2965 results about "Secret code" patented technology

A suspect user (110) seeks access to a network resource from an access authority (150) utilizing a passcode received from an authentication authority (130). Initially, an ID of a device is bound with a PIN, the device ID is bound with a private key of the device, and the device ID is bound with a user ID that has been previously bound with a password of an authorized user. The device ID is bound with the user ID by authenticating the user ID using the password. Thereafter, the suspect user communicates the device ID and the PIN from the device over an ancillary communications network (112); the authentication authority responds back over the ancillary communications network with a passcode encrypted with the public key of the device; and the suspect user decrypts and communicates over a communications network (114) the passcode with the user ID to the access authority.

Methods, systems, and machine-readable media are disclosed for handling information related to a transaction conducted with a presentation instrument at a POS device. Extended application IDs and dynamic cryptograms are use for the transaction. According to one embodiment, a method of processing a financial transaction for an account having a primary account number (PAN) can comprise detecting initiation of the transaction with the presentation instrument, and providing from the presentation instrument to the POS device a list of one or more applications IDs. Each application ID identifies an application that can be used to communicate data concerning the transaction between the presentation instrument and the POS device. The POS device selects one of the application IDs and returns it to the presentation instrument. Under the control of the selected application, the presentation instrument generates a Dynamic Transaction Cryptogram (DTC) and a dynamic PAN that are each valid for only a single transaction.

A system and method are provided for notifying a hearing impaired user of one of a plurality of qualified events via a personal device rather than an audible alert to avoid unnecessary false alarms. The security system includes at least one detection device for monitoring a portion of the premises and a control panel configured to communicate with the at least one detection device. A personal device communicates with the control panel where the personal device is configured to mechanically vibrate upon receipt of a signal from the control panel representing a qualified event associated with the security system.

A bank or credit card issuing authority provided consolidated membership/rewards card has standard credit card features including cardholder's name, card number, expiration date, secret code and a permanently coded permanent magnetic strip. The card has a programmable second magnetic strip with inductors directly below the strip energized by a CPU in the card recording a merchant provided loyalty or discount number. The cardholder selects a merchant from a list displayed card screen by pressing up and down buttons and a ‘go’ button to program the second magnetic strip. A USB connector associated with the card is used for uploading merchant data from a personal computer and transmitting the card discount number to a USB enabled cash register. The cash register provides eligible discounts for purchases upon receipt of the card discount number by swiping the second magnetic strip or by establishing USB connectivity. Payment is made using the permanent magnetic strip of the card or by other payment means. Discounts and membership rewards are thereby provided to a cardholder without need for carrying a plurality of merchant issued membership/rewards cards. Credit card functionality facilitates immediate payment for the purchases made.

A verification system which can be used over electronic networks, such as the Internet, to help prevent phishing, electronic identity theft, and similar illicit activities, by verifying the authenticity of electronic entities (for example, websites). Users and electronic entities register with an authenticating entity. The authenticating entity shares an encryption method with registered electronic entities and establishes a secret code for each registered electronic entity. The secret code is combined with other information and encrypted before being transmitted over the network to ensure that the secret code cannot be compromised. Also disclosed are systems for virtual token devices, which provided object-based authentication without a physical device. Also disclosed are dynamic media credentials, which display nearly-unique behavior, previously specified and known to a user, to assist in verifying the authenticity of the presenter.

An apparatus may include a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service. The processor may be further configured to determine a request type, wherein the request type may be a user identification and password combination, a request token exchange, or an access token exchange. The processor may be additionally configured to extract one or more parameters included in the request based upon the determined request type and to perform one or more security checks based at least in part upon the one or more extracted parameters. The processor may be further configured to create an access token based at least in part upon the results of the one or more security checks and to provide the access token to the remote entity.

The present invention relates to a method of generating a multi-factor encryption key using a simple password in order to access control over information stored at a second entity from a first entity via at least one communication network. In one embodiment this is accomplished by, requesting to receive an application at the first entity from the second entity via the communication network, activating the first entity to generate a shared secret key, wherein the shared secret key is computed from a first entity specific ID and a random number generated at the first and second entity and allowing the user to register with the application of the second entity by the first entity, wherein the registration include entry of a personal PIN (personal identification number), a personal message etc.

Network policies are managed based at least in-part on user/entity identity information with: a state monitor operable to monitor for state change events in user/entity state and related, network state or in traffic pattern and traffic flow state; an identity manager operable to obtain and validate user credentials; and a policy manager operable in response to a state change event detected by the state monitor (either the identity manager or a defense center) to select a policy based in-part on the user identity obtained by the identity manager or security context obtained by the defense center, and to prompt application of the selected policy. The policies are indicative of user/device authorization entitlements and restrictions to utilization of certain network resources, network services or applications. Dynamic policy selection and targeted responses can be used, for example, against a user who gains network access with stolen user ID and password, and subsequently attempts malicious behavior. In particular, the malicious behavior is detected and identified, and the malicious user can then be restricted from abusing network resources without adversely affecting other users, groups, network devices, and other network services.

The solution of the present application addresses the problem of authentication across disparately hosted systems by providing a single authentication domain across SaaS and cloud hosted applications as well as traditional enterprise hosted applications. An application delivery controller intermediary to a plurality of clients and the disparately hosted applications providing single sign on management, integration and control. A user may log in via an interface provided, controlled or managed by the ADC, which in turns, authenticates the user to the application in accordance with policy and the host of the application. As such, the user may login once to gain access to a plurality of disparately hosted applications. From the user's perspective, the user seamlessly and transparently gains access to different hosted systems with different passwords and authentication via the remote access provided by the system of the present solution

A system and method for controlling access to a moveable enclosure are provided. The system includes a lock on the moveable enclosure, a control circuit coupled to the lock and configured to i) receive an entry code and ii) open the lock in response to receipt of the entry code, a time measurement device and/or Global Positioning System device coupled to the control circuit and configured to generate time and position data, such as latitude and longitude data, relating to the moveable enclosure; and a personal computing device wirelessly coupleable to the control circuit and configured to generate the entry code using the latitude and longitude data. The entry code may be erased after a single use. The validity of entry code may depend upon the time of its entry and the physical location of the moveable enclosure.

A method for allowing short-ranged communication devices to communicate with each other using the Internet. Cell servers are provided in a first and second zones linked to the Internet and adapted for transmitting voice and other digital data over the Internet such as using VoIP. The method includes registering users of short-range enabled devices, such as Bluetooth cell phones, with a communication system and storing a device identifier along with a user ID and password. A contact list is stored for each registered user. The method includes a registered user entering a cell serviced by a server, the server discovering the user's device, logging the user into the system based on the device identifier and an entered user ID and password, receiving a communication request to chat with one of the listed contacts, and establishing a communication session using time previously awarded to the user for receiving marketing content.

A system, method and article of manufacture are provided for password protecting user access to a computer system. One or more images are displayed to a user. The user is then required to perform a sequence of actions involving the images. The performed sequence of actions is compared with a predefined sequence of actions. If the performed sequence of actions matches the predefined sequence of actions, user access is permitted.

A mobile terminal is equipped for SMS payment and service authentication with a remote transaction provider. The remote provider uses common secrets & a seed in a keyed Hash Machine Address Code (HMAC) executing a Message Digest Algorithm to generate a list of authentication token (username-password) for the purchase of services an/or goods. The common secrets and seed are shared with local redemption devices which also generate the list of authentication token. A subscriber conducts payment with the remote transaction provider and receives an authentication token corresponding to the purchased service. The subscriber provides the authentication token to the redemption device which compares the authentication token with sets of valid authentication tokens generated by the redemption terminal. If the comparison indicates a match, the redemption device provides the service to the subscriber.

The present invention relates to methods and systems for enrolling a user for voice authentication and for performing voice authentication on a user of a network. The method of enrolling a user for voice authentication includes verifying the identity of the user and assigning an enrolment identifier to the user, if the identity of the user is verified. The enrolment identifier is then presented to the user. Subsequently, the user is prompted to utter a personal voice authentication password. The personal password uttered by the user is received and stored. A voice print model for the user is generated from the previously stored voice print. The method further includes storing the voice print model and associating the voice print model and the personal password with the enrolment identifier assigned to the user to facilitate retrieval thereof during voice authentication of the user. A method for performing voice authentication on a user of a network is also provided. The method includes determining whether the user is enrolled for voice authentication based on an available attribute of the logical address of the user on the network. Upon determining that the user is enrolled for voice authentication, a personal password and stored voice print model for the user is retrieved. The stored voice print model includes a voice print of a personal password previously uttered by the user. The method further includes prompting the user to utter the personal password and receiving a spoken response from the user. The spoken response is verified to determine whether it contains the personal password and whether it matches the stored voice print model. If the spoken response contains the personal password and matches the stored voice print model for the user, the identity of the user is authenticated.

The present invention relates to methods for protecting a data signal using the following techniques: applying a data reduction technique to reduce the data signal into a reduced data signal; subtracting the reduced data signal from the data signal to produce a remainder signal; embedding a first watermark into the reduced data signal to produce a watermarked, reduced data signal; and adding the watermarked, reduced data signal to the remainder signal to produce an output signal. A second watermark may be embedded into the remainder signal before the final addition step. Further, cryptographic techniques may be used to encrypt the reduced data signals and to encrypt the remainder signals before the final addition step. The present invention also relates to systems for securing a data signal. Such systems may include computer devices for applying a data reduction technique to reduce the data signal into a reduced data signal and means to subtract the reduced data signal from the data signal to produce a remainder signal. Such systems may include means to apply a first cryptographic technique to encrypt the reduced data signal to produce an encrypted, reduced data signal and means to apply a second cryptographic technique to encrypt the remainder signal to produce an encrypted remainder signal; and means to add the encrypted, reduced data signal to the encrypted remainder signal to produce an output signal.

The invention provides a mobile communication network system supporting a virtual SIM card and the authentication method thereof. Based on a current mobile communication network system, function modules are arranged on a mobile terminal, an authentication center and a call center service system; a password card is introduced to support the registration, the authentication, the network use and the expense computation of a virtual SMI card; programs and functions realized by the real SIM card are realized by the mobile terminal; account information is written into the mobile terminal through a mobile communication network by the local retrofit and the program updating to mobile network equipment, and an account is not activated by selling the real SIM card. The invention realizes the reduction of roaming fees and the reduction of the consumption of the SIM card in the transnational or trans-provincial or trans-municipal application, thereby reducing the waste of the resource. The invention provides a convenient, flexible, safe mode of using mobile phones in different places. To adopt the mobile communication network system supporting the virtual SIM card contributes to the realization of new functions of the mobile terminal and the decrease of the cost, and ensures that the popularization of the new functions gets easier.

Seamless, secure, private, collaborative file synchronization across trust boundaries, typically as a companion to a store and sync file service. Information needed to recover a file is stored within the file itself, without giving away secret data. User specific personal keys are preferably only stored on the users' device(s). A unique ID is also created for each protected file; a password is generated that depends on (a) a key value that can either be (i) the user's personal key in the case of a file that is to be private or (ii) a shared key in the case of a file that is to be shared with other users, and (b) the unique file ID. The password is then encrypted using a recovery key and also stored in the file itself. The file is secured using a format that supports password-based content encryption.

A method of controlling password changes in a system having a plurality of data processing systems having separate password registries. Contents of passwords in the password registries of the data processing systems are controlled using password content policies that are centrally shared between the plurality of data processing systems.

The invention discloses an access control system generated and verified on the basis of dynamic password and an identity verification method, belonging to the field of security certificate. The system comprises a user terminal for generating dynamic password and a certificate terminal for verifying dynamic password, wherein, the user terminal comprises a storage module which is used for storing arithmetic, keys and dynamic factors, and the certificate terminal comprises a reading module, a locker module and a certificate server module. The method of the invention comprises the following steps: after receiving an order sent by the certificate terminal, the user terminal generates dynamic password, the certificate terminal generates verified password according to stored arithmetic and key which are identical to the user terminal and corresponding dynamic factors, and the dynamic password and the verified password are compared to verify the validity and availability of the dynamic password of the user terminal.