23290 results about "Authentication" patented technology

Novel gaming networks, devices, and systems for enabling game play on wireless, mobile gaming devices based on the location of the device are described. A mobile gaming device can be used for wagering game play when the device is physically present in an authorized game play zone in a gaming environment and is used by an authorized and verified user. A gaming environment is divided into zones wherein a zone either allows wagering game play on a device or does not. A zone has multiple transmitters that transmit security signals that are detectable by a mobile device at all times while the device is in the zone. An appropriate wireless communication standard can be used to transmit the security signal, such as near-field magnetic communication. The device has at least one user identification and authentication mechanism to ensure that only an authorized user is using the device.

The system and method described herein may identify one or more virtual desktop extensions available in a cloud computing environment and launch virtual machine instances to host the available virtual desktop extensions in the cloud. For example, a virtual desktop extension manager may receive a virtual desktop extension request from a client desktop and determine whether authentication credentials for the client desktop indicate that the client desktop has access to the requested virtual desktop extension. In response to authenticating the client desktop, the virtual desktop extension manager may then launch a virtual machine instance to host the virtual desktop extension in the cloud and provide the client desktop with information for locally controlling the virtual desktop extension remotely hosted in the cloud.

Requests to gain access to secure resources are adjudicated according to authentication policies that include rules based on user-states derived from multiple heterogeneous access-control systems.

An authentication and authorization plug-in model for a cloud computing environment enables cloud customers to retain control over their enterprise information when their applications are deployed in the cloud. The cloud service provider provides a pluggable interface for customer security modules. When a customer deploys an application, the cloud environment administrator allocates a resource group (e.g., processors, storage, and memory) for the customer's application and data. The customer registers its own authentication and authorization security module with the cloud security service, and that security module is then used to control what persons or entities can access information associated with the deployed application. The cloud environment administrator, however, typically is not registered (as a permitted user) within the customer's security module; thus, the cloud environment administrator is not able to access (or release to others, or to the cloud's general resource pool) the resources assigned to the cloud customer (even though the administrator itself assigned those resources) or the associated business information. To further balance the rights of the various parties, a third party notary service protects the privacy and the access right of the customer when its application and information are deployed in the cloud.

A network-based mobile workgroup system has considerably wider appeal and application than normal virtual private networks in that it provides seamless mobility across a number of access technologies at the same time as it offers a granular security separation down to workgroup level. The mobile workgroup system is an access management system for mobile users with VPN and firewall functionality inbuilt. The mobile user can access the mobile workgroup system over a set of access technologies and select server resources and correspondent nodes to access pending their workgroup membership approvals. All workgroup policy rules are defined in a mobile service manager and pushed down to one or more mobile service routers for policy enforcement. The mobile service router closest to the mobile client, and being part of the mobile virtual private network, performs regular authentication checks of the mobile client during service execution. At the same time it performs traffic filtering based on the mobile user's workgroup memberships. Together, these two components constitute an unprecedented security lock, effectively isolating a distributed workgroup into a mobile virtual private network.

A system enables communication between server resources and a wide spectrum of end-terminals to enable access to the resources of both converged and non-converged networks via voice and/or electronically generated commands. An electronic personal assistant (ePA) incorporates generalizing/abstracting communications channels, data and resources provided through a converged computer/telephony system interface such that the data and resources are readily accessed by a variety of interface formats including a voice interface or data interface. A set of applications provides dual interfaces for rendering services and data based upon the manner in which a user accesses the data. An electronic personal assistant in accordance with an embodiment of the invention provides voice/data access to web pages, email, file shares, etc. A voice-based resource server authenticates a user by receiving vocal responses to one or more requests variably selected and issued by a speaker recognition-based authentication facility. Thereafter an application proxy is created.

A system for electronic file collaboration among multiple users is implemented using command messages transmitted on dedicated network channels established between conference participants in a peer-to-peer architecture with total autonomy from a central server. The system employs owner-in-control methodology to allow direct transmission of copies of documents among participants by permission, and to prevent storage of copies of documents used in a conference by participants. Mark-ups, additions, and other actions occurring on a conference document can only be saved by the document owner. An advanced viewer engine is provided for reading, displaying and manipulating electronic data in texts, tables, vectors and 3D model formats, as well as common raster images. A proxy module allows data transmitted through IPFW routers or firewall devices with sufficient authentications and security measures.

In a digital payment system, a sequence of random numbers is stored at a payment service. A set of digitally encoded random numbers derived from the stored sequence is issued to the user in return for payment. The tokens are stored in a Carnet. The user can then spend the tokens by transferring tokens to a merchant, for example, to an on-line service provider. The merchant returns each token received to the payment server. The payment server authenticates the token and transmits an authentication message to the merchant. The merchant, payment server and user may be linked by internet connections.

Applications of RFID technology include: RFID Tags on Automobiles in Parking Garages; RFID w/Toothbrushes; RFID Tags For Laundry Settings; RFID Tags Or Labels to Find a Mate; RFID To Identify The Value Of Coins; RFID Tags In The Doctors Office; RFID Tags Or Labels In Game Arcades; RFID With Prisoners; RFID Tags To Identify Soldiers; RFID Labels As Tags To Label Particular Components Of Aircraft or Other Structures; Car, Snowmobile, Boat, Etc. Ignition That Won't Start Without RFID Card; Car seats with RFID reader and memory; Air bags that adjust based on information on RFID; Car that keeps track of GPS info and knows whos driving based on RFID; RFID Smart Closet; Method of taking attendance; RFID on networked desks to monitor the location of individuals; Personal computer reads RFID to log you in and take you to favorite web page, load favorites list, etc.; RFID labels on Files; RFID address label versions of all label and sheet inventions; RFID sports tickets; Combination function invitation and RFID chip to allow admittance; Roll of tape with RFID built in; Schoolbus reads which kids getting on, keeps record; RFID on each car wheel; RFID key to operate common-area laundry; RFID to automatically adjust weights/treadmill settings in gym; RFID w/clothes measurements, save shelf space at store, get proper size; RFID keyring w/car information; Keep track of who's driving around neighborhood; RFID dental implant; RFID Thumbtack; RFID Doorstop; RFID identification of boats or ships at docks; RFID on cups w/specifics of favorite coffee drinks; RFID on bridges with RFID tanks on top of cars, to detect speeding; RFID on studs in a wall and RFID reader that acts as a stud finder; RFID tags or labels inside tires; RFID cards supplied with newspapers or magazines; RFID card that lights up a when the user reaches a particular location; RFID sports ticket w/automatic map generation to seat; RFID card to tell school cafeteria what lunch to prepare for particular student; student desk with slot to receive RFID card, desks on networks together, Central computing system can tell where any particular student is sitting at any given moment within the school; RFID readers on outdoor play equipment; Authentication of Expensive Items With RFID; Paintings or other art work with RFID label to be used to verify the number in a limited series; RFID on sports helmet or uniform; RFID chips in paint; RFID cards issued to airline passengers to identify type of drinks and meals for a particular passenger, etc.; Greeting Cards With RFID; Decorative Tiles With RFID Tags; RFID in Car Washes; and Adaptive Advertising Based on RFID Information.

The disclosure provides a system and method for a client connected to a server to a resource in a network. For the system a virtual machine module is provided to access a library and to create virtual machine templates and to create virtual machines from the virtual machine templates. The virtual machine module provides to a host machine in the network access to machines, user profile settings and instances of an application in the network and to multiple operating systems. The client has: access to an instance of the resource; an access module to provide the client with communication to access to the server using load balancing algorithms to access the file using Remote Desktop Protocol (RDP) commands; and an authentication module providing access to a directory structure accessed by the server using Microsoft Group Policy Objects (GPOs) and Active Directory (AD) services to authenticate the client with the server.

Providing a user with assurance that a computer is secure based on a vulnerability assessment completed by a browser-compatible scanner operating on the computer. If the scanner finds a vulnerability, the scanner can inform the user that the machine is or may be compromised, or repair the vulnerability. For example, the scanner may be able to repair the vulnerability of the workstation. In the alternative, the scanner can provide the scan results to a network server. If the vulnerability assessment shows that the workstation is compromised, or if the possibility of remote compromise is high, the network server can decline to provide network services to the workstation.

A suspect user (110) seeks access to a network resource from an access authority (150) utilizing a passcode received from an authentication authority (130). Initially, an ID of a device is bound with a PIN, the device ID is bound with a private key of the device, and the device ID is bound with a user ID that has been previously bound with a password of an authorized user. The device ID is bound with the user ID by authenticating the user ID using the password. Thereafter, the suspect user communicates the device ID and the PIN from the device over an ancillary communications network (112); the authentication authority responds back over the ancillary communications network with a passcode encrypted with the public key of the device; and the suspect user decrypts and communicates over a communications network (114) the passcode with the user ID to the access authority.

The present invention provides a home security system that includes a home security controller for collecting monitor data from various crime prevention and disaster prevention sensors installed in a home via a home network and notifying the portable terminal when a state of emergency occurs. The home security controller also enables devices in the home to be operated through remote control signals via an external network. The home security system further includes a portable terminal capable of connecting to the external network and having fingerprint data inputting means mounted on the body of the portable terminal for inputting fingerprints used for authentication. The fingerprint data inputting means has an assigned ID number. The home security system further includes a security center server having fingerprint authenticating means for receiving fingerprint data from the portable terminal via the external network and authenticating the fingerprint data through comparisons with registered fingerprint data. The fingerprint authenticating means completes authentication by checking the assigned ID number of the fingerprint data inputting means and matching the received fingerprint data with fingerprint data registered in association with the ID number. The security center server allows a connection between the portable terminal and the home security controller and controls bi-directional communications between the two after the security center server has completed authentication, enabling the portable terminal to receive monitor data from and transmit remote control signals to the home security controller via the external network.

A system loads, authenticates and uses a virtual smart card for payment of goods and/or services purchased on-line over the Internet. An online purchase and load (OPAL) server includes a virtual smart card data base that has a record of information for each smart card that it represents for a user at the behest of an issuer. The server includes a smart card emulator that emulates a smart card by using the card data base and a hardware security module. The emulator interacts with a pseudo card reader module in the server that imitates a physical card reader. The server also includes a client code module that interacts with the pseudo card reader and a remote payment or load server. A pass-through client terminal presents a user interface and passes information between the OPAL server and a merchant server, and between the OPAL server and a bank server. The Internet provides the routing functionality between the client terminal and the various servers. A merchant advertises goods on a web site. A user uses the client terminal to purchase goods and/or services from the remote merchant server. The payment server processes, confirms and replies to the merchant server. The payment server is also used to authenticate the holder of a virtual card who wishes to redeem loyalty points from a merchant. To load value, the client terminal requests a load from a user account at the bank server. The load server processes, confirms and replies to the bank server.

Apparatus and methods for protected content access, browsing and transfer over a network. In one embodiment, the network comprises a premises (e.g., residential) LAN, and the apparatus comprises a server and renderer consumer premise equipment (CPE). The renderer CPE scans the network to search for a server CPE that implement a compatible security framework. The renderer authenticates itself with the server, and the server allows content browsing and selection access only to an authorized and authenticated renderer. A negotiation and exchange protocol comprises messages exchanged between the renderer and the server that include one or more of device identification, encryption key exchange, digital certificates and information regarding security package used by each CPE.

Techniques are provided IP address assignment and management in a wireless network. Such a wireless network can comprise a plurality of wireless clients, a registration server, a plurality of wireless switches each being configured to support a particular subnet. Each wireless client can generate a Dynamic Host Configuration Protocol (DHCP) request for an Internet Protocol (IP) address when the client either powers up in of moves to a new subnet, 802.11 authenticates and associates and 802.1x authenticates. The wireless switches can communicate with the registration server over an IP tunnel. For example, each wireless switch can receive the DHCP requests from wireless clients associated with the subnet of the wireless switch, and forward the DHCP requests to the registration server. The registration server can receive the forwarded DHCP requests, and assign IP addresses to the wireless clients based on the forwarded DHCP requests.

A system, various methods, and various apparatuses are provided for the purpose of supplying and including in an electronic message or multimedia session signalling unit a valid cryptographic authentication token, verifying said token's validity upon arrival of said message or signalling unit, and thereby providing message recipients or session parties with the assurance that said message or signalling unit is from a valid sender. A system, apparatus, and various methods are further provided for the purpose of protecting legitimate application traffic and the network elements exchanging it from intrusion by wild packets attempting to consume application resources and thereby deny service to legitimate users or network elements. A system, various methods, and various apparatuses are further provided for the purpose of enabling legitimate advertising via electronic messages, relying upon message and sender authentication to assure both advertisers and viewers of advertising messages that all participants are valid, legitimate, and accountable for any abuse that may occur.

A time-based method for generating an authentication code associated with an entity uses an authentication code generated from a secret, a dynamic, time-varying variable, and the number of previous authentication code generations within the particular time interval. Other information such as a personal identification number (PIN) and a verifier identifier can also be combined into the authentication code.

A gateway for providing consumer services is presented. The gateway includes a secure partition associated with a gateway and operable to control access to at least one utility service and a bundle associated with the secure partition. The gateway also includes a consumer service associated with the secure partition and an application programmer interface (API) bundle associated with the secure partition and providing at least one support function to the consumer service. In addition, the gateway includes a provisioning service associated with the secure partition and the API bundle, the provisioning service operable to install the consumer service, a billing service associated with the secure partition and the API bundle, the billing service operable to provide billing capabilities to the consumer service and a profile service associated with the secure partition and the API bundle, the profile service operable to store a user profile. Further, the gateway includes an authentication service associated with the secure partition and the API bundle, the authentication service operable to authorize a user associated with the gateway, a remote-logging service associated with the secure partition and the API bundle, the remote-logging service operable to log an event associated with the consumer service, and a maintenance service associated with the secure partition and the API bundle, the maintenance service operable to determine a network status associated with the gateway.

Systems and methods for performing financial transactions are provided. In one embodiment, the invention provides for method for bank card transactions, including: reading the token information at the point of swipe for traditional and non-traditional POS platforms; performing a low-security task on the token information using a first microprocessor, wherein the non-security task includes one or more tasks from the group of encryption determination, encryption-decryption request, key management, token information delivery, or transactional data delivery; and performing a security-related task on the token information using a second microprocessor based on a request from the first microprocessor, wherein the security-related task includes one or more tasks from the group of token information authentication, token information decryption, or token information encryption. Formatting the encrypted information such that it is compatible with the format of the current POS system.

A method for facilitating distributed authentication includes the step of requesting, by a user of a client machine residing in a first domain, access to a resource residing in a second domain. The client machine authenticates the user to an intermediate machine. The intermediate machine impersonates the client machine. The intermediate machine impersonating the client machine requests access to the second domain from a domain controller residing in the second domain. The domain controller authorizes the requested access, responsive to a determination that the impersonated client machine is trusted for delegation. The domain controller transmits to an application server residing in the second domain, authentication data associated with the impersonated client machine. The application server transmits, to the intermediate machine, a launch ticket uniquely identifying a logon token. The client machine provides, to the application server, the launch ticket to access the resource residing in the second domain.

Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource.

A method of generating authentication seeds for a plurality of users, the method involving: based on a single master seed, generating a plurality of derivative seeds, each one for a corresponding different one of a plurality of users; and distributing the plurality of derivative seeds to a verifier for use in individually authenticating each of the plurality of users to that verifier, wherein generating each one of the plurality of derivative seeds involves mathematically combining the master seed and a unique identifier identifying the corresponding user.

An individual's social network is used to authorize information flow to the individual and to authenticate the individual for access to certain information or services. Information flow to the individual is authorized if the source of the information is a member of the individual's social network who is connected to the individual along a path that does not traverse through anyone on a gray list of the individual. The black list identifies those members who previously sent unwanted communication to the individual or posted content that was deemed offensive by the individual. The gray list identifies those members who are one degree separated from any black list member. The individual is authenticated for access to certain information or services if a member of the individual's social network already has access and this member is connected to the individual along a path that does not traverse through anyone on a gray list of the individual, or if members of the individual's social network who are connected to the individual along a path that does not traverse through anyone on a gray list of the individual have an average authentication rating that is at least a minimum value.

A merchant computer generates a token including a “pay-me” merchant account identifier and transaction data for a transaction conducted by a consumer. The merchant token can be obtained by a mobile communication device and transmitted to a payment processing network along with a device identifier for the mobile communication device and an authentication token provided by the consumer. The payment processing network can authenticate the device using the authentication token, retrieve a consumer account number based on the device identifier, and complete the transaction by pushing money into the merchant “pay-me” account from the consumer account.

Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.

Embodiments of the invention can provide systems and methods for encrypting mobile device communications. According to one example embodiment of the invention, a method for encrypting mobile device communications is provided. The method can include generating, by a first application stored on a first memory of a mobile device, a message to be communicated to an intended recipient; providing, by the first application to an authentication application stored on a second memory of the mobile device, the message; encrypting, by the authentication application, the message; providing, by the authentication application to the first application, the encrypted message; and directing, by the first application, communication of the message to the intended recipient.

A method of authenticating a user to use a system includes using a provider token to generate a random value. The token generates a derived key based at least in part on a token-provided salt value and a user-provided password. The provider generates a token unlock key based at least in part on the derived key and sends it to the token. First and second challenge data instances are generated by the provider and the token, respectively, and the process is terminated if the challenge data instances are determined not to match. If the challenge data instances are determined to match, then an encrypted data transfer system is established between the token and the provider, and the token unlocks locked private data stored on the token. The user is authenticated for secured use of the system based at least in part on the unlocked private data.

A programmable logic device with ferroelectric configuration memories storing multiple configuration data sets. The device has programmable logic blocks, interconnections, and I/O blocks to provide desired logic functions. Those building blocks can be dynamically reconfigured by changing the selection of configuration data stored in the device's integral configuration memories. The configuration memories are divided into groups, so that they can be loaded concurrently with multiple configuration data streams. To protect the content of configuration memories from unauthorized access, the device employs an authentication mechanism that uses security IDs stored in the configuration memories. The device has a memory controller to provide an appropriate power supply sequence for ferroelectric memory cells to ensure the reliable data retention when the device is powered up or shut down.

A mobile device includes a wireless transceiver, a host processor, a secure element (SE), and a near field communication (NFC) system having an NFC transceiver and an NFC controller implementing a contactless front end. The contactless front end routes a near field communication related to a payment transaction between the NFC system and the SE without going to or from the host processor. The contactless front end routes a near field communication not related to a payment transaction, but requiring a security function, between the NFC system and the SE without going to or from the host processor. The contactless front end routes a near field communication not related to a payment transaction, and not requiring a security function, between the NFC system and host processor without going to or from the SE.