Class / Patent application number | Description | Number of patent applications / Date published |
713184000 | PIN/password generator device | 74 |
20080209222 | METHOD OF CREATING PASSWORD SCHEMES FOR DEVICES - A method of creating a password scheme for a mobile device includes partitioning a storage space on the mobile device into a public portion and a secure portion and encrypting access to the secure portion of the storage space by creating a long password, where the long password being composed of a series of bits of data previously stored on the mobile device in an non-encrypted form. Creating a long password includes assigning portions of the long password to a plurality of media files already stored on the mobile device and concatenating each of the portions of the long password to form the long password. The long password is used to decrypt data stored in the secure area of the mobile device. | 08-28-2008 |
20080244272 | HAND CRYPTOGRAPHIC DEVICE - Disclosed is a hand cryptographic device for keeping a secret code inside confidential and being convenient to be carried about. The hand cryptographic device of the present invention includes an input module, a memory and a user interface. The input module is used for being inputted the secret code and a command of accessing the secret code. The memory stores a control program of the hand cryptographic device and the inputted secret code. The user interface provides the secret code to the user when the user inputs the command of accessing the secret code. The input module may comprise a keypad device for inputting the command of accessing the secret code. | 10-02-2008 |
20080263362 | METHOD AND APPARATUS OF SECURE AUTHENTICATION FOR SYSTEM ON CHIP (SOC) - A SoC may be utilized to authenticate access to one or more secure functions. A password may be generated within the SoC which is unique to each SoC instance and unique to each iteration of authentication. The SoC may challenge external entities attempting access to provide a matching password. A random number sample may be generated within the SoC and stored. A chip ID, secret word and a table of keys with key indices are also stored in memory. Two or more of the stored items may be passed to a hash function to generate the password. The external entity may generate and return the password utilizing information communicated from the SoC during each authentication operation as well as information known a priori. The SoC may compare the returned password with the internally generated password and may grant access to the secure functions. | 10-23-2008 |
20080263363 | Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption - A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed. | 10-23-2008 |
20080270802 | METHOD AND SYSTEM FOR PROTECTING PERSONALLY IDENTIFIABLE INFORMATION - The present invention provides a way to protect PII (or, more generally, any user “sensitive” information) throughout its life cycle in an organization. The techniques described herein ensure that a user's PII is protecting during storage, access or transfer of the data. Preferably, this objective is accomplished by associating given metadata with a given piece of PII and then storing the PII and metadata in a “privacy protecting envelope.” The given metadata includes, without limitation, the privacy policy that applies to the PII, as well as a set of one more purpose usages for the PII that the system has collected from an end user's user agent (e.g., a web browser), preferably in an automated manner. Preferably, the PII data, the privacy policy, and the user preferences (the purpose usages) are formatted in a structured document, such as XML. The information in the XML document (as well as the document itself) is then protected against misuse during storage, access or transfer using one or more of the following techniques: encryption, digital signatures, and digital rights management. | 10-30-2008 |
20080301461 | REMOTE AUTHENTICATION AND TRANSACTION SIGNATURES - The invention provides a method, apparatus, computer readable medium and signal which allows the usage of devices containing PKI private keys such as PKI-enabled smart cards or USB sticks to authenticate users and to sign transactions. The authenticity of the user and/or the message is verified. Furthermore the operation (authentication and/or signing) occurs without the need for an application to have some kind of a direct or indirect digital connection with the device containing the private key. In other words a digital connection that would allow an application to submit data to the card for signing by the card's private key and that would allow retrieving the entire resulting signature from the card is not required. In addition the operation occurs without the need for the PKI-enabled device containing the private key (e.g. a PKI smart card or USB stick) to either support symmetric cryptographic operations or to have been personalized with some secret or confidential data element that can be read by a suitable reader. | 12-04-2008 |
20080301462 | SYSTEM FOR PROTECTING A USER'S PASSWORD - The present invention relates to a system for protecting a password. A system for providing a protectable password including a storage device, an input mechanism for entering a protectable password in any position and a password validation engine coupled to the storage device and to the input mechanism for analyzing the string of characters and keystrokes to find the protectable password and for validating the apparent password if the protectable password and the random pattern are determined to be present in any position in the string of characters and keystrokes of the apparent password, is provided. | 12-04-2008 |
20080307236 | METHOD AND APPARATUS FOR PASSWORD OUTPUT - A method and an apparatus for account and/or password output are disclosed. In the present invention, a hot-key corresponding to an account and/or a password is set in advance. By entering the hot-key, the related account and/or password is transferred and login automatically, thus the purpose of making login more conveniently is achieved. Besides, the present invention combines various input device to make the way of setting hot-key become more diversely, therefore security of password login is also enhanced. | 12-11-2008 |
20080320310 | IMAGE BASED SHARED SECRET PROXY FOR SECURE PASSWORD ENTRY - The claimed subject matter provides systems and/or methods that facilitate utilizing a shared secret to obscure a password within a sequence of characters. The sequence of characters can include the password as well as noise. The shared secret can leverage utilizing a set of known images that a user can uniquely distinguish from random images. By employing the imaged based shared secret, the user can login to a server from an untrusted machine suspected to be infected with spyware such as a keylogger that tracks user input. | 12-25-2008 |
20090055655 | Apparatus and Method For Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided. | 02-26-2009 |
20090100268 | METHODS AND SYSTEMS FOR PROVIDING ACCESS CONTROL TO SECURED DATA - In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion. | 04-16-2009 |
20090106558 | System and Method for Adding Biometric Functionality to an Application and Controlling and Managing Passwords - A system and method for adding biometric functionality to an application, and for controlling and managing passwords. The system and method include monitoring an application and providing a template matching a logon window of the application. The template obtains a biometric identifier of the user and inserts logon information into the window obtained from a database of user information. | 04-23-2009 |
20090125725 | EXTERNAL MEMORY ACCESS DEVICE AND METHOD OF ACCESSING EXTERNAL MEMORY - An external memory access device and a method of accessing an external memory are provided. The external memory access device includes an internal memory unit for storing authentication information of at least one external memory and a control unit for extracting the authentication information from the internal memory unit, transmitting the authentication information to an installed external memory, and controlling to display accessibility of the external memory according to the result of a comparison between the stored authentication information and the authentication information of the external memory. Accordingly, a data security function is provided by setting a password to an external memory and enabling an access to the external memory in an authenticated terminal, and convenient access to the external memory is provided by managing a password and an automatic password decrypting function of the corresponding external memory in the terminal without requiring repeated input of the password. | 05-14-2009 |
20090144555 | FIXED CLIENT IDENTIFICATION SYSTEM FOR POSITIVE IDENTIFICATION OF CLIENT TO SERVER - A tamperproof ClientID system to uniquely identify a client machine is invoked upon connection of a client application to a backend. Upon initial connection, the backend issues a unique ClientID containing a checksum. The client application prepares at least two different scrambled versions of the ClientID and stores them in respective predetermined locations on the client machine. Upon subsequent connection to the backend, the client application retrieves and unscrambles the values at the two locations, verifies the checksums and compares the values. If the checksums are both correct and the values match, the ClientID value is sent to the backend, otherwise the client application sends an error code. | 06-04-2009 |
20090150679 | SECURE DATA CARTRIDGE - An embodiment of a data cartridge for interfacing with a data cartridge authorization system is disclosed. The data cartridge includes a drive and a communication interface. The drive is configured to store data, where the data comprises first information a first password and a fingerprint. The drive comprises an authentication feature configured to lock access to at least a portion of the data where a second password presented to the drive doesn't agree with the first password. The communication interface is coupled to the electronic storage medium and configured to communicatively couple to an authorization system. The communication interface is further configured to: (1) pass the first information to the authorization system subsequent to being communicatively coupled to the authorization system, (2) if the authentication feature is activated, receive the second password in response to passing the first information, and unlock access to the portion of the data locked by the first password if the second password agrees with the first password; and (3) pass the fingerprint to the authorization system. The communication interface is authorized to pass data to and/or receive data from the authorization system if the authorization system verifies the fingerprint as being correlated to the first information. | 06-11-2009 |
20090158048 | METHOD, CLIENT AND SYSTEM FOR REVERSED ACCESS TO MANAGEMENT SERVER USING ONE-TIME PASSWORD - Provided are a method, client and system for reservation access to a management server using a one-time password. A generated personal identification number (PIN) is transmitted to the management server when a reservation time comes. The management server generates a random number encrypted using the PIN and transmits the random number to the client. The random number encrypted using the PIN is received, the received random number is encrypted by a symmetric-key algorithm using a client secret key and is transmitted to the management server. The management server receives the random number encrypted using the client secret key, and decrypts the received random number using a server secret key and the PIN. A random number before the encryption using the PIN is compared with a decrypted random number, and access of the client is accepted if the two numbers are identical. Automatic access to a system employing a one-time password authentication method can be made through an arbitrary route according to previously reserved settings to perform information collection and to process specific functions in the case where a system manager is unable to directly access the system through a determined route because of temporal and spatial limitations. | 06-18-2009 |
20090193264 | AUTHENTICATION SYSTEM AND METHOD - A strong authentication method and system using a Secure ICC component coupled with a Personal device, and relying on the existing cryptographic protocols and keys for managing the secure ICC to generate One-Time-Passwords when the necessary authentication keys or cryptographic protocols are not already present in the Secure ICC configuration for that purpose. | 07-30-2009 |
20090271632 | SECRET AUTHENTICATION SYSTEM - Authentication data indicating authenticity of a client is distributed into a plurality of function data as distributed data, the plurality of function data including function data specifying a function and rule data specifying the authentication data from the function. The client and a server shares a portion of the plurality of function data. The client calculates verification data from the function data unshared with the server, by performing a calculation process difficult for a third party to calculate the function data, and transmits the verification data to the server. The server verifies authenticity of the client based on the authentication data and distributed data per client stored therein, and the verification data received from the client. | 10-29-2009 |
20090282258 | PASSWORD GENERATOR | 11-12-2009 |
20090313478 | ARRANGMENTS FOR INTERFACING WITH A USER ACCESS MANAGER - Arrangements which permit the employment of dedicated user-access management architecture with more than text-based access. Particularly contemplated herein are arrangements for accepting user identifiers that are then communicated to an intermediate user-delineating architecture (i.e., architecture configured for permitting access to encrypted data or sections of a computer on a user-specific basis) in a manner to permit the user-delineating architecture to perform its own task of unlocking data or sections of a computer. | 12-17-2009 |
20100011222 | Interfacing with a system that includes a passcode authenticator - Protecting the security of an entity by using passcodes is disclosed. A passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. | 01-14-2010 |
20100042848 | Personalized I/O Device as Trusted Data Source - Personalized input/output (I/O) device as trusted credential source is described. According to one exemplary embodiment of the invention, a personalized I/O device used as trusted credential source is configured with a personalized certificate that includes a combination of the user and device information. One or more user credentials are signed with the private key associated with the personalized certificate and sent to an authenticator. An optional secure link based on personalized certificate provides additional security for transmitting the credentials either signed or unsigned. User credentials may include biometric measures (something the user is) such as user's voiceprint sample or fingerprint sample, and passwords (something the user knows). When the user credentials must be originated from the personalized I/O device (something the user has), all three factors of authentication can be included. | 02-18-2010 |
20100058067 | SECURING A PASSWORD DATABASE - An apparatus and a method for encrypting a username is described. In one embodiment, a hashed username is encrypted with a key. An input size of the key matches an output size of the key. The password associated with the hashed username is replaced with a function of the encrypted username. The function includes a linear combination operator of the password and the encrypted username. The encrypted username is then swapped with the replaced password. The encryption, replacement, and the swapping are iterated for at least two or more rounds using a different key with each iteration. | 03-04-2010 |
20100058068 | Secure PIN Character Retrieval and Setting - Disclosing a secure personal identification number (“PIN”) associated with a financial account to an account holder. A PIN reveal application can interact with a hardware security module (“HSM”) to decrypt and disclose the PIN to the account holder one or more PIN character(s) at a time. The account holder also can set a new PIN in a secure manner. A PIN set application can interact with the HSM to encrypt PIN characters received by the PIN set application from the account holder. The HSM provides a secure platform to encrypt and decrypt the secure PIN. | 03-04-2010 |
20100185870 | Method and System for Managing a Hierarchy of Passwords - A method and system manage a hierarchy of passwords for users accessing a hierarchy of access control devices. First, a codeword is acquired and a syndrome of the codeword is determined. Next, the codeword is randomly modified with a probability p to produce a modified codeword. The modified codeword is selected and assigned to a user as a password, if the modified codeword is recoverable. | 07-22-2010 |
20100228988 | METHOD AND DEVICE FOR VISUAL CODE TRANSACTION VERIFICATION - A method and device for visual code transaction verification enables more secure electronic transactions. The method includes generating a window having a first pattern of elongated segments. A second pattern of elongated segments is then generated, wherein a dynamic visual code is produced when the window and the first pattern of elongated segments are superimposed with the second pattern of elongated segments. A transaction with a user is then verified by matching the dynamic visual code with a code string entered by the user. | 09-09-2010 |
20100241865 | One-Time Password System Capable of Defending Against Phishing Attacks - A one-time password system capable of defending against on-line phishing attacks. The one-time password system is composed mainly of a Java smart card, a pre-end password calculation module, a post-end password registration module, a post-end password verification module and a post-end database. In the system, a Java smart card is used and message authentication code technology is relied upon to associate a login URL with a one-time password generation process, so that a user identification process against on-line phishing attacks can be achieved. | 09-23-2010 |
20100262834 | ONE TIME PASSWORD KEY RING FOR MOBILE COMPUTING DEVICE - Single-use character combinations are a secure mechanism for user authentication. Such “one-time passwords” (OTPs) can be generated by a mobile device to which the user otherwise maintains easy access. A key exchange, such as in accordance with the Diffie-Hellman algorithm, can provide both the mobile device and a server with a shared secret from which the OTPs can be generated. The shared secret can be derived from parameters posted on the server and updated periodically, and the mobile device can obtain such parameters from the server before generating an OTP. Such parameters can also specify the type of OTP mechanism to be utilized. A second site can, independently, establish an OTP mechanism with the mobile device. For efficiency, the first server can provide an identity token which provides the mobile device's public key in a trusted manner, enabling more efficient generation of the shared secret with the second server. | 10-14-2010 |
20100318807 | SYSTEM AND METHOD FOR GENERATING A DISGUISED PASSWORD BASED ON A REAL PASSWORD - A system and method for generating a disguised password are provided. The method presets a real password via an input device, selects one or more characters from the real password as a verification code. The method further generates an encryption code corresponding to the verification code according to an encryption algorithm, generates a character string based on the encryption code, and displays a verification box on a display screen to receive an input key from the input device. In addition, the method determines whether the input key matches the encryption code of the character string, and generates a disguised password by replacing the verification code with the encryption code in the real password if the input key matches the encryption code of the character string. | 12-16-2010 |
20110055586 | Secure PIN Character Retrieval and Setting Using PIN Offset Masking - Securely disclosing a personal identification number (“PIN”) associated with a financial account to an account holder and receiving a new PIN from the account holder. A PIN reveal application can interact with a hardware security module (“HSM”) using a PIN offset masking process and randomly generated account data to reveal the PIN to the account holder one or more PIN characters at a time. A PIN set application also can interact the HSM using a PIN offset masking process and randomly generated account data to receive a new PIN for the account one or more PIN characters at a time. In each of the PIN reveal and PIN setting processes, less than the entirety of the PIN is stored in an unencrypted format outside of the HSM only. | 03-03-2011 |
20110060913 | OTP GENERATION USING A CAMOUFLAGED KEY - A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP. | 03-10-2011 |
20110087890 | INTERLOCKING PLAIN TEXT PASSWORDS TO DATA ENCRYPTION KEYS - Described embodiments provide for authenticating a user request for access to at least a portion of an encrypted storage device. First, the request for access to at least a portion of the encrypted storage device is received. The request includes a plaintext password. A hash module generates a hashed version of the received plaintext password based on an authentication hash key. A hashed value of the generated plaintext password is retrieved from a key storage. A hash comparator compares the hashed version of the received plaintext password with the retrieved hashed value of the generated plaintext password. If the hashed version of the received plaintext password and the retrieved hashed value of the generated plaintext password are equal, the user is authenticated for access to at least a portion of the encrypted storage device. Otherwise, the user is denied access to the encrypted storage device. | 04-14-2011 |
20110099384 | STRONG AUTHENTICATION TOKEN USABLE WITH A PLURALITY OF INDEPENDENT APPLICATION PROVIDERS - The present invention defines a strong authentication token for generating different dynamic credentials for different application providers comprising an input interface providing an output representing an application provider indicator; a secret key storage for storing one or more secret keys; a variability source for providing a dynamic variable value; a key providing agent for providing an application provider specific key as a function of said application provider indicator using one or more keys stored in said secret key storage; a cryptographic agent for cryptographically combining said application provider specific key with said dynamic variable value using symmetric cryptography; a transformation agent coupled to said cryptographic agent for transforming an output of said cryptographic agent to produce a dynamic credential; and an output interface to output said dynamic credential. | 04-28-2011 |
20110179282 | INTEGRITY PROTECTED SMART CARD TRANSACTION - Systems, methods, and technologies for configuring a conventional smart card and a client machine, and for performing a smart card authorization using the configured smart card and client. Further, the combination of methods provides for mutual authentication—authentication of the client to the user, and authentication of the user to the client. The authentication methods include presenting a specified token to the user sufficient to authenticate the client to the user and thus protect the user-provided PIN. Security is strengthened by using an integrity key based on approved client system configurations. Security is further strengthened by calculating a PIN′ value based on a user-specified PIN and a modifier and using the PIN′ value for unlocking the smart card. | 07-21-2011 |
20120084571 | IMAGE-BASED KEY EXCHANGE - This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service. | 04-05-2012 |
20120096279 | PROBLEM-BASED ACCOUNT GENERATION - A method to provide problem-based access to a computing device is disclosed herein. In one embodiment of the invention, such a method includes detecting a problem on a computing device. The method automatically generates a user account on the computing device in response to detecting the problem. The problem is then tied to the user account. A support provider is then notified of the problem and the user account associated with the problem. This user account may be assigned to a service technician to enable access to the computing device. The service technician may then log into the computing device using the user account and address the problem. A corresponding apparatus and computer program product are also disclosed herein. | 04-19-2012 |
20120144203 | Authenticating a User with Hash-Based PIN Generation - Systems and methods for authenticating a user of a service are disclosed. A Personal Identification Number (PIN) is generated using a plurality of variables, and a user is authenticated by comparing the PIN generated at the user's mobile device with a PIN generated on an authentication server. The authentication enables the user to access a service or resource hosted on a host server. When requesting access to the resource, the user generates a device PIN and transmits the device PIN along with their unique key into the host server. The host server forwards the device PIN and the key to the authentication server. The authentication server generates a server PIN and compares the server PIN to the device PIN. If the two PINs match, the authentication server transmits a successful authentication response to the host server. The PIN generation process is a standard hash process, such as MD5 or SHA1, and uses at least the key provided by the user, a device identifier, and a current date/time. The device identifier is one of a unique identifier of the hardware on the mobile device or a unique identifier of a communication channel. This combination of the device identifier and the key ensures that only an authorized user is allowed access to the service. | 06-07-2012 |
20120221862 | Multifactor Authentication System and Methodology - A system is provided for authenticating a user who is accessing a secure network from a client device. The system comprises a software program resident on the client device, wherein said program is disposed in a tangible medium and contains suitable instructions for generating a session-specific, time-independent password on demand. | 08-30-2012 |
20130061057 | AUTHENTICATION METHOD AND DEVICE - The present invention describes a method for authenticating a user of a mobile device by a verification authority, by making use of at least a personal identification number (PIN) and at least one cryptographic key, such that the PIN and the cryptographic key is known only to the user and the verification authority. The cryptographic key has at least one session key. Firstly, the user encodes the PIN by using at least one session key and then transfers the encoded PIN to a predefined address of the verification authority via the mobile device. Next, the verification authority decodes the PIN by using the cryptographic key authenticates the user if the decoded PIN matches a PIN stored corresponding to the user. | 03-07-2013 |
20130073863 | PERSONAL IDENTIFICATION NUMBER SECURITY ENHANCEMENT - A method that includes receiving, from a first entity having an input permission, a first data structure into a HSM, wherein the first data structure maps a first many-to-one mapping between a first and a second PIN numeral system. The method also includes determining whether the content of the first data structure is valid, storing the first data structure in the HSM if the first data structure is valid and marking the stored first data structure as inactive. The method further includes activating the first data structure if a second data structure is input into the HSM by a second entity having an activation permission, wherein the first entity is different from the second entity, the first data structure is identical to the second data structure. The method additionally includes converting from the first to the second PIN numeral system responsive to the activated first data structure. | 03-21-2013 |
20130103949 | SECURE PASSWORD GENERATION - A secure password generation method and system is provided. The method includes enabling by a processor of a computing system, password translation software. The computer processor generates and stores the random translation key. A first password is received and a second associated password is generated. The computer processor associates the second password with a secure application. The computer processor stores the random translation key within an external memory device and disables a connection between the computing system and the external memory device. | 04-25-2013 |
20130132731 | ACCESS CONTROL SYSTEM AND ACCESS CONTROL METHOD THEREOF - An access control system and an access control method thereof are provided. The access control system comprises a handheld device, an access control server and a terminal recording device. The handheld device has a user identification. The access control server is configured to store a user identification set, connect to the handheld device within a first time interval, determine that the user identification is included in the user identification set, generate a one-time password (OTP) seed set, and transmit the OTP seed set to the handheld device. The terminal recording device connects to the handhold device within a second time interval, and performs a two-way identification certification with the handheld device according to the OTP seed set so that the handheld device performs a data access to the terminal recording device after achieving the two-way identification certification. | 05-23-2013 |
20130145171 | METHOD AND SYSTEM FOR SECURE DATA ACCESS AMONG TWO DEVICES - An embodiment of the present invention provides a method for secure data access among two devices. The method comprises: retrieving unique information corresponding to a first electronic device and a storage device; generating an encryption key according to the unique information; generating a password string for secure a data file; encrypting the password string with the encryption key; and locking and storing the data file together with the encrypted password string in the storage device. | 06-06-2013 |
20130151859 | KEY AND METHOD FOR ENTERING COMPUTER RELATED PASSWORDS VIA A MNEMONIC COMBINATION - A key for entering computer related passwords via a mnemonic combination includes an electronic key with a communication means, a computer program, a storage unit, and a user interface. The communication means is for communicating with a computer device where the computer device recognizing the electronic key as a human input device. The computer program is for creating a password and a mnemonic combination associated with the password. The storage unit is for storing the password and the mnemonic combination association with the password. The user interface is for allowing a user to enter the mnemonic combination into the electronic key. Wherein, when the user enters the mnemonic combination into the user interface, the electronic key communicating the password associated with the mnemonic combination to the computer device as a human input device. | 06-13-2013 |
20130332741 | KEY CAMOUFLAGING USING A MACHINE IDENTIFIER - A method is provided for generating a human readable passcode to an authorized user including providing a control access datum and a PIN, and generating a unique machine identifier for the user machine. The method further includes modifying the controlled access datum, encrypting the controlled access datum using the PIN and/or a unique machine identifier to camouflage the datum, and generating a passcode using the camouflaged datum and the PIN and/or the unique machine identifier. A mobile user device may be used to execute the method in one embodiment. The passcode may be used to obtain transaction authorization and/or access to a secured system or secured data. The unique machine identifier may be defined by a machine effective speed calibration derived from information collected from and unique to the user machine. | 12-12-2013 |
20140025957 | METHOD FOR ENTERING PASSWORD AND PORTABLE ELECTRONIC DEVICE AND UNLOCKING METHOD AND DATA AUTHENTICATING METHOD - A method for entering password and a portable electronic device using the same, a method for unlocking the portable electronic device and a data authenticating method are provided, wherein the portable electronic device includes a touch screen. The method includes displaying an interface for entering a somatosensory password, measuring and recording at least one angle variation of the portable electronic device on at least one dimension, and generating a somatosensory signal data set according to the at least one angle variation of the portable electronic device on the at least one dimension. The method further includes generating a user password data according to the somatosensory signal data set, encrypting the user password data according to an encryption algorithm to generate an encrypted user password data, and transmitting the encrypted user password data to an authentication unit. | 01-23-2014 |
20140032921 | Protecting data on a mobile device - A password protection application is executed on a mobile device and provides an interface by which an authorized user can define and configure a “data protection profile” for the device. This profile defines at least one security event (criteria or condition) associated with the device, and at least one protection action that should occur to protect data on the device upon the triggering of the event. Once defined in a profile, the application monitors for the occurrence of the security event. Upon the occurrence of the specified event, the protection action is enforced on the device to protect the data. | 01-30-2014 |
20140032922 | BLIND HASHING - A blind hashing system and method are provided in which blind hashing is used for data encryption and secure data storage such as in password authentication, symmetric key encryption, revocable encryption keys, etc. The system and method include using a hash function output (digest) as an index or pointer into a huge block of random data, extracting a value from the indexed location within the random data block, using that value to salt the original password or message, and then hashing it to produce a second digest that is used to verify the password or message, encrypt or decrypt a document, and so on. A different hash function can be used at each stage in the process. The blind hashing algorithm typical runs on a dedicated server and only sees the digest and never sees the password, message, key, or the salt used to generate the digest. | 01-30-2014 |
20140040629 | OTP GENERATION USING A CAMOUFLAGED KEY - A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP. | 02-06-2014 |
20140052995 | DYNAMIC TOKEN SEED KEY INJECTION AND DEFORMATION METHOD - The present invention discloses a dynamic token seed key injection and deformation method. The method comprises steps of: generating in advance an initial seed key for a token and injecting the initial seed key into the token during manufacture; when distributing the token to an end user, performing an activation operation, and obtaining a new seed key, which is the final seed key for the future work of the token, by performing an operation based on an active code and the initial seed key; meanwhile, introducing the initial seed key into a dynamic password authentication system which performs the same deformation operation for the seed key as that performed in the token to obtain the same new seed key. After the activation operation in the token and the authentication system in this way, the final new seed key is different from the initial seed key injected by the token manufacturer, so that the privacy of the seed key is strengthened. | 02-20-2014 |
20140068271 | METHOD AND SYSTEM FOR MULTIPLE PASSCODE GENERATION - This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge. | 03-06-2014 |
20140164781 | SYSTEM AND METHOD FOR GENERATING ONE-TIME PASSWORD FOR INFORMATION HANDLING RESOURCE - In accordance with embodiments of the present disclosure, a method may include generating a random number to be associated with an information handling resource. The method may also include generating a challenge string based at least on the random number. The method may additionally include encrypting the challenge string using a first shared secret. The method may further include receiving a one-time password generated by a vendor associated with the information handling resource, the one-time password generated by decrypting the challenge string using the first shared secret, parsing the random number from the decrypted challenge string, and digitally signing the decrypted challenge string with a digital signature using a second shared secret. The method may also include granting user access to the information handling resource in response to verifying, using the second shared secret, that the digital signature matches the random number. | 06-12-2014 |
20140164782 | SYSTEM AND METHOD FOR PIN ENTRY ON MOBILE DEVICES - A system for entering a secure Personal Identification Number (PIN) into a mobile computing device includes a mobile computing device and a peripheral device that are connected via a data communication link The mobile computing device includes a mobile application and a display and the mobile application runs on the mobile computing device and displays a grid on the mobile computing device display. The peripheral device includes a display and an encryption engine, and the peripheral device display displays a grid corresponding to the grid displayed on the mobile computing device display. Positional inputs on the mobile computing device grid are sent to the peripheral device and the peripheral device decodes the positional inputs into PIN digits and generates an encrypted PIN and then sends the encrypted PIN back to the mobile computing device. | 06-12-2014 |
20140223190 | WEB-BASED SECURITY AUTHENTICATION - A method and system for performing a security authentication. A name of a user, N sequences of digits, and encrypted values respectively corresponding to the digits in the N sequences are transmitted to a destination device. Each sequence includes a same M unique digits and begins with a different digit, wherein N≧2 and M≧3. N encrypted values of the transmitted encrypted values are received, wherein an I | 08-07-2014 |
20140258728 | SECURE PASSWORD GENERATION - A secure password generation method and system is provided. The method includes enabling by a processor of a computing system, password translation software. The computer processor generates and stores the random translation key. A first password is received and a second associated password is generated. The computer processor associates the second password with a secure application. The computer processor stores the random translation key within an external memory device and disables a connection between the computing system and the external memory device. | 09-11-2014 |
20140281562 | SYSTEM AND METHOD FOR UNIFIED PASSCODE PROCESSING - A system and method for unified password processing is provided. According to an aspect, a device can receive a unified passcode. The unified passcode can be a passcode for unlocking access to the device, or can be the basis for generating additional passwords or both. The unified passcode can also be used for generating additional passcodes for unlocking additional features of the device. The generated passcodes can also be used for unlocking modules that are connected to a device such as a universal integrated circuit card (UICC). In cases where a generated passcode can be used to unlock a UICC, the generated passcode is converted to a personal identification number (PIN). The mobile interface to the UICC can be extended to include alphanumeric passwords, in addition to PINs. | 09-18-2014 |
20140365780 | SYSTEM AND METHODS FOR ONE-TIME PASSWORD GENERATION ON A MOBILE COMPUTING DEVICE - A method for a mobile computing device comprises downloading a one-time password initializer from an authentication server, the one-time password initializer configured to generate a device-specific signature for the mobile computing device; uploading a device-specific signature to the authentication server; and downloading a device-specific configuration and one-time password generator from the authentication server. In this way, both the mobile computing device and authentication server may independently generate equivalent one-time passwords based on unique information associated with the mobile computing device. | 12-11-2014 |
20150012755 | Cryptographic Passcode Reset - This invention provides a novel method, system, and apparatus allowing an authorized user access to controlled assets when a passcode method malfunctions, such as when a user forgets a password, a token malfunction, or a biometric mismatch. The invention allows temporary access to an access control system without knowing the password and without sending the user the password or a new random password. The user is able to set a new password without knowing the previous password. Furthermore, stored encrypted data is preserved and made accessible once again via the new passcode. This invention works for many authentication methods such as restoring access when a password, token, access card, or biometric sample is used. | 01-08-2015 |
20150033029 | APPARATUS, METHOD AND COMPUTER-READABLE MEDIUM - An apparatus includes a memory; and a processor coupled to the memory and configured to: authenticate an identification for accessing a first service by comparing a password associating with the identification with an first encrypted password that is generated by encrypting the password on the basis of a first encryption policy to authenticate an access to the first service; and provide a second service with the identification and the password to cause to generate information when an authentication of the identification is successful, the information being accessed to authenticate the identification when the second service is accessed based on the identification and the password. | 01-29-2015 |
20150039898 | METHOD FOR AUTHENTICATING A DEVICE INCLUDING A PROCESSOR AND A SMART CARD BY PATTERN GENERATION - A method for authenticating a device comprising a processor and a smart card. A user unlocks the smart card using a PIN code. A secret key Kc of the smart card and the PIN code of the smart card is transmitted to the processor. The processor performs a cryptographic calculation using a secret key Kp of the processor, the PIN code, and Kc. A pattern is generated from the cryptographic calculation by the processor and transmitted to the user. The pattern generated by the device is compared to a pattern memorized by the user. | 02-05-2015 |
20150082046 | PASSWORD GENERATION AND RETRIEVAL SYSTEM - The present invention seeks to meet these needs by providing a password generation and retrieval system (PGRS) that generates encrypted passwords with a computer program using an algorithm that combines a website information such as a domain name or email address, the user's own text input or phrase, and the user's own numeric value or pin number. The present invention does not involve the maintenance of a database of any kind. As such, there is no login required and no records are kept of the visitors, their input or the passwords generated. Preferably, the process is carried out using a website, browser extension, smart phone application and/or a stand-alone executable program. | 03-19-2015 |
20150089239 | Passcode Operating System, Passcode Apparatus, and Super-Passcode Generating Method - The present invention relates to a passcode operating system, to a passcode apparatus, and to a super-passcode generating method, which are capable of protecting user authentication information from external hacking. The passcode apparatus of the present invention comprises: one or more processors; a memory; and one or more programs stored in the memory and configured to be executed by the one or more processors. The program includes: a data safekeeping module for storing user-specific passcode data; an input window module for displaying an input window on which multiple icons are arranged; and a passcode-generating module for checking, when icons are selected through the input window module, the character string corresponding to each selected icon on a virtual keyboard contained in the passcode data, generating a seed passcode in which the checked character strings are combined, and generating a super-passcode for each website using the seed passcode and a site code. | 03-26-2015 |
20150127950 | METHOD OF ENCRYPTING DATA - A method of encrypting data comprising the steps of: creating a one time pad; and encrypting the data using the one time pad to produce output data, wherein the one time pad is generated using the data. | 05-07-2015 |
20150149787 | CLIENT-BASED AUTHENTICATION - Apparatus, systems, and methods may operate to invoke multiple authentication mechanisms, by a client node, to encrypt N split-keys using credentials associated with corresponding ones of the authentication mechanisms. Further activity may include transforming the split-keys to provide N encrypted split-keys, and storing each of the encrypted split-keys with an associated local user identity and an identity of corresponding ones of the authentication mechanisms. Additional apparatus, systems, and methods are disclosed. | 05-28-2015 |
20150295709 | BIOMETRIC VALIDATION METHOD AND BIOMETRIC TERMINAL - The present invention belongs to the field of Biometry. It discloses useful technology and equipment to make remote processes of fingerprint recognition and identity authentication, based on the processing and validation of biometric data that is captured in a recipient device, controlled by a center that acts like the network controller, linked as well to a process that verifies and ensures the required identity. | 10-15-2015 |
20150343967 | APPARATUS AND METHOD FOR PREVENTING LEAKAGE OF VEHICLE INFORMATION - An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module. | 12-03-2015 |
20150365235 | METHOD, SYSTEM AND ELECTRONIC DEVICE - A method comprising generating an auxiliary key based on a secret key which is stored in an electronic device, generating a representation of the auxiliary key, displaying the representation of the auxiliary key on a display of the first electronic device, capturing the representation of the auxiliary key with a camera of a second electronic device, and restoring the auxiliary key from the captured representation of the auxiliary key. | 12-17-2015 |
20160006562 | SECURE PASSWORD GENERATION - A secure password generation method and system is provided. The method includes enabling by a processor of a computing system, password translation software. The computer processor generates and stores the random translation key. A first password is received and a second associated password is generated. The computer processor associates the second password with a secure application. The computer processor stores the random translation key within an external memory device and disables a connection between the computing system and the external memory device. | 01-07-2016 |
20160020905 | SECURING USER CREDENTIALS - A password is secured using a first key. At least one of a password record, a username record, and as domain name record is created. The at least one password record, username record, and domain name record are associated. The associated records are encrypted using a second key, where the second key is different from the first key. A credentials record is created based on the encrypted associated records. | 01-21-2016 |
20160065378 | Apparatus for Providing Puf-Based Hardware OTP and Method for Authenticating 2-Factor Using Same - Provided is an apparatus for generating a hardware-based OTP which is impossible to duplicate. The apparatus for generating the OTP can comprise a PUF for generating a unique PIN. In addition, provided is a method which is used for 2-Factor authentication with the apparatus for generating the OTP and existing secure elements. | 03-03-2016 |
20160103987 | ELECTRONIC DEVICE AND AN UNLOCKING PASSWORD SETTING METHOD - In an unlocking password setting method executed by a first electronic device, the first electronic device is connected to a second electronic device. Handwriting of a user is captured from an input device when a command of setting the unlocking password of the second electronic device is received. The handwriting is translated into a digital password. The digital password is stored in the first electronic device and the second electronic device as the unlocking password of the second electronic device. | 04-14-2016 |
20160112198 | SYSTEM AND METHOD OF SECURE TEXT GENERATION - A device including circuitry configured to receive a security profile corresponding to one or more of a user and an application to which an output of a secure text generation process will be applied, wherein the security profile includes a private key. The circuitry may receive a sequence of characters input from a text input device in communication with the circuitry. The circuitry may generate, for each character input in the sequence of characters, one or more random characters, wherein the one or more random characters are generated based on an algorithm having the character text input and the private key as inputs, and wherein the algorithm includes a mathematical function corresponding to the private key. The secure text generation process is iteratively performed on a single character, of the sequence of characters received from the text input device, without storing preceding received characters included in the sequence of characters. | 04-21-2016 |
20160112199 | REDUCING THE EFFECTIVENESS OF SMUDGE AND THERMAL IMAGING ATTACKS - An example method is provided for an electronic device, which may have a display and an input interface, to perform password authentication. The example method may include generating at least one sequence of input elements for entry during the authentication of the user's password to disguise entry of the user's password via the input interface by increasing the user's contact with the input interface and prompting, on the display, for an entry of the user's password and the at least one sequence of input elements via the input interface. The example method may further include receiving, via the input interface, entry of the user's password and the at least one sequence of input elements and determining whether the authentication is successful by checking whether the received entry is correct. | 04-21-2016 |
20160197729 | LOCATION AWARE CRYPTOGRAPHY | 07-07-2016 |