333 results about "Challenge response" patented technology

Embodiments of the invention enable cardholders conducting an online transaction to be authenticated in real-time using a challenge-response application. The challenge-response application can be administered by an issuer or by a third party on-behalf-of an issuer. A challenge question can be presented to the cardholder, and the cardholder's response can be verified. The challenge question presented can be selected based on an analysis of the risk of the transaction and potentially other factors. A variety of dynamic challenge questions can be used without the need for the cardholder to enroll into the program. Additionally, there are many flexible implementation options of the challenge-response application that can be adjusted based on factors such as the location of the merchant or the location of the consumer.

When a user receives potential junk e-mail from an unknown sender address, an active filter installed in or cooperating with the user's e-mail system sends a challenge e-mail back to the sender address. Unless the user receives a correct response e-mail from the sender address and/or a response that meets formal criteria, the active filter rejects the original e-mail and blocks future e-mail from that sender address. The challenge preferably includes a question that the sender must correctly answer in his response. The question is such that only humans can interpret and respond to it correctly. For example, the question may relate to and/or be incorporated in an image in the challenge. Lists of approved and blocked sender addresses are compiled. The user may directly enter addresses in the address lists. Addresses to which the user has sent e-mail may also be included directly in the approved list.

Methods and systems for verifying whether a user requesting an online account is likely a human or an automated program are described. A request for an online account may be received from a mobile device. A human challenge-response test adapted for displaying on a mobile device is displayed on the mobile device. Upon viewing the human challenge-response test, the user enters the user's solution to the human challenge-response test on the mobile device. A response hash value is created based on the user's solution. The response hash value is sent to an account request server for verification.

An electronic transaction system, which facilitates secure electronic transactions among multiple parties including cardholders, merchants, and service providers (SP). The system involves electronic cards, commonly known as smart cards, and their equivalent computer software package. The card mimics a real wallet and contains commonly seen financial or non-financial instruments such as a credit card, checkbook, or driver license. A transaction is protected by a hybrid key cryptographic system and is normally carried out on a public network such as the Internet. Digital signatures and challenges-responses are used to ensure integrity and authenticity. The card utilizes secret keys such as session keys assigned by service providers (SPs) to ensure privacy for each transaction. The SP is solely responsible for validating each participant's sensitive information and assigning session keys. The system does not seek to establish a trust relationship between two participants of a transaction. The only trust relationship needed in a transaction is the one that exists between individual participants and the SP. The trust relationship with a participant is established when the SP has received and validated certain established account information from that particular participant. To start a transaction with a selected SP, a participant must have the public key of the intended SP. Since the public key is openly available, its availability can be easily established by the cardholder. The SP also acts as a gateway for the participants when a transaction involves interaction with external systems.

A communication system including a transmitter, a receiver, a communication link (for example, a TMDS-like link), and preferably also an external agent with which the transmitter and receiver can communicate, in which video data (or other data) are encrypted, the encrypted data are transmitted from the transmitter to the receiver, and the transmitted data are decrypted in the receiver, a transmitter and a receiver for use in such a system, a cipher engine for use in such a transmitter or receiver, a method for operating such a transmitter or receiver to encrypt or decrypt data, and a method for distributing keys to the transmitter and receiver. The receiver can be a player coupled to a downstream receiver by a TMDS-like link, and configured to re-encrypt the decrypted data (for example, using an AES or HDCP protocol) and send re-encrypted data over the link to the receiver. Optionally, the player is a repeater which translates the decrypted data from the transmitter, and then re-encrypts the translated data for transmission to the downstream receiver. The transmitter can itself be a player that receives and decrypts encrypted data from an upstream source. In preferred embodiments, the system implements a content protection protocol including a challenge-response procedure. After a new key is supplied to the receiver (and the same new key should have been supplied to the transmitter) and before the receiver can use the new key, the challenge-response procedure requires that the receiver validate the transmitter by verifying that the transmitter has proper knowledge of the new key.

A method and a system generate a contextual visual challenge image to be presented to a user thereby to verify that the user is human. For example, an image module generates a visual challenge to be presented to a user as part of a challenge-response to verify that the user is human. A contextual background module identifies a contextual background that is contextual to a specific environment and a combiner image module combines the visual challenge and the contextual background into an image which is to be presented to the user in the specific environment, the contextual background associating the visual challenge with the specific environment.

An improved computer network security system and a personal identifier device used for controlling network with real time authentication of both a person's identity and presence at a computer workstation is provided. A new user is registered to a portable personal digital identifier device and, within the portable personal digital identifier device, an input biometric of the user is received and a master template is derived therefrom and securely maintained in storage. A private key and public key encryption system is utilized to authenticate a user registered to the portable personal digital identifier device. The personal digital identifier device verifies the origin of a digitally signed challenge message from the network security manager component. A digitally and biometrically signed challenge response message is produced and transmitted by the personal digital identifier device in response to the verified challenge message.

A method and a system generate a transactional visual challenge image to be presented to a user thereby to verify that the user is human. For example, an image module generates a visual challenge to be presented to a user as part of a challenge-response to verify that the user is human. A transactional background image module identifies a transactional background that is associated with a specific transaction and a combiner image module combines the visual challenge and the transactional background into an image which is to be presented to the user during transaction authorization, the transactional background associating the visual challenge with the particular transaction.

Methods, systems, and computer program products for over the air provisioning of soft cards on devices with wireless communications capabilities are disclosed. According to one method, a soft card provisioning application is instantiated on a device with wireless communications capabilities. A card number for a soft card desired to be provisioned on the device is obtained from a user of the device. The card number is communicated to a provisioning configuration server over an air interface. Card-issuer-specific challenges corresponding to the card number and a provisioning issuer server network address are obtained from the provisioning configuration server. The challenges are presented to the user, and the user's responses to the challenges are received. A connection is made to the provisioning issuer server corresponding to the network address. The challenge responses are communicated to the provisioning issuer server. Soft card personalization data for activating the soft card is received from the provisioning issuer server. The soft card is provisioned for use on the device based on the personalization data.

A method for communicating passwords includes receiving at a server a challenge from a authentication server via a first secure communications channel, the challenge comprising a random password that is inactive, communicating the challenge from the server to a client computer via a second secure communications channel, receiving at the server a challenge response from the client computer via the second secure communications channel, the challenge response comprising a digital certificate and a digital signature, the digital certificate including a public key in an encrypted form, the digital signature being determined in response to the random password and the private key, and communicating the challenge response from the server to the authentication server via the first secure communications channel, wherein the random password is activated when the authentication server verifies the challenge response.

A challenge-response authentication procedure includes masking of the expected response (XRES) generated by an authentication center by means of a masking function (f), and transmission of the masked expected response (XRES'), instead of the expected response itself, to an intermediate party at which the actual user authentication takes place. The intermediate party also receives a user response (RES) from the user and generates a masked user response (RES') using the same masking function (f) as the authentication center did. In order to authenticate the user, the intermediate party then verifies that the masked user response (RES') corresponds to the masked expected response (XRES') received from the authentication center. The above procedure enables the intermediate party to prove that user authentication has taken place, keeping in mind that only the legitimate user knows the response beforehand.

A computerized learning multi-modal fraud prevention system and method for generating a data signature of a user, such as one engaged in electronic commerce, to prevent fraudulent activities by machines and persons imitating the user. Steps comprise: fetching a signal of a user's signature stored in memory; generating at least one challenge sequence based on the signal to create a second signature; presenting the generated challenge sequence to the user; collecting the user's challenge response to the generated challenge sequence; computing a quality factor between the user's challenge response and the generated challenge sequence; computing a transaction quality factor and content quality factor and reporting an impostor or re-challenging if the quality factor is below a threshold. Lastly, generating a new signature based on any portion of a user's challenge response and/or any portion of the previously generated signature and/or any portion of collectable information from the user's device memory.

A method of keyless encryption of messages allows secure transmission of data where data security is not available for some technical or legal reason. The method of data transfer uses a challenge response in which a correct response to a challenge is used to transmit the value "1", while a deliberately false response is made to transmit the value "0". Any message can be transmitted as a binary string using successive applications of this method.

A user authentication system includes a dialogue manager adapted to prompt the user with multiple, selectable pass-phrases. A selection recognizer recognizes user selection of at least one of the multiple, selectable pass-phrases. A user identity analysis module analyzes one or more potential user identities based on adherence of user selection of the pass-phrase to predetermined pass-phrase selection criteria assigned one or more enrolled users.

A method for challenge-based authentication of a communication entity to an access network. The access network uses a password-based communication protocol. The method comprises a) pre-supplying to the communication entity a challenge, thereby allowing the communication entity to provide a challenge response, b) supplying to the communication entity a password request, c) receiving the challenge response via the password request, and d) authenticating the communication entity if the challenge response is correct. Presupplying may be during a previous IP session, wherein communication entities are simply given challenges for next time they connect to the hotspot. Alternatively presupplying could be during a brief probationary connection that the access network gives to its users.

A method of authenticating a first computing device in communication over a network to a second computing device is disclosed. The first computing device is authenticated to the second computing device using a first authentication mechanism. The first authentication mechanism is based on Extensible Authentication Protocol (EAP) or IEEE 802.1x authentication. Short-term re-authentication data is generated and issued to the first computing device. Later, a request from the first computing device to re-authenticate to the second computing device is received. The first computing device is re-authenticated to the second computing device using a challenge-response mechanism in which the first computing device authenticates itself by presenting the short-term authentication credential to the second computing device. Accordingly, re-authentication proceeds more quickly and with fewer message exchanges.

A method and/or a system of a secure network bootstrap of devices in an automatic meter reading network is disclosed. A method of a network interface card in an automatic meter reading network includes generating a derived security key based on a secret key embedded in a network interface card and a provided security key of a device management server of the automatic meter reading network. The method also includes communicating the derived security key and a challenge data of a challenge-response pair of the device management server to a metering device and generating a response data through processing a reply data of the metering device reacting to the challenge data. In addition, the method includes communicating the response data to the device management server to authenticate the network interface card and/or the metering device.

Systems and methods are provided for challenge/response animation. In one implementation, a request for protected content may be received from a client, and the protected content may comprise data. A challenge phrase comprising a plurality of characters may be determined, and a computer processor may divide the challenge phrase into at least two character subsets selected from the characters comprising the challenge phrase. Each of the at least two character subsets may include less than all of the characters comprising the challenge phrase. The at least two character subsets may be sent to the client in response to the request; and an answer to the challenge phrase may be received from the client in response to the at least two character subsets. Access to the protected content may be limited based on whether the answer correctly solves the challenge phrase.

In one implementation, a method for providing access to a secure facility includes authenticating the user; generating a card credential, transmitting the card credential to an access card carried by of the user, and transmitting the card key to the access card in a form that is usable by the access card. The generating the card credential includes encrypting the card key using a server encryption key. The card key is usable for a challenge-response interaction during subsequent access requests by the user.