984 results about "Security validation" patented technology

A system for securing an integrated circuit chip used for biometric sensors, or other electronic devices, by utilizing a physically unclonable function (PUF) circuit. These PUF functions are in turn used to generate security words and keys, such as an RSA public or private key. Such a system can be used to protect biometric security sensors and IC chips, such as fingerprint sensors and sensor driver chips, from attack or spoofing. The system may also be used in an efficient method to produce unique device set-up or power-up authentication security keys. These keys can be generated on a low frequency basis, and then frequently reused for later security verification purposes. In operation, the stored keys can be used to efficiently authenticate the device without the need to frequently run burdensome security key generation processes each time, while maintaining good device security.

Systems and methods for pre-authenticating a mobile client in a wireless network. Authenticators in a secured section of the wireless network share a master key generated during an authentication session between a mobile client and an authentication server. The shared master key is not allowed to reside on any devices located outside the secured section of the network. Accordingly, the likelihood that the master key may be hijacked is essentially eliminated. A first session encryption key is derived from the master key and used by the mobile client and a first access point during a first communications session. When the mobile client roams to a second access point, a fast authentication process is performed. The fast authentication process retrieves the shared master key and generates a second session encryption key. A full authentication process between the authentication server and the mobile client is not required. The second session encryption key is used by the mobile client and a second access point during a second communications session.

A method and system for self-checkout of items from a retail or non-retail establishment is disclosed. The system verifies security by comparing a measured physical characteristic of an item with the stored security characteristic for that item and determining if the measured physical characteristic is within an operator-modifiable tolerance range. The operator-modifiable tolerance range is different for different of items in the store. Moreover, a stored security characteristic of an item can be updated automatically. In addition, the system includes a dynamic-weight scale that reports a measured weight before the scale settles.

A user identification and authentication device provides a secure computing platform and a secure computing path for communication with a secure remote host. The device is coupled to an unsecure PC but provides for secure verification of a user's identity and authorization in participating in a transaction.

A method is provided for monitoring the present location of a traveler at time t₁, predicting a location at which the traveler is expected to arrive by time t₂, and verifying the safety of the traveler. The safety verification is conducted if the traveler has not reached the expected location at time t₂, if signal from the traveler is lost or if a message from the traveler is not received within a predetermined time period. In some embodiments of the present invention, verifying the safety of the traveler involves contacting the traveler at one or more telecommunications devices which the traveler is known to carry, contacting another person that is known to be accompanying the traveler, and if all else fails—alerting the local emergency response team.

A unique combination of several functions achieves a system by which consumers can validate the actual security status of a website before they decide to trust it, and therefore transact with it. In one example implementation, a security system includes a scanning engine that periodically and thoroughly scans the network and connected components of an on-line service such as a website. The results are stored and perhaps reported back to the service via alerts and the like. The website includes a “bug” which visitors can click on. The visual appearance of the “bug” can be altered (e.g. made invisible) in accordance with a determined level of security for the website. By clicking on the “bug,” the visitors can also be displayed web pages showing the security status of the website. Based on their review of such web pages, visitors can then decide whether to trust the website for further transactions.

Secure authentication protocols, particularly well-suited for use in authenticating mobile communications devices having limited computational resources, are disclosed. In an illustrative embodiment, a network-based communication system includes a client device and at least two servers. First and second shares are generated from a first password associated with the client device, and stored in respective first and second servers. The client device submits additional information associated therewith to at least one of the first and second servers. Each of the first and second shares has the property that it is infeasible to determine solely therefrom correspondence of the additional information with the first password. The first and second servers then utilize the respective first and second shares to collectively determine said correspondence of the additional information with the first password.

A security verification method for verifying whether improper settings that indicate composite errors of security settings exist in an object system, which is an object of examination, includes steps of: reading data transfer paths that represent data movement in the object system and that are generated based on program operation information that describes operations of a program that is used in the object system, integrating the access rights of data transfer paths that have been read; and searching for improper paths among the data transfer paths for which access rights have been integrated based on security verification policies in which improper paths, which are paths of data movement that are improper from the standpoint of security, have been set in advance.

The invention discloses a method for fast configuring a remote video monitoring system. The method comprises the steps that (1) a wireless network access module is arranged on a monitoring camera; (2) currently available wireless networks are scanned by a monitoring client, a wireless network is selected and a wireless network password is input; (3) after receiving authentication information of the monitoring client, a monitoring server sends a safety verification code to the monitoring client; (4) the monitoring client converts an access point name, the password, the safety verification code and the authentication information to a two-dimension code picture, and the two-dimension code picture is placed in a shooting area of the monitoring camera; (5) the two-dimension code picture is shot through the monitoring camera and is analyzed, the monitoring camera has access to the wireless network, and an equipment serial number, the safety verification code and the authentication information of the monitoring camera are then sent to the monitoring server; (6) authentication is conducted on the monitoring client by the monitoring server according to information sent by the monitoring camera, and when the certification is passed, the monitoring camera and the monitoring client are bound to enter a monitoring module.

In accordance with a particular embodiment of the present invention, a method is offered that includes generating a symbolic string manipulation class library for one or more web applications. The manipulations are generalized into a string manipulation symbolic algebra. The method also includes performing symbolic execution for one or more web applications. Typically, a Java model checker is augmented to check for certain types of requirements or properties in performing the symbolic execution. If an error scenario exists, a solution to a set of symbolic constraints is obtained, and the solution is mapped back to a source code to obtain an error trace and a test case. In still other specific embodiments, requirements or properties are encoded through templates and checked using public domain decision procedures. The properties or requirements can relate to security validation. The symbolic execution can be customized and tuned for Java-based web applications.

A security program code generator is configured to automatically generate program code used to perform one or more validation checks of components operating in user mode. In one implementation, for example, the program code generator receives one or more files that include declarative values and parameters regarding one or more function calls made by any user mode component. The program code generator then takes the file of declarative call descriptions and automatically generates a user mode stub and a kernel mode stub for each function call of interest to be handled by a kernel mode component. The file(s) that include the user mode stub and the kernel mode stub can then be compiled and linked into the operating system components.

A multi account security verification system, which consists off a virtual account card and a central authentication enterprise. The cardholder is able to select one of the real accounts belonging to the account owner by adding control digits to the virtual account number. The real account is retrieved from the Central Authentication Enterprise by accessing the virtual account number record stored in a system database thereby retrieving the selected real account number associated with the control digits and the virtual account number. The database may also store a plurality of secret keys or public/private key sets associated with the virtual account number in addition to optional BIO information, which can be used for authentication and authorization

The present invention relates to a system and methodology facilitating automation security in a networked-based industrial controller environment. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order. The security learning system monitors/learns network traffic patterns during a learning phase, fires alarms or events based upon detected deviations from the learned patterns, and/or causes other automated actions to occur.

An apparatus and method for unilaterally loading a secure operating system within a multiprocessor environment are described. The method includes disregarding a received load secure region instruction when a currently active load secure region operation is detected. Otherwise, a memory protection element is directed, in response to the received load secure region instruction, to form a secure memory environment. Once directed, unauthorized read/write access to one or more protected memory regions are prohibited. Finally, a cryptographic hash value of the one or more protected memory regions is stored within a digest information repository as a secure software identification value. Once stored, outside agents may request access to a digitally signed software identification value in order to establish security verification of secure software within the secure memory environment.

A central information processing system and method that issues receipts or tickets that can be securely validated at points of redemption. The method and system couple a client system with a server system and also couple at least one Radio Frequency IDentification (RFID) reader to the client system. The method and system read at least one identifier from a sheet with a RFID tag embedded therein with the RFID reader. The method and system also send the at least one identifier from the client system to the server system and receive from the server system at least one receipt image for printing on the paper with the RFID tag embedded therein. The method and system also print, at the client system, a receipt containing ticket information received from the server system. The server system further accepts at least one identifier that was read from a Radio Frequency Identification tag that was read from a sheet at the client system, records the at least one identifier, sends to the client system, in response to the accepting, at least one receipt image. Validation of the receipt or ticket includes reading, at a point of delivery, the at least one identifier from the Radio Frequency Identification tag and providing, in response to reading the at least one identifier, at least one of a good and a service.

The invention discloses a method and a system for carrying through security authentication on data among non-contact devices. The invention includes the steps of transmitting a data voucher form a first movable device to a second movable device by a short distance communicating mode; launching an authentication request of the data voucher to a third party from the second movable device through a safe data transmission channel; the third party carries through authentication on the data voucher by utilizing the key information shared by the first movable device based on the authentication request; transmitting a data access description to the second movable device through the safe data transmission channel under the situation that the authentication result of the data voucher carried out by the third party is positive; and the second movable device acquires safe data corresponding to the data voucher through the data access description. By utilizing the invention, the security for carrying through data transmission among the non-contact devices can be improved.

The present invention provides a counterfeit resistant ID card where a printed security feature is applied to the ID card at the issuance location at the time the card is issued. Specifically, the present invention provides for a process of producing an ID card having a unique imbedded security code that is generated and specifically matched to the particular ID card being printed and is applied at the time and place that the card is issued thereby providing a code by which the authenticity of the ID card can be cross verified. Verification is completed by comparing the code on the ID card to the date stamped log of all ID cards printed by the printer at the issuance location. Each entry in the log is encoded with a unique code number that corresponds to the specific print job and more importantly to the specific ID card printed. The present invention provides for the recording of this print log code into a central database to be maintained with the records corresponding to the particular ID card that was printed.

The invention relates to a safety protection method for a mobile terminal, a mobile terminal, a safety system and an application method. The safety protection method is used for increasing the safety of the mobile terminal and is easy in operation. According to the safety protection method for the mobile terminal, a separate area is isolated on the mobile terminal and taken as a safety area, a third party application outside the safety area cannot access the application and data in the safety area, and a user is required to pass the safety verification in order to enter into the safety area. The safety system is characterized in that a cloud safety management platform is mainly used for performing mutual collaborative interlocking between the safety area of the mobile terminal, the system kernel of the mobile terminal and the cloud safety management platform, so that the running of the safety area under a safe and reliable environment is ensured, and the safety area is safe. A trust chain is built in the safety area, an application method for realizing the running access management for the application and data on the basis of the trust chain is adopted, and the biometric features recognition is taken as the verification for entering into the safety area, so that the safety is further promoted.

The invention is applicable in the technical field of communication, and provides an access method for internet, a system and a mobile terminal. The method comprises the following steps: when a selection instruction for an internet web in an account management application list pre-collocated by a user is received, outputting a security verification request; receiving and verifying the security verification instruction input by the user; when the security verification instruction is accurate, acquiring an account and a password corresponding to the internet web selected by the selection instruction from the pre-collocated account management application list, and inputting the account and the password to the internet web; and receiving login instruction of the user, wherein a control link enters the internet web corresponding to the account and the password, thereby effectively protecting account information and registration information of the internet web, assisting the user to memorize the account and the password, prevent the trouble when the user forgets the login account or password and facilitate the usage of the user.

An interface to a parking application, such as a web portal, is provided over a secure network connection to tenants for managing parking validation services as well as related parking services and other integrated building services. An authenticated user may provide information for authorizing full, partial, or subsidized payment for a use of a parking facility, such as a use by a guest. The information may be provided by way of a personal computer, a mobile device, a special-purpose terminal, or the like. If the guest then presents a ticket at a separate attended or unattended exit terminal or point-of-sale device to complete the parking transaction, the transaction is processed in accordance with the provided information. According to other aspects of the invention, techniques for enabling configurable event notifications for events associated with validation services, and techniques for associating parking events with video and/or photographic image data are provided.

An electronic apparatus and a control method thereof are provided. The electronic apparatus includes a memory having a protection area and storing data of a first operating system (OS) and at least one first program involved with first OS in the protection area; at least one processor configured to execute the at least one first program and at least one second program involved with a second OS having an authority higher than the first OS; and a memory monitor comprising circuitry configured to detect whether an access to the protection area of the memory occurs, to interrupt the access if the access occurs, and to perform a security verification of the data stored in the protection area. The electronic apparatus may guarantee and/or improve integrity thereof using a hardware device, which can directly monitor the memory at a CPU environment in which a security area and a general area are separated.