD FOR REMOTE RESET OF PASSWORD AND ENCRYPTION KEY - A method and system are provided for resetting a password using a first device and a second device. The second device stores data encrypted using a content protection key, which itself is stored in encrypted form using the password, and is also stored in encrypted form using a key encryption key. The first device receives a public key from a second device. The first device uses the public key and a stored private key to generate a further public key. The further public key and a new password are sent to the second device. The second device uses the further public key to generate the key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key is created, and encrypted using the new password. | 03-15-2012 |
20120089848 | Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided. | 04-12-2012 |
20120102331 | Method, System And Device For Securing A Digital Storage Device - Method of securing a digital storage device, wherein a host is connected to the storage device, the host digitally locks the storage device so that unauthorized data access to the storage device is denied, the host sets the encryption conditions of the storage device in one of a condition wherein encryption of data on the storage device is enabled, and a condition wherein encryption of data on the storage device is disabled. | 04-26-2012 |
20120151218 | Methods, Systems, And Computer Program Products For Entering Sensitive And Padding Data Using User-Defined Criteria - Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data. | 06-14-2012 |
20120159180 | Server-side Encrypted Pattern Matching - Server-side encrypted pattern matching may minimize the risk of data theft due to server breach and/or unauthorized data access. In various implementations, a server for performing the server-side encrypted pattern matching may include an interface component to receive an encrypted query token. The server may further include a query component to find a match for the encrypted query token in the encrypted data string. The query component may find such a match without decrypting the encrypted data string and the encrypted query token by using an encrypted dictionary that includes information on the edges of the encrypted suffix tree. | 06-21-2012 |
20120191980 | SYSTEM AND METHOD FOR A SECURE DATA COLLECTION SYSTEM - The system may provide for the collection of data in a heterogeneous network, long term secure storage of the data, and secure transfer of the data to an environment that may be secure and controlled for the purpose of controlled and secure selected viewing of all or parts of the data. The data stored may include core data of interest as well as any data that is associated with the core data. The core data and associated data may be stored. To do so, the system may identify and collect associated data at the point of release of all or part of the data. Further, the system may provide secure and controlled transfer of the data to a permanent and secure media. Lastly, the system may provide secure transfer of all or parts of the data from the media to a controlled and secure environment suitably constructed to provide for secure viewing of all or parts of the data under the control of the owner of the data. | 07-26-2012 |
20120191981 | SECURITY METHOD AND APPARATUS - A method and apparatus for providing password security to an electronic device. Access rights to an electronic device are determined by decrypting and decoding an encrypted password given to one or more individuals. When an individual enters a given encrypted password into the electronic device, a decrypting function decrypts the password to generate an decrypted password. The decrypted password contains information as to whether access should be granted to the individual, and if so, to what extent. For example, the decrypted password may comprise a time and date field which indicates a date and time at which access will not be granted. | 07-26-2012 |
20120216046 | System and Method for Decrypting Files - In accordance with particular embodiments, a computer-implemented method for execution by one or more processors includes intercepting a communication comprising a message. The method also includes identifying words from within the message. The method further includes storing in a dictionary words from within the message of the communication and one or more parameters of the communication for each of the words. The dictionary comprises a plurality of words from a plurality of intercepted text-based communications. The method also includes receiving an encrypted file that is configured to be decrypted using a password. The method additionally includes identifying words from the dictionary to be used to attempt to decrypt the encrypted file. The identified words are identified based on at least one parameter associated with the encrypted file and the one or more parameters stored in the dictionary. The method further includes attempting to decrypt the encrypted file using at least a portion of the identified words from the dictionary as the password for decrypting the encrypted attachment. | 08-23-2012 |
20120226912 | PASSWORD-BASED OPERATION OF A LOCKED COMPUTING DEVICE - The present application relates to performing operations on a computing device having a restricted mode of operation and an unrestricted mode of operation. A first input sequence comprising a correct authentication code and a command code is obtained while in the restricted mode of operation. The device executes one or more special operations associated with the command code while the device remains in the restricted mode of operation. The device transitions to the unrestricted mode of operation upon obtaining a second input sequence comprising a correct authentication code, and in the unrestricted mode of operation the device may execute one or more regular operations. | 09-06-2012 |
20120254622 | Secure Access to Electronic Devices - A device may select a password and encrypt it utilizing a public key. The device may provide the encrypted password when an access request is received from a client. The client may obtain an unencrypted version of the password by submitting it to a private key server (which utilizes the private key to decrypt the password) and return the password to the device. When the device receives the unencrypted password from the client, the device may allow access. The device may generate the password once during operation. However, in some implementations, the device may generate a new password for each access request and may only respond to the most recently issued password. The device may generate, encrypt, and transmit a single password. However, in various implementations the device may generate, encrypt, and/or transmit a number of different passwords to support different access configurations. | 10-04-2012 |
20120254623 | Information Processing Apparatus and Data Protection Method - According to an embodiment, an information processing apparatus includes a first storage unit, a second storage unit, a power supply state control unit, a cryptographic key movement unit, a communications unit, an information input determination unit, a communications state determination unit, and a cryptographic key control unit. The cryptographic key movement unit is configured to move at least part of the cryptographic key data stored in the first storage unit to the second storage unit before a shift from a power-on state to another power supply state. In the other power supply state, the cryptographic key control unit returns the cryptographic key data from the second storage unit to the first storage unit if it is determined that there is an input of information which matches the information stored in the second storage unit and it is determined that communications are enabled between the communications unit and a base-station apparatus. | 10-04-2012 |
20120272067 | AUTHENTICATION METHOD - Method enabling a user to verify the operation of a personal cryptographic device, comprising the following steps: a) a user ( | 10-25-2012 |
20120278630 | DEBUGGING PORT SECURITY INTERFACE - The present invention provides a secure JTAG interface to an application-specific integrated circuit (ASIC). In the preferred embodiment the invention operates through the combined efforts of a Security Module (SM) comprising a state machine that controls the security modes for the ASIC, and a Test Control Module (TCM) which contains the JTAG interface. The TCM operates in either a restricted mode or an unrestricted mode, depending on the state of the SM state machine. In a restricted mode, only limited access to memory content is permitted. In an unrestricted mode, full access to memory content is permitted. | 11-01-2012 |
20120324234 | FLEXIBLE METHOD OF USER AUTHENTICATION - A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorisation methods each requiring data only from available user information entry devices. The user then selects one of the determined authorisation methods for use in user authorisation. Optionally, each authorisation method is associated with a security level relating to user access to resources. Once the authorisation method is selected, the user provides user authorisation information in accordance with a determined user authorisation method and registration proceeds. | 12-20-2012 |
20130013929 | PROJECTOR SYSTEM - A projector system includes an information processing apparatus and a projector. The projector includes a device connection unit which enables communication between the information processing apparatus and the projector, a password generating unit which generates a password, and an encryption unit which encrypts the password and outputs the encrypted password to the information processing apparatus through the device connection unit. The information processing apparatus includes a device connection unit which enables communication between the projector and the information processing apparatus, a decryption unit which decrypts the encrypted password input through the device connection unit of the information processing apparatus using a decryption key, and a password determining unit which has functions of determining whether the decrypted decryption password is correct and outputting a signal directing to start the process for projection to be performed by the information processing apparatus in a case where the decrypted password is correct. | 01-10-2013 |
20130019102 | System and method for encrypted smart card pin entry - A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers. | 01-17-2013 |
20130019103 | SYSTEM AND METHOD FOR GENERATING AND MANAGING ADMINISTRATOR PASSWORDS - A password management system and method for securing networked client terminals and mobile devices is provided. More specifically, the present invention provides a system and method for encrypting randomly generated administrator-level passwords and providing a means for decrypting the randomly generated passwords for single-use unrestricted access to a designated terminal or mobile device. When unrestricted access to the terminal or mobile device is required, the encrypted administrator-level password is decrypted using a shared symmetric key, which is generated during encryption of the administrator password, to reveal the administrator-level password for the terminal or mobile device. The administrator-level password is a single-use password, wherein upon use of the administrator-level password a new administrator-level password may be automatically generated for the corresponding terminal or mobile device. | 01-17-2013 |
20130080787 | MEMORY STORAGE APPARATUS, MEMORY CONTROLLER AND PASSWORD VERIFICATION METHOD - A memory storage apparatus including a connector, a rewritable non-volatile memory module and a memory controller is provided. The memory controller receives a password to be verified, transforms the password into a data stream by using a first unit, generates a cipher text to be verified according to a predetermined data stream and the transformed data stream by using a second unit, and determines whether the cipher text to be verified is the same to a predetermined cipher text stored in the rewritable non-volatile memory module. When the cipher text to be verified is the same to the predetermined cipher text, the memory controller identifies that the password to be verified is validated. Accordingly, the memory storage apparatus can effectively verify a password input by a user, thereby protecting data stored in the rewritable non-volatile memory module. | 03-28-2013 |
20130086388 | CREDENTIALS MANAGEMENT - An encrypted file is decrypted to gain access to a stored hash value for a credentials setting component. A test hash value of the credentials setting component is formed. Before decrypting a set of encrypted credentials to form decrypted credentials, it is required that the test hash value of the credentials setting component match the stored hash value of the credentials setting component. The decrypted credentials are then passed to the credentials setting component to set credentials that instructions are to be executed under. | 04-04-2013 |
20130097428 | ELECTRONIC APPARATUS AND ENCRYPTION METHOD THEREOF - An electronic apparatus includes a secure unit to store public key information, an input unit to receive user authentication information and a data searching word, a user authenticating unit to perform user authentication with the inputted user authentication information, an encryption generating unit to generate a searching word encryption to use in data search, and a control unit to control generating the searching word encryption using the previously-stored public key information, the inputted user authentication information, and the data searching word. | 04-18-2013 |
20130117573 | METHOD FOR VERIFYING A PASSWORD - A method for verifying a password in a computing device, wherein the computing device comprises: a user input interface; a trusted hardware module having a trusted application stored therein, the trusted hardware module arranged to provide the trusted application with access to at least said user input interface; and a secure verification application for verifying the password; the method comprising: the trusted application receiving a request to obtain a user password; the trusted hardware module providing the trusted application with access to the user input interface; the user entering a password using the user input interface; the trusted application encoding the entered password; passing the encoded password to the secure transaction application; and decoding the password. | 05-09-2013 |
20130138968 | GRAPHICAL ENCRYPTION AND DISPLAY OF CODES AND TEXT - The present invention provides an image-based encryption and decryption technique where the user uses pre-chosen image categories to create an encryption/decryption key. The encryption key can be used to encrypt alphanumeric strings such as a confirmation code or other information. The user uses the decryption key, i.e., knowledge of the chosen image categories) to decrypt and recover the original message. For example, upon presentation of a grid of images, the user selects certain images contained therein that match the pre-chosen image categories to recover the original message. | 05-30-2013 |
20130145170 | CROSS SYSTEM SECURE LOGON - A cross system secure logon in a target system by using a first authentication system and a second authentication system. A correct password may be valid on the first authentication system and the second authentication system. An aspect includes receiving an input password, generating a first hash key by using the first authentication system, and/or generating a second hash key by using the second authentication system, wherein each authentication system uses a system unique non-collision free hash algorithm. Further, in one aspect, comparing the first hash key with a first predefined hash key of the correct password stored in the first authentication system, and/or comparing the second hash key with a second predefined hash key of the correct password stored in the second authentication system. Furthermore, granting access to the target system based on at least one of the comparisons. | 06-06-2013 |
20130166918 | Methods for Single Signon (SSO) Using Decentralized Password and Credential Management - A method for single sign-on (SSO) that provides decentralized credential management using end-to-end security. Credential (and other personal user information) management is decentralized in that encryption is performed locally on the user's computer. The user's encrypted credentials may be stored by the login server and/or a plurality of distributed servers/databases (such as a cloud). The login server never has access to the user's credentials or other personal information. When the user wants to use single sign-on, he enters his password into his browser and the browser submits the encrypted/hashed password to the login server for validation. Upon validation, the browser receives the user's encrypted credentials. The credentials are decrypted by the browser and provided to relevant websites to automatically log the user in. | 06-27-2013 |
20130212401 | METHODS AND DEVICES FOR AUTHENTICATION AND DATA ENCRYPTION - A storage device comprises a non-volatile storage media and a processor that is operative to receive, via an interface with one or more host devices, a first entered password needed for accessing data stored in the non-volatile storage media, generate a first number, combine the first entered password and the first number, generate a cryptographic key based on the combination of the first entered password and the first number, encrypt the received first entered password using the cryptographic key, and store the encrypted first entered password and the first number in the non-volatile media. The processor may be further operative to receive a request for authentication; provide a reply comprising the first number; receive a second number calculated based on a cryptographic combination of the first number and a second entered password, and authenticate the host device if the second number successfully decrypts the encrypted first entered password. | 08-15-2013 |
20130262872 | ELECTRONIC APPARATUS, PERIPHERAL DEVICE, AND SYSTEM FOR ENCRYPTING AND DECRYPTING THE ELECTRONIC APPARATUS VIA THE PERIPHERAL DEVICE - An electronic apparatus, a peripheral device, and a system for encrypting and decrypting the electronic apparatus via the peripheral device are provided. The electronic apparatus stores a password which a user sets in a ROM of the electronic apparatus and writes the password to the peripheral device. Only when the electronic apparatus is connected to the peripheral device, the electronic apparatus fetches a password from the peripheral device, and if the electronic apparatus determines that the fetches password is the same as the stored password in the electronic apparatus, the electronic apparatus performs a function of turning on or unlocking the electronic apparatus. | 10-03-2013 |
20130326228 | Password Encryption Key - A password-encrypted key (PEK) is generated from a user-supplied password or other identifying data and then used to encrypt the user's password. The encrypted password is stored in a user record on a server. At login a would-be user's password is again used to make a key, which is then used to decrypt and compare the stored encrypted password with the would-be user's password to complete the login. The successful PEK is stored in a temporary session record and can be used to decrypt other sensitive user information previously encrypted and stored in the user record as well as to encrypt new information for storage in the user record. A public/private key system can also be used to maintain limited access for the host to certain information in the user record. | 12-05-2013 |
20130339745 | CONTROLLING AN ANALYSIS SYSTEM OF BIOLOGICAL SAMPLES - A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system. | 12-19-2013 |
20130339746 | SECURE PASSWORD MANAGEMENT SYSTEMS, METHODS AND APPARATUSES - The systems, methods and apparatuses described herein provide a computing environment for authenticating a user. An apparatus according to the present disclosure may comprise a non-volatile storage, a user interface, and a password engine. The password engine is configured to retrieve two or more predetermined prompts from the non-volatile storage, present the two or more predetermined prompts on the user interface to a user in a random order, receive a first set of input(s) in response to the two or more predetermined prompts, create an encryption keyword from the received first set of input(s) according to an original order of the two or more predetermined prompts stored in the non-volatile storage, and use the encryption keyword to authenticate the user. | 12-19-2013 |
20140075202 | METHOD AND SYSTEM FOR SECURELY ACCESSING DIFFERENT SERVICES BASED ON SINGLE SIGN ON - An embodiment for securely accessing services of a service provider based on single sign on. The user device is authenticated by an authentication server if the computed hash of the first random number r is same as the received hash of the first random number r sent by a user device. Thereafter, the second random number y, the user id and an element Q are encrypted using a service provider password and send to the service provider. The user device computes a first discrete exponential function Z using the element Q and the second random number y and sends along with the user id to the service provider. The service provider computes a second discrete exponential function Z′ using the element Q and the second random number y received from the authentication server and provides the user device access to the services if Z is equal to Z′. | 03-13-2014 |
20140082367 | VERIFYING PASSWORDS ON A MOBILE DEVICE - Methods, systems, and computer programs for verifying a password are disclosed. For example, the password can be verified on a mobile device to control user access to the mobile device. In some implementations, a mobile device includes a user interface, a main processor, and a co-processor. The user interface receives a submitted password value from a user. The main processor calls the co-processor to provide a hash chain input value based on the submitted password value. The main processor evaluates a hash chain based on the hash chain input value provided by the co-processor. Evaluating the hash chain generates a submitted password verification value. The submitted password verification value is compared to a stored password verification value stored on the mobile device. Access to mobile device functionality may be permitted or denied based on a result of the comparison. | 03-20-2014 |
20140108811 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO AN ELECTRONIC DEVICE - Methods and systems are provided for controlling access to an electronic device. The electronic device, for example, may include, but is not limited to, a processor, a memory communicatively coupled to the processor, wherein the memory is configured to store a password for accessing the electronic device, and a communication interface communicatively coupled to the processor, wherein the processor is configured to receive a request to access the electronic device from the communication interface, and transmit an encrypted version of the password for accessing the electronic device via the communication interface. | 04-17-2014 |
20140115341 | METHOD AND SYSTEM FOR ENABLING SECURE ONE-TIME PASSWORD AUTHENTICATION - An approach for facilitating a one-time password (OTP) authentication procedure is described. A dedicated validation appliance receives a one-time password authentication request via an application programming interface, which is a single point of access to the dedicated validation appliance. The dedicated validation appliance then determines a validity of the request based on the correlating of a submitted OTP against OTP values independently generated by the dedicated validation appliance based on a large secret key exclusive to a client device that initiated the request. The single point of access to the dedicated validation appliance as well as exclusive sharing of the secret key with only another dedicated validation appliance or one-time with the client device reduces the likelihood of attackers discovering the secret keys. | 04-24-2014 |
20140136850 | PASSWORD INPUT SYSTEM AND METHOD FOR INPUTTING PASSWORD - A password input system and a method inputting a password are provided. The password input system includes a signal receiving unit, a processing unit and a storage device. The signal receiving unit receives input signals comprising key-pressing signals and key-releasing signals respectively corresponding to the key-pressing signals and each key-pressing signal corresponds to an alphanumeric symbol. The processing unit, according to a predetermined key-releasing rule, sequentially groups the alphanumeric symbols corresponding to the key-pressing signals into groups. Each group is regarded as a password element and the password elements together form a multi-key input password set. The storage device stores the multi-key input password set. | 05-15-2014 |
20140181529 | VERIFICATION OF PASSWORD USING A KEYBOARD WITH A SECURE PASSWORD ENTRY MODE - The present invention includes a device and method to authenticate a user to a computer prior to the user having access to the computer or network. As user name and password protocols are nearly ubiquitous in authentication applications used today, there have been developed many nefarious techniques to defeat the security of such systems. It is relatively easy to write a computer program to guess passwords and then use those passwords to defeat security and cause harm and mischief to a computer, its users and others. To thwart such activity, the present invention provides a novel device that can be provided within a keyboard, in a computer, or in a third device having connectivity thereto. The device in conjunction with the method provides a secure password mode and a challenge/response protocol to verify that the password is entered in response to a particular request for a password. | 06-26-2014 |
20140195814 | METHOD AND SYSTEM TO DECRYPT PRIVATE CONTENTS - The invention discloses a method and a system to decrypt private contents stored in a device and the invention belongs to the field of computer security. The method may include: receiving a contents ID and a decrypting password from a first user; decrypting the encrypted private contents corresponding to the contents ID using the decrypting password; displaying the decrypted private contents when the decryption is successful; and displaying preset contents when the decryption is not successful. The system may include: a receiving module, a decryption module, and a display module. The present invention can improve the security of the private contents. | 07-10-2014 |
20140201536 | One-Time Passcodes with Asymmetric Keys - Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device and by the administrator. This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on the rounded time. | 07-17-2014 |
20140223189 | METHOD AND DEVICE FOR UNLOCKING SCREEN - A method for unlocking a screen of a device, including: detecting an inputting operation on the device for inputting an unlock password, the inputting operation causing one character to be inputted to the device; performing, in response to the detecting, a comparison to determine whether all input characters corresponding to a password indicator displayed on the screen match a preset password; and unlocking the screen of the device if it is determined that all the input characters corresponding to the password indicator match the preset password. | 08-07-2014 |
20140317415 | MULTI-TOUCH METHODS AND DEVICES - The present disclosure relates to a multi-touch method, configured to a touch panel. The method comprises: applying a first object to touch a first image on the touch panel for inputting a first password; and determining whether inputting a second password, and if not, removing the first object from the touch panel for ending a first round of password input. | 10-23-2014 |
20140359300 | INPUT INFORMATION AUTHENTICATION DEVICE, SERVER DEVICE, INPUT INFORMATION AUTHENTICATION SYSTEM, AND PROGRAM OF DEVICE - At the time of input of authentication information, even when the hand and the input screen are seen from the third person, guess of authentication information is made difficult. A plurality of keys serving as input means are divided into a first region and a second region. Then, the first region and the second region are caused to transit between a first state and a second state distinguished from each other depending on the displayed contents. When a region where a key to be inputted for the input of authentication information is arranged is in the second state, input to the above-mentioned plurality of keys is recognized as dummy. | 12-04-2014 |
20150089238 | SYSTEM AND METHOD FOR VERIFYING CHANGES TO UEFI AUTHENTICATED VARIABLES - A mechanism for certifying that an operating system-based application has authorization to change a UEFI authenticated variable held in the system firmware is discussed. Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware. The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable. In one embodiment, the password is the system firmware password. | 03-26-2015 |
20150295714 | Data security verification method and device - A data security verification method is described, which includes: an encrypted security verification password sent from a terminal equipment is received; the security verification password is decrypted; the decrypted security verification password is verified according to a preset password; and a verification result is sent to the terminal equipment for the terminal equipment to operate according to the verification result, wherein the security verification password sent from the terminal equipment is decrypted by virtue of a public key and decrypted by virtue of a private key; the public key is an International Mobile Equipment Identity (IMEI) of a mobile terminal; and the private key is a password calculated and generated by combining the IMEI of the mobile terminal and super activation time of the terminal equipment and a mobile equipment. According to the disclosure, an equipment resource can be saved, and security and an anti-cracking probability can be enhanced. | 10-15-2015 |
20150312040 | PASSWORD VERIFYING DEVICE AND METHOD - A password verifying method includes the following steps: providing a plurality of interactive regions on each of which several known characters are arranged and shown randomly, at least one interactive region containing at least two characters; accepting selection of said plurality of interactive regions made by the user, and after selection of present interactive regions by the user, randomly re-distributing said several known characters into said respective interactive regions to be shown and selected for next time; and comparing one by one characters contained in a predefined password sequence with characters contained in the interactive regions selected each time, and outputting signal representing successful password verification when each character contained in the password sequence is identical to a corresponding character shown in a corresponding interactive region selected each time. | 10-29-2015 |
20150341173 | PASSWORD-BASED AUTHENTICATION - A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource. | 11-26-2015 |
20150365234 | METHODS AND SYSTEMS FOR USER AUTHENTICATION - Methods and systems are provided for authenticating a user for access to restricted content. An exemplary method involves providing a plurality of selectable regions on a display, authenticating the user based at least in part on a user input that corresponds to a selectable region that includes a portion of authentication information, and providing the restricted content to the display after authenticating the user. Each selectable input region of the plurality of selectable regions includes a plurality of characters. In exemplary embodiments, the characters of one or more selectable input regions are randomized. | 12-17-2015 |
20150365396 | Multiple Input Based Passwords - A computer-implemented method, carried out by one or more processors, for utilizing one or more input methods for passwords. In an embodiment, the method comprises the steps of determining, by one or more processors, one or more input methods supported for a password entry, wherein the password entry verifies a user's credentials; receiving, by one or more processors, a candidate password through the one or more input methods, wherein each character of the candidate password has an associated input method; and storing, by one or more processors, the candidate password as the password entry, along with the associated input method for each character of the candidate password. | 12-17-2015 |
20150372810 | Gesture-based password entry to unlock an encrypted device - Systems and techniques are provided for gesture-based password entry to unlock an encrypted device. A gesture input from a user to a gesture interface may be received. The gesture input may be converted to gesture data which may be hashed using a hashing algorithm to obtain a table key. A table including a master key may be encrypted using the table key. The master key may include a key for decrypting a primary storage that is at least partially encrypted. A second gesture input may be receive. The second gesture input may be an input from a user to the gesture interface. The second gesture input may be converted to second gesture data which may be hashed using the hashing algorithm to obtain a key equivalent to the table key. The table including the master key may be decrypted using the key equivalent to the table key. | 12-24-2015 |
20160014110 | SECURITY SYSTEMS AND METHODS | 01-14-2016 |
20160021094 | SYSTEMS AND METHODS FOR SECURE PASSWORD ENTRY - Systems and methods for secure password entry are provided. A request to authenticate a user is received from a user device. A sequence of characters is generated. The sequence has a first subset of the characters selected from a password associated with the user. At least one of the characters appears a different number of times in the sequence than in the password. The sequence of characters is displayed on the user device in response to the request. A user selection of a second subset of the characters in the sequence is received through the user device. The user is authenticated in response to a determination that the first subset of the characters matches the second subset of the characters. | 01-21-2016 |
20160048691 | CONTROLLING AN ANALYSIS SYSTEM OF BIOLOGICAL SAMPLES - A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system. | 02-18-2016 |
20160056961 | METHOD, APPARATUS, AND INSTRUCTIONS FOR SAFELY STORING SECRETS IN SYSTEM MEMORY - Embodiments of an invention for method, apparatus, and instructions for safely storing secrets in system memory are disclosed. In one embodiment, a processor includes a hardware key, an instruction unit, and an encryption unit. The instruction unit is to receive an encryption instruction and a compare instruction. The encryption instruction is to have a first plaintext input value. The compare instruction is to have a second plaintext input value. The encryption unit is to, in response to the encryption instruction, encrypt the first plaintext input value using the hardware key to generate a ciphertext value, and, in response to the compare instruction, decrypt the ciphertext value using the hardware key to generate a plaintext output value and compare the plaintext output value to the second plaintext input value. | 02-25-2016 |
20160140329 | ENHANCED SECURITY MECHANISM FOR AUTHENTICATION OF USERS OF A SYSTEM - A method and structure for authenticating users of a system that prevents theft of passwords and re-use of passwords. The method and structure use one-time passwords and a Secure CPU technology that cryptographically protects a software module known as a Secure Object from other software on a system. The method and structure generate and validate one-time passwords within Secure Objects and use a communications mechanism to securely communicate passwords or information used to generate passwords that makes use of cryptography and the protected and unprotected regions of a Secure Object to provide strong end-to-end security. | 05-19-2016 |
20160164681 | OBFUSCATED PASSWORDS - A method for obfuscating an electronic password can include receiving at least a first symbol of a first password, wherein the first password has a plurality of symbols. Next, a second password (the obfuscated password) can be generated, the second password being derived from the first password using an obfuscation rule, wherein the second password includes the symbols of the first password and at least one obfuscating symbol generated from a first symbol of the first password (generating symbol) and the obfuscation rule. It can then be determined whether to provide a feedback indicator. A feedback indicator can be provided, in response to determining to provide the feedback indicator, wherein the feedback indicator corresponds with an instruction to enter an obfuscating symbol according to the obfuscating rule, the obfuscating symbol being from the second password. Finally, access can be granted to a session in response to receiving the second password. | 06-09-2016 |
20160180077 | HANDHELD ELECTRONIC DEVICE AND METHOD FOR ENTERING PASSWORD THEREOF | 06-23-2016 |
20160197914 | SYSTEM AND METHOD FOR CONVERTING ONE-TIME PASSCODES TO APP-BASED AUTHENTICATION | 07-07-2016 |
20160253496 | METHOD AND DEVICE FOR IDENTIFYING PIRATED DONGLE | 09-01-2016 |
20220138290 | METHOD AND SYSTEM FOR A SECURE TRANSACTION - The present invention herein relates to method and system for authenticating user, protecting user data, and resetting security code. One of the advantages of the present invention is the protection of data in transit to ensure a secure user authentication and user data protection both in transit and at rest. Another advantage of the present invention is through a new security code resetting method, user can be verified without the need of storing the user verification data in the platform. | 05-05-2022 |