3858 results about "User identifier" patented technology

The present invention relates to the field of data and computer network security. Data and computer network security is of the utmost importance to most organizations that possess such networks. One of the difficulties that users and managers of these networks face is that the users have to provide a user ID and password every time they wish to access one of the organization's secured HTTP servers or URLs. This creates a problem for users and managers since lists of numerous user IDs and passwords need to be maintained and therefore can easily be lost or their confidentiality compromised. This invention addresses these problems by providing a transparent, scalable, single point of authentication for remote users across any number of HTTP servers anywhere on a data network, such as an Intranet, using any user ID and password scheme implemented by a main authentication HTTP server.

A web site system includes an event history server system that persistently stores event data reflective of events that occur during browsing sessions of web site users, and makes such data available to other applications and services in real time. The server system may, for example, be used to record information about every mouse click of every recognized user, and may also be used to record other types of events such as impressions and mouse-over events. The event data of a particular user may be retrieved from the server system based on event type, event time of occurrence, and various other criteria. In one embodiment, the server system includes a cache layer that caches event data by session ID, and includes a persistent storage layer the persistently stores the event data by user ID. Also disclosed are various application features that may be implemented using the stored event data.

A suspect user (110) seeks access to a network resource from an access authority (150) utilizing a passcode received from an authentication authority (130). Initially, an ID of a device is bound with a PIN, the device ID is bound with a private key of the device, and the device ID is bound with a user ID that has been previously bound with a password of an authorized user. The device ID is bound with the user ID by authenticating the user ID using the password. Thereafter, the suspect user communicates the device ID and the PIN from the device over an ancillary communications network (112); the authentication authority responds back over the ancillary communications network with a passcode encrypted with the public key of the device; and the suspect user decrypts and communicates over a communications network (114) the passcode with the user ID to the access authority.

According to the present invention, current fitness indicators for a particular user are detected by a particular exercise machine monitoring device that monitors exercise performed by the particular user on a particular exercise machine. The current fitness indicators are transmitted in a particular transmittable data format to a universally accessible server system in accordance with a universal identifier associated with the particular user and stored at said universally accessible server system in accordance with the universal identifier as current fitness activity, such that real-time fitness activity for a user computed from fitness activity received from any of multiple diverse exercise machines over a period of time is monitored by a universally accessible server system according to a universal identifier for a particular user.

Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

This invention provides an automatic authentication method and system in a print process, which can obviate the need for user's input operations of the user ID and password and can improve security since authentication is automatically done based on print information embedded in a file or information from an application program without any user's input.

In a print process that requires user authentication, a printer driver extracts information related to an application and/or a document for the print process as attribute information, and user authentication is made by comparing the attribute information with information stored in a user registration information database of a server. If user authentication has succeeded, the printer driver controls a printer to print, and the server manages and stores accounting information and the like for respective departments in a department management information database.

A method and system for efficiently establishing secure communications between mobile devices in a radio network. The present invention utilizes public key cryptography and unique hardware identifiers to enable authorizations for access to wireless networks, such as picocells. The present invention prevents the mobile user from maintaining a plurality of secrets such as user identifier/password pairs, PINs, or encryption keys, for access to each device to which he might require access.

A method and system for monitoring users on one or more computer networks, disassociating personally identifiable information from the collected data, and storing it in a database so that the privacy of the users is protected. The system includes monitoring transactions at both a client and at a server, collecting network transaction data, and aggregating the data collected at the client and at the server. The system receives a user identifier and uses it to create an anonymized identifier. The anonymized identifier is then associated with one or more users' computer network transactions. The data is stored by a collection engine and then aggregated to a central database server across a computer network.

Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.

The Disclosure relates to a printing service method for discounting services by printing with advertisements and realizes various discount services. The present invention comprises: a printing step for sending printing management information along with the user ID to the server 4 through the network 3 when the user prints with advertisements with the user's printing device 2, and storing that information as an advertisement usage record for each user ID; a step for referencing the user's advertisement usage record, for least one service, selected by the user from among a plurality of services relating to the printing device that used the advertisement printing record, determining whether to authorize the discount for the selected service, and updating the advertisement usage record of the abovementioned user to perform the authorized discount service. A variety of discount services can be realized because the print operation with advertisements is managed by the server and the user can use the usage records.

A medical infusion pump with a bar code reader having simplified and enhanced security features. The infusion pump with bar code reader is comprised of an infusion pump with a housing, a control display screen and control software for operating the infusion pump according to input infusion data. A bar code reader is contained in the infusion pump housing and operatively attached to communicate scanned bar code infusion data to the pump display screen and to the control software. At least one initialization button for starting execution of a bar code scanning program is operatively connected through circuitry in the pump, the program activating the bar code reader to scan for an authorized user code, for an authorized user ID code, for a patient ID code, and for infusion data compatible for operating the infusion pump. A confirmation program and confirmation buttons manually operable by the authorized user. Acceptable scanning of authorization code, authorized user ID code, patient ID code and infusion data must be manually confirmed by the authorized user prior to activating the pump to infuse fluids according to the infusion data.

A method for facilitating a chat session between a first user and second users visiting a first web site comprising receiving, from the first user, a first user ID; receiving, from the second user, a second user ID; providing, to the first user, at least an indication of the second user ID; receiving, from the first user, a request to open one of a public chat session, a semi-public chat session and a private chat session with the second user; transmitting, to the second user, an indication that the first user has requested a chat session; and receiving, from the second user, an acceptance to enter the chat session designated by the first user. The method also comprises receiving from the first user a query regarding other users in a co-branded community visiting the first web site and searching a database to determine a response to the query.

A method and a server computer are provided for authenticating a cardholder account. The server computer implements the method, which includes obtaining a first identifier and a cryptogram from a first entity, identifying an issuer associated with the cardholder account, forwarding the first account identifier and the cryptogram to a second entity for validation, receiving a second identifier from the second entity, and sending the second identifier to the first entity. The first identifier can be associated with the cardholder account. The second identifier can be generated by the second entity and associated with a validated form of the first identifier.

One or more techniques and/or systems are provided for suggesting a word and/or phrase to a user based at least upon a prefix of one or more characters that the user has inputted. Words in a database are respectively assigned a unique identifier. Generally, the unique identifiers are assigned sequentially and contiguously, beginning with a first word alphabetically and ending with a last word alphabetically. When a user inputted prefix is received, a range of unique identifiers corresponding to words respectively having a prefix that matches the user inputted prefix are identified. Typically, the range of unique identifiers corresponds to substantially all of the words that begin with the given prefix and does not correspond to words that do not begin with the given prefix. The unique identifiers may then be compared to a probability database to identify which words have a higher probability of being selected by the user.

A mobile apparatus for receiving an electronic message that comprises a text message from a sender. The mobile device comprises a contact records repository that stores a number digital images, which are associated with a respective number of user identifiers. The mobile device further comprises a text analysis module that identifies predefined expressions in the text message, an image-editing module that matches one of the user identifiers with the sender and edits the associated digital image according to the identified predefined expression, and an output module for outputting the edited digital image.

A method for routing data at a first node of a network including a second node. The method includes: providing the first node with a database storing an association between: an URL component identifying content at the first node, and a unique identifier associated to the second node, the unique identifier being specified by the second node; registering content locally stored in the second node by storing in the database an association between an URL component identifying the locally stored content and the unique identifier of the second node; and, upon reception from a requesting entity, by the first node, of a content request having a content identifier, the method includes: checking in the database whether the content identifier includes the URL component, and forwarding the content request to the second node if the content identifier includes the URL component associated with the unique identifier of the second node.

A method and apparatus allows clients to share ports on a server. The server can maintain more sessions than server ports. When a client sends a command directed to the server, a resource manager inserted between the clients and the server intercepts the command and directs the server to select the session associated with a client prior to or at the same time that the resource manager forwards the intercepted command to the server. Responses from the server are forwarded by the resource manager to the client that sent the command to which the response relates. The resource manager may be coupled to multiple clients, and one or more ports of one or more servers.

A method and apparatus routes user information including confidential information and other information to a vendor in a secure manner without requiring the user to transmit information in a secure manner. The user provides a user identifier and information including confidential information to a response collector, who relates the user identifier to the user information. The response collector may verify the information to protect against fraud. An information provider provides an application identifier and vendor routing information to a response collector, who relates the vendor routing information to the application identifier. The application identifier corresponding to the vendor is broadcast to the user via an interactive information system application, and the interactive information system sends the application identifier, a user identifier and other response information to a response collector as directed by the user and the interactive information system application. The response collector may then route the user's information and other response information to the vendor according to the vendor routing information. The user may send anonymous responses in the same manner without sending the user identifier to the response collector.

The present invention provides a method of and system for authenticating a user on a network. The system includes a client device and a server, accessible to the client device, the server including a processor and a memory for storing instructions which, when executed by the processor, cause the processor to: provision the user on the service using user personal data; upon initial activation of the service, prompt the user for user ID and a password; upon receipt of the user ID and password, validate the user ID and the password; generate a ticket and send the ticket back to the user's client device for storage and future validation. The method of authenticating a user on a network including a server and a client device utilizing a service. includes provisioning the user on the service using user personal data. Upon initial activation of the service, the user is prompted in the next step for user ID and a password. The method further includes validating the user identification and the password upon their receipt and generating a ticket and sending the ticket back to the user's client device for future validation.

A system, method and computer program product that utilizes measurements for the authentication of users to enterprise resources. The system includes an authentication server that stores the engine and collections of data required by the system to authenticate users. The collections of data include templates, policies, groups, device IDs, user IDs, computer IDs and application IDs. In the present invention, it is the policies that determine the way or method in which a user is to be authenticated by the system. The pre-defined polices include an OR policy, an AND policy, a CONTINGENT policy, a RANDOM policy and a THRESHOLD policy, a multi-user policy, a multi-location policy, a multi-template policy, a user dependent policy, a location restriction policy, and a computer/device specific policy.

The invention relates to a method for authenticating a user of a mobile device (10) against a remote authenticating system (30) which is connected to a client computer accessible to said user, which comprises:

i—reading a 2D-code displayed to the client computer (40) by means of a 2D-code reader provided in said mobile device, a URL address of the authenticating system and a codified challenge generated by authenticating system being embedded in said 2D-code;

ii—processing said codified challenge and computing a response to it using a personal secret, which is a string of characters univocally related to a user identifier (user ID) of said user of the mobile device and to a time stamp;

iii—sending a message to the authenticating system which includes a tuple (100) whose elements are said user ID, the challenge and its response;

iv—analyzing the tuple elements and determining the tuple is valid if the response to the challenge has been generated using the personal secret of the user whose user identifier is in the tuple for a given period of time, and in case said tuple is valid:

v—checking in a users list (300) in the authenticating system if the user identifier in the tuple is in said users list, and if the user identifier is in the users list, it is verified if the challenge in the tuple is in a session list in the authenticating system, and if the challenge is in the session list, the authenticating system pushes a welcome screen to the client computer that corresponds to a session identification number in the session list where the challenge is.

The invention also to a system for authenticating a user of a mobile device.

Methods of paying user bills on behalf of a user are described. In one embodiment, the method includes receiving from a vendor a user bill having a user identifier, a vendor identifier, and a bill amount. The method further includes obtaining the user identifier, the vendor identifier, and the bill amount, associating the bill with the user based on the user identifier, and associating the bill with the vendor based on the vendor identifier. The method further includes determining whether the bill is payable, which includes comparing the bill to stored bill data associated with the user and the vendor. When the bill is payable, the method further includes obtaining funds from an account of the user, dispersing funds to the vendor to pay the bill and storing an indication of the paying of the bill.

A packet encapsulation scheme for multiplexing application sessions—Lightweight IP Encapsulation (LIPE)—is described. An LIPE packet comprises at least one multiplexing header (NH) and associated multimedia data packet (MDP). The LIPE packet uses UDP/IP as transport. An MH field further comprises a 16-bit a user identifier (UID) field, an 11 bit length indicator (LNG) field, a 1 bit “more” (M) field and an optional payload type/class of service (PT/CoS) field comprising 8 bits.

One aspect of the present disclosure relates to efficiently retrieving, organizing and updating medical information over a communication network, and to provide a seamless display of the organized information to a healthcare provider. In one embodiment, a healthcare provider uses a wireless handheld computer to access a patient's medical records that are stored on a remote server. In order to access the medical records, the patient first provides a patient identification card, while the healthcare provider supplies a user ID to the handheld computer. Once logged in, the healthcare provider can view the patient's medical records, or update those medical records with new data.

A computer data storage device for storing confidential data incorporating data encryption and user authentication. The user authentication supports multiple distinct users each having their own PIN code or password and distinct access rights. Attempts to attack the data by multiple unsuccessful login attempts is detected during user authentication and users are locked out until the card is reactivated. A special supervisory Security Officer ID and PIN code or password is provided to allow for the customization and configuration of the device as well as administering the user ID's and their access rights.

A mechanism is provided for signing on a user of a first domain into an affiliate application in a second domain. When the user needs access to the affiliate application, the request for access causes a ticket to be generated. The ticket identifies the user and is passed to an adapter. The adapter, which ultimately will perform the sign on in the affiliate application, redeems the ticket for the user's credentials (e.g., a valid userID/password combination for the affiliate application), and then presents the credentials to the affiliate application. A service is provided that issues tickets, redeems tickets, manages the registration and de-registration of affiliate applications, manages the correlation between a user and the user's credentials with an affiliate application, and manages encryption of stored records.

A system and method for securely processing identity information. For example, in one embodiment of the invention, a first user is registered on an identity service with one or more identification (ID) codes and a token. In response to a query from a second user to connect with the first user, a query signature is generated using the one or more ID codes and token of the first and second users, and a timestamp. The query signature is usable by network services to authenticate communication between the first and second users on the network over a specified period of time. In another embodiment, user ID codes and tokens are cached on mobile devices and/or a system cache to improve performance. The validity of the cached data is determined by calculating a fingerprint which, in one embodiment, is a hash of the ID code, token and a timestamp.

Discount and/or loyalty reward system is arranged to provided discounts to users on the basis of user ids communicated from a user agent to a point of sale terminal. The point of sale terminal requests a list of discounts applicable to the received user id from a discount administration system. The discounts in the returned list are then applied where appropriate to the user's purchases.

A user terminal connection control method to limit the number of sessions simultaneously connectable to the Internet, wherein an access server or authentication server has a user management table for specifying the maximum number of connections and a preferential terminal identifier indicating a user terminal to be preferentially connected to the Internet for each group comprising a plurality of user identifiers. The access server or authentication server determines, during a communication procedure for authenticating a user who requests to access to the Internet, whether the current number of connections for a group to which the user belongs has reached the maximum number of connections, and if so, determines whether to allow the user terminal to connect to the Internet depending on whether the user terminal identifier matches the preferential terminal identifier.

A system and related techniques host and serve selective, orchestrated advertising campaigns and other content to users depending on contributing advertisers' campaign strategies as well as use interests, prior history or experiences. According to embodiments, users may navigate to a Web or other network site which contains or invokes ads or other media or content. When ad or other content is called, according to the invention in one regard a user identifier may be checked, to determine whether the user has subscribed to or had a profile established with the orchestrated ad platform of the invention. If the user does have a unique identifier associated with them, an ad engine may perform a lookup of the identifier against potential ad campaigns or delivery modes, to deliver a more coherent or orchestrated stream of ads or other media to the user. Those selected campaigns may include for instance immersive delivery modes in which a number of ads related to an area of interest, such as cars and related services or foods and restaurants, may be delivered or streamed to the user's browser or other application at a comparatively high frequency or intensity. The sequence of that content may in one regard be conditioned on the user's browsing or other history, including topics of interest as expressed for example in prior search activity, in explicit questionnaires, or in prior purchase or shopping activity, as well as other behavioral patterns such as averaged length of browsing sessions, or other parameters. Because the experience which the user receives is targeted or tailored in nature, and in addition presents a set or series of content which is selected to reflect a meaningful relationship or theme, the effectiveness of the advertising or other content delivery campaign may be enhanced compared to undifferentiated delivery techniques.