УЛУЧШЕННАЯ ПОДДЕРЖКА КАЧЕСТВА ОБСЛУЖИВАНИЯ ДЛЯ ПЕРЕДАЧ V2X

Изобретение относится к передающему устройству для передачи относящихся к транспортному средству данных через интерфейс побочной линии связи к одному или более принимающим устройствам. Техническим результатом является улучшение качества обслуживания (QoS) для режима UE-автономного распределения ресурсов применительно к услугам V2X. Передающее устройство выполняет автономное распределение ресурсов радиосвязи для передачи относящихся к транспортному средству данных через интерфейс побочной линии связи. Прикладной слой генерирует относящиеся к транспортному средству данные и переадресовывает относящиеся к транспортному средству данные вместе с указанием приоритета и одним или более параметрами качества обслуживания к слою передачи, отвечающему за передачу относящихся к транспортному средству данных через интерфейс побочной линии связи. Слой передачи выполняет автономное распределение ресурсов радиосвязи на основании принятого указания приоритета и одного или более параметров качества обслуживания ...

УСТРОЙСТВО СВЯЗИ, СПОСОБ УПРАВЛЕНИЯ УСТРОЙСТВОМ СВЯЗИ И ПРОГРАММА

Verfahren und Vorrichtung zur Autorisierung in Datenübertragungssystemen

VERFAHREN, ANORDNUNG UND EINRICHTUNG ZUR AUTHENTIFIZIERUNG DURCH EIN KOMMUNIKATIONSNETZ

Handling encoded information and identifying user

A device obtains an encoded information item and decodes it, or transmits the coded information to the server to be decoded. The device transmits a first message to first server apparatus, including the decoded information and a first identifier identifying the device or a user of the device. The server uses the identifier to establish the identity of the user of the device, and in response to establishing the identity of the user, performing an action based on the decoded information. The system may be used to validate ATM, self-service shopping or other check out transactions, or to allow access to a service or open secure doors to authorized people. The decoded information may be verification information, which is compared with reference data. The encoded information may be a sequence of numbers, letters or symbols typed into the interface or retrieved over a wired connection. The system may reduce the risk of a man in the middle attackâ with tiered strengths of authentication for mobile ...

Two device authentication mechanism

Handling encoded information and identifying user

A device obtains an encoded information item and decodes it, or transmits the coded information to the server to be decoded. The device transmits a first message to first server apparatus, including the decoded information and a first identifier identifying the device or a user of the device. The server uses the identifier to establish the identity of the user of the device, and in response to establishing the identity of the user, performing an action based on the decoded information. The system may be used to validate ATM, self-service shopping or other check out transactions, or to allow access to a service or open secure doors to authorized people. The decoded information may be verification information, which is compared with reference data. The encoded information may be a sequence of numbers, letters or symbols typed into the interface or retrieved over a wired connection. The system may reduce the risk of a man in the middle attacks with tiered strengths of authentication for mobile ...

A computing device, method and system for controlling the accessibility of data

Identity verification system using network initiated USSD

USER AUTHENTICATION SYSTEM AND METHOD

Identity verification system using network initiated USSD

Peer-to-peer payment registration and activation

USER AUTHENTICATION SYSTEM AND METHOD

Peer-to-peer payment registration and activation

USER AUTHENTICATION SYSTEM AND METHOD

PROCEDURE FOR THE BROADBAND DATA COMMUNICATION

PROCEDURE AND DEVICES FOR THE ACCESS CONTROL OF A USER OF A USER COMPUTER FOR AN ENTRANCE COMPUTER

Handling encoded information

A method is described including a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding the encoded information from the encoded information item, and transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the computing apparatus, and the first server apparatus receiving the first message from the device, establishing the identity of the user of the device, wherein establishing the identity of the user comprises using the first identifier to determine if the user is registered with the first server apparatus in response to establishing the identity of the user, authorising the user to access a service, and providing the service to the user via the computing apparatus using the ...

METHOD AND SYSTEM FOR THE AUTHENTICATION OF A USER OF A DATA PROCESSING SYSTEM

GENERATION OF COMMUNICATION DEVICE SIGNATURES FOR USE IN SECURING NOMADIC ELECTRONIC TRANSACTIONS

A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path.

A METHOD AND SYSTEM TO CREATE A SECURE COMMUNICATION CHANNEL BETWEEN TWO SECURITY MODULES

Techniques for pairing two different security modules that use two different encryption technologies for operation in two different networks include generation and transmission of a secret to both the security modules via their respective communication networks. In one advantageous aspect, one of the security module, which may be prone for duplication or theft, is logically tethered to the other security module via the pairing. For example, after pairing is successfully performed, the first security module may be usable in a wide area network only when its presence in a local communication connection, such as a home network of a subscriber, or a peer-to-peer or a near field communication link, can be detected and verified by the second security module.

SYSTEMS, DEVICES, AND METHODS FOR AUTHENTICATING A VALUE ARTICLE

Systems, devices, and methods for authenticating a value article are provided herein. In an embodiment, a system for authenticating a value article that includes a luminescent material includes a portable computing device and an authentication device that is physically and electronically separate from the portable computing device. The portable computing device includes a microprocessor and a data receiver. The authentication device has the capacity to electronically connect with the portable computing device, and the authentication device includes an exciting light source, a photodetector, and a data transmitter. The exciting light source is provided to excite luminescent material of the value article, and the photodetector is provided to detect emitted radiation from the luminescent material after excitation. The data transmitter has the capacity to transfer a detected radiation signal or data derived therefrom from the authentication device to the data receiver of the portable computing ...

COMPUTER SECURITY SYSTEM

Several embodiments of computer security systems are described and which are adapted to grant an authorized individual access to a secured domain, such as a computer or data stream. In one embodiment, the security system comprises: an analyzing means for receiving first and second passwords, each of said passwords being transmitted over a first communication channel, analyzing said first passw ord, transmitting a first signal output only if said first password is authorized, an d granting access to said secured domain only if said second password is substantially iden tical to a code; and a random code generating means for generating said code, transmittin g said code over a second communication channel upon receipt of first signal outpu t, and transmitting said code to said analyzing means; and a notification means for rec eiving said code and for notifying said authorized individual of the identity of said c ode.

A computer starting method and electronic apparatus

Service e.g. web access service, access controlling method for mobile telephone, involves informing validity of activation code received from telephony terminal of subscriber to service editor, and allowing editor to access service

L'invention concerne selon un premier aspect un procédé de contrôle d'accès à un service offert par un éditeur de services (1) par l'intermédiaire d'un périphérique client (2a, 2b) utilisé par un abonné d'un opérateur de téléphonie mobile, comprenant les étapes au cours desquelles : - un serveur d'identification d'utilisateur (4) génère et transmet à l'éditeur de services (1 ) un code d'activation de service ; - l'éditeur de services (1) transmet le code d'activation au périphérique client (2a, 2b) utilisé par l'abonné ; - le code d'activation est transmis au serveur d'identification d'utilisateur (4) depuis un terminal de téléphonie mobile (3) de l'abonné ; - le serveur d'identification d'utilisateur (4) informe l'éditeur de services (1) de la validité du code d'activation reçu depuis le terminal de téléphonie mobile (3) de l'abonné, et l'éditeur de services (1) autorise le cas échéant l'accès de l'abonné au service par l'intermédiaire du périphérique client (2a, 2b). Selon un second aspect ...

SYSTEM FOR CHECKING PERSONAL CREDIT INFORMATION USING A MOBILE PHONE BY USING A TWO-WAY SMS(SHORT MESSAGE SERVICE) THROUGH A MOBILE TELECOMMUNICATION COMPANY

PURPOSE: A system for checking personal credit information using a mobile phone is provided to prevent illegal credit transaction and prevent leakage of the personal credit information by enabling a user to previously recognize/confirm credit information inquiry, as credit transaction details and a personal credit information inquiry confirmation message are transmitted to a mobile phone number set by the user. CONSTITUTION: An inquirer(B) wants to inquire the personal credit information of the user(A). A certification authority(C) confirms and authenticates the personal credit information. A credit information collecting organization(D) stores the personal credit information by constructing a database. A personal information inquiry checking institution(E) includes the database for storing the mobile phone number and a password of the user. The mobile telecommunication company(F) includes the system for supporting a two-way SMS. The inquirer inquires the personal credit information through ...

통신 장치, 통신 장치의 제어 방법, 및 프로그램

... 본 발명은 제1 실행 유닛, 제2 실행 유닛, 및 선택 유닛을 포함하는 통신 장치에 관한 것이다. 선택 유닛은 통신 장치가 무선 파라미터를 다른 통신 장치에 설정하는 제1 처리 또는 다른 통신 장치에 설정되어 있는 무선 파라미터를 그 통신 장치에 설정하는 제2 처리를 선택한다.

APPLICATION FORGERY AND MODULATION PREVENTING SYSTEM USING SECURITY CARD AND METHOD THEREOF

The present invention relates to an application forgery and modulation preventing system using a security card and a method thereof. More specifically, the present invention relates to the application forgery and modulation preventing system which stores a security execution code constituting a part of an execution file to be installed in a security chip memory of a security card when installing an application (or app) in a mobile terminal and allows the mobile terminal to receive the security execution code from the security chip memory of the security card and execute the execution file including the security execution code to drive the application every time when the execution request of the application is issued. COPYRIGHT KIPO 2018 (400) Wired and wireless data communication network ...

Method and system for authenticating service

Embodiments of the present application relate to a method, a system, and a computer program product for authenticating a service. A method for authenticating a service is provided. The method includes receiving a first service request from a first terminal, generating a first link address that is used to link to an access location based on the received first service request, determining a preset terminal identifier corresponding to a second terminal, the preset terminal identifier being a terminal identifier preset by the user, sending the first link address to the second terminal, receiving a first link request, determining an issued terminal identifier based on the first link request, comparing the determined issued terminal identifier with the preset terminal identifier of the second terminal, and performing a next processing operation on the first service request based on the comparison result.

AN AUTHENTICATION SYSTEM AND PROCESS

An authentication system including: (i) a user device, such as a mobile phone or media player, for storing random identification data for a user of the user device, and for processing entered token data to generate response data on the basis of the identification data; (ii) a client device, such as a personal computer, for use by the user to request a session, such as an online banking session, with a server system, for receiving the token data in response to the request, and for sending the response data to the server system; and (iii) a server of the server system, for storing the random identification data for the user, generating the token data for the client device on the basis of the identification data in response to the request, and for processing the response data to determine authentication for the client device for the session.

SONIC BASED DIGITAL NETWORKING

Systems, apparatuses and methods of using an acoustic communication mechanism to transmit data in the form of acoustic data from a mobile device to an electronic device are described. In one embodiment, a method of completing a purchase with a merchant using a mobile device starts with the mobile device sending a request message to a central server through a network interface. The mobile device then receives a token from the central server through the network interface that confirms that a payment in the purchase amount has been received at the merchant's account. This token is then translated into acoustic data and transmitted from the mobile device to an electronic device being associated with the identification of a merchant. Other embodiments are also described.

METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE

A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one-time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said networks, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collected information provides information enabling the user to detect a compromised identity through a mismatch between presented information and the information representing the user and the passcode protects against fraudulent access.

METHOD AND SYSTEM TO MAINTAIN PORTABLE COMPUTER DATA SECURE AND AUTHENTICATION TOKEN FOR USE THEREIN

A method and system to maintain portable computer data secure and an authentication token for use in the system are provided. The present invention provides for fine-grained authentication and full security of a laptop file system. The laptop disk is encrypted and each time data is fetched from the disk the laptop sends a short message requesting a decryption key from an authentication token worn or associated with the proper laptop user. If the user and his/her token are "present," then access is allowed. If the user and his/her token are not "present" (i.e., within a predetermined radius), then access is disallowed and all in-memory data is flushed to the disk. The user wears the small authentication token that communicates with the laptop over a short-range, wireless link. Whenever the laptop needs decryption authority, it acquires it from the token; authority is retained only as long as necessary. With careful key management, the invention imposes an overhead of 11% compared to the ...

SYSTEM AND METHOD OF VERIFYING A NUMBER OF A MOBILE TERMINAL

A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.

Methods and systems for multiple channel authentication

Methods and systems for multiple channel authentication are described. In one embodiment, a request for a combined voice and data call is initiated from within a mobile application. The request may include authentication information and contextual information relating to a current exchange between the mobile application and an organization. The user may be authenticated with the authentication information and the combined voice and data call may be routed to a representative based on the contextual information to continue the exchange.

MANAGEMENT SYSTEM FOR SELF-ENCRYPTING MANAGED DEVICES WITH EMBEDDED WIRELESS USER AUTHENTICATION

Methods, systems, and computer programs are presented for remote management of self-encrypting managed devices (SEMDs) with embedded wireless authentication. One method includes providing a user interface to access a management server for managing users and devices. The SEMD is in wireless communication with the mobile device and is connection with the management server. Additionally, the management server checks user-authentication information of the user for unlocking access to the SEMD before is enabled to unlock the SEMD via mobile application of the mobile device. Further, the management server sends an unlock command to the mobile device based on the checking, the mobile device sending an unlock request to the SEMD via the wireless communication. The SEMD is configured to unlock the data channel to provide data access to encrypted storage in the SEMD. 1. A method comprising:providing a user interface to access a management server for managing users and self-encrypting devices, the management server comprising a database storing information about the users and the self-encrypting devices;receiving, by the management server, a request of a user to unlock a self-encrypting device, the self-encrypting device being in wireless communication with a mobile device;verifying, by the management server, authentication information of the user received in the request; andsending, by the management server, an unlock command to the mobile device based on the verifying, the mobile device sending an unlock request to the self-encrypting device via the wireless communication, the self-encrypting device configured to unlock a data channel providing data access to encrypted storage in the self-encrypting device.2. The method as recited in claim 1 , further comprising:receiving, via the user interface, a request to lock the self-encrypting device;detecting, by the management server, a connection with the mobile device in wireless communication with the self-encrypting device; ...

Authenticating a user of a system using near field communication

A system and machine-implemented method for providing a username and password to a system using a device, via establishing a near field communication link with the system; retrieving a username and password from storage on the device; and transmitting the username and password to the system via the near field communication link, wherein the username and password are configured to be used by the system to authenticate the user on the system.

NETWORK INTERACTION METHOD, ELECTRONIC DEVICE, CLIENT AND SERVER

The disclosed embodiments are directed toward a network interaction method, electronic device, client, and server. In one embodiment, a method is disclosed comprising: sending an identification code acquisition request to a server, so that the server provides an identification code; receiving the identification code returned by the server; displaying the identification code, to input the identification code to an electronic device providing a file, so that the identification code corresponds to the file; receiving file information provided by the server, the file information used for indicating the file corresponding to the identification code; and sending form confirmation information to the server, the form confirmation information used for indicating that a form has been completed based on the file information. 122-. (canceled)23. A method comprising:sending, by a client device, an identification code acquisition request to a server;receiving, at the client device, an identification code from the server returned in response to the identification code acquisition request;displaying, on the client device, the identification code, the display of the identification code capable of being input to an electronic device;receiving, at the client device, file information provided by the server, the file information associated with a file stored on the electronic device and corresponding to the identification code; andsending, by the client device, form confirmation information to the server, the form confirmation information indicating that a form has been completed based on the file information.24. The method of claim 23 , the displaying the identification code comprising a display operation selected from the group consisting of: displaying the identification code on a display screen of the client device; playing claim 23 , through a loudspeaker of the client device claim 23 , the identification code; displaying claim 23 , through the display screen claim 23 , a resource ...

PROVIDING ACCESS TO REGISTERED-USER WEBSITE

A first interface is transmitted from the server computer system to a user computer system, the first interface having a field for entering a mobile telephone number. A mobile phone number entered into the field for the mobile phone number is received from the user computer system at the server computer system. A password is generated and transmitting from the server computer system to a mobile device having a mobile phone number corresponding to the mobile phone number received from the user computer system and a second interface is transmitted from the server computer system to the user computer system, the second interface including a field for entering the password. A follow-up message is transmitted from the server computer system to the mobile device if the password is not received from the user computer system at the server computer system within a predetermined period of time.

METHOD OF CONNECTING AN APPLIANCE TO A WIFI NETWORK

A method of provisioning an appliance to connect to a Wi-Fi network includes a mobile device having an encryption key to enable secure communication in the network, and a means to wirelessly communicate with the appliance. A wireless communication device and a software protocol in the appliance are configured to operate in an unsecured short range configuration mode by reducing transmission power and in a long range configuration mode where transmission power is not reduced. By placing the wireless communication device into the short range configuration mode and moving the mobile device to a position within the short range to establish communication with the wireless communication device, the encryption key may be transmitted from the mobile device to the appliance via the wireless communication device without security. The wireless communication device may then be placed into the long range mode to securely connect to the Wi-Fi network.

Privacy protection in a server

A resource controller may store a plurality of files or other data that are at least partially accessible by one or more users in a network. The user may operate a mobile device, such as a cellular telephone and/or personal digital assistant, to call or otherwise contact the resource controller. The mobile device and/or a communications network may send identification information to the resource controller that identifies the mobile device and distinguishes it from other mobile devices. Based on the identification information, the resource controller may grant or deny access to files. The resource controller may further provide the user with the appropriate user ID and/or password based on the identification information. The user may then enter the user ID and/or password to gain access to files stored at the resource controller.

Method and system for encryption

There is described a validation and authentication system and method for authenticating and validating messages. The system comprises a data store storing one or more digital fingerprints associated with user imaging devices. There is also a communication module configured to: receive a message M; receive a request for validation and authentication and receive an image PM of the message M captured using a user imaging device. The system comprises an image validation module for analysing the received image PM using one or more image processing techniques to determine if the image is valid and authentic. If the received image PM is determined to be authentic and valid, the image validation module generates a response to the request.

Bidirectional communication certification mechanism

The present invention is to provide a bidirectional communication certification mechanism, which comprises the steps of receiving a call-in message transmitted from a phone of a user, capturing a phone number and a temporary password transmitted from the phone, saving the phone number and temporary password into a number database, receiving and reading a game account, a game password, the phone number and the temporary password included in a login request message transmitted from a terminal device of the user, comparing the same with user data stored in a user database, and allowing the terminal device to finish a login procedure when the phone number and temporary password are existed in the user database. Since the phone number and the temporary password are preset by the user, it will ensure the terminal device to safely login a game server and efficiently lower down the stolen risk of the game account.

Password-based authorization for audio rendering

A method and device for processing one or more audio streams based on password-based privacy restrictions is described. A device may be configured to receive unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with a password, wherein the one or more audio streams are from audio elements represented in an acoustic environment that comprises one or more sub-acoustic spaces, each of the one or more audio streams representative of a respective soundfield, and generate the respective soundfields of the unrestricted audio streams.

EFFICIENT AUTHENTICATION OF A USER FOR CONDUCT OF A TRANSACTION INITIATED VIA MOBILE TELEPHONE

A method and system for authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone capable of initiating telephone calls over a network and of engaging in two-way data communication with a data server, wherein the caller identification data is received at the server and the data is associated with a user and provides a basis for authentication of the user and is used to address a message to the user, the message contains a logon key for use by the user in accomplishing the transaction.

METHODS AND SYSTEMS FOR IDENTITY VERIFICATION

Proximity authentication system

Access to secured services may be controlled based on the proximity of a wireless token to a computing device through which access to the secured services is obtained. An authorized user may be provided access to a service only when a wireless token assigned to the user is in the proximity of the computing device. A user's credential may be stored on an RFID token and an RFID reader may be implemented within a security boundary on the computing device. Thus, the credential may be passed to the security boundary without passing through the computing device via software messages or applications. The security boundary may be provided, in part, by incorporating the RFID reader onto the same chip as a cryptographic processing component. Once the information is received by the RFID reader it may be encrypted within the chip. As a result, the information may never be presented in the clear outside of the chip. The cryptographic processing component may cryptographically encrypt/sign the credential ...

Identification system for admission into protected area by means of an additional password

The identification system for admission into protected area according to the invention solves the problem of secure access to computer networks, whereby the said system uses an additional key for admission, to applications or user programs, to web sites on internet or intranet, and as additional lock beside conventional security devices for restricted premises. The essential feature of the identification system according to the invention is in that the user (1) supplies beside his/her regular username and password an additional, randomly generated password (8), which is sent to his/her mobile phone (9) number by the identification system in the form of an SMS message (8) after the identification systems receives the regular username and password from the user. Additional security is ensured by time-limited usability of the said SMS key and by limited repetition of access attempts.

Method for securing communication over a network medium

Pre-authentication information of devices (310,320) is used to securely authenticate arbitrary peer-to-peer ad-hoc interactions. In one embodiment, public key cryptography is used in the main wireless link (340) with location-limited channels (330) being initially used to pre-authenticate devices.

СПОСОБ ДЛЯ АУТЕНТИФИКАЦИИ ПОЛЬЗОВАТЕЛЯ ЧЕРЕЗ НЕСКОЛЬКО ПОЛЬЗОВАТЕЛЬСКИХ УСТРОЙСТВ

VERFAHREN UND ANORDNUNG ZUM ERHALTEN VON WENIGSTENS EINES ITEMS VON BEGLAUBIGUNGSDATEN VON EINEM BENUTZER

Verfahren zum Lesen von Attributen aus einem ID-Token

Die Erfindung betrifft ein Verfahren zum Lesen zumindest eines in einem ID-Token (106, 106') gespeicherten Attributs, wobei der ID-Token einem Nutzer uthentifizierung des Nutzers gegenüber dem ID-Token, - Authentifizierung eines ersten Computersystems (136) gegenüber dem ID-Token, - nach erfolgreicher Authentifizierung des Nutzers und des ersten Computersystems gegenüber dem ID-Token, Lesezugriff des ersten Computersystems auf das zumindest eine in dem ID-Token gespeicherte Attribut zur Übertragung des zumindest einen Attributs an ein zweites Computersystem (150).

Initiation of multi-factor authentication following pre-loading of authentication factor

Device identification

An apparatus and method to enable a first device 1 to identify a second device 2 comprising communication over separate first and second interfaces 20/30. A controller 10 receives a first identifier from the second device 2 via the first interface 20 and determines whether it has a predetermined value. A second identifier is then received from the second device 2 via the second interface 30 and the second device 2 is identified by the controller 10. The first and second interfaces 20/30 may use wired or wireless communication protocols. An authentication code may be sent from the first device 1 to the second device 2 via the second interface 30 and returned by the second device 2 to the first device 1 via the first interface 20. The controller 10 may control functionality of the second device 2 by sending data over the second interface 30 to it. The second identifier may be obtained from a broadcast or beacon signal that is issued repetitively by the second device 2.

Image-processing system and image processing method

Handling encoded information

A computing device, method and system for controlling the accessibility of data

Data communication method and system

Handling encoded information

Improvements in and relating to mobile communication devices

PROCEDURE AND SYSTEM FOR AUTHENTIFIZIERUNG A USER WITH THE HELP OF PORTABLE RADIO EQUIPMENT

METHOD AND SYSTEM FOR THE AUTHENTIFIZIEREN OF A USER OF A DATA PROCESSING SYSTEM

ARRANGEMENT AND PROCEDURE REGARDING IP NETWORK ENTRANCE

Multi-mode credential authentication

Method for reading attributes from an ID token

MULTI-MODE CREDENTIAL AUTHENTICATION

A method for authenticating an identity involves first receiving a first credential over a first communications channel, and determining a second communications channel provisionally associated with the first credential. The second communications channel is different from the first communications channel, and the first credential is provisionally associated with an identity. Then, a second credential is received over the second communications channel, and the identity is authenticated based on a verification of the second credential.

METHOD AND SYSTEM FOR VALIDATING A DEVICE THAT USES A DYNAMIC IDENTIFIER

A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.

METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE

A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one--time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said net-works, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collect-ed information provides information enabling the user to detect a compromised identity through a mismatch between presented in-formation and the information representing the user and the passcode protects against fraudulent access.

COMMUNICATION SYSTEM PROVIDING WIRELESS AUTHENTICATION FOR PRIVATE DATA ACCESS AND RELATED METHODS

A communication system may include a server configured to provide data access based upon an authenticated logon, and a computer configured to access the server to receive a temporary authenticated logon identification (ID) for the server. The communication system may further include a mobile wireless communications device including a housing, a wireless transceiver carried by the housing, a sensor carried by the housing, and a controller carried by the housing, the controller being coupled to the wireless transceiver and the sensor. The controller may be configured to cause the sensor to wirelessly retrieve the temporary authenticated logon ID from the computer, and cause the wireless transceiver to wirelessly communicate logon data to the server for providing data access via the computer based upon the temporary authenticated logon ID.

A SYSTEM AND METHOD FOR NFC PEER-TO-PEER AUTHENTICATION AND SECURE DATA TRANSFER

A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

DISTANCE-DEPENDENT OR USER-DEPENDENT DATA EXCHANGE BETWEEN WIRELESS COMMUNICATION DEVICES

In one embodiment, a method includes sending, by a first wireless device associated with a first user, first data such that the first data are only available to one or more second wireless devices respectively associated with one or more second users and within a first distance from the first wireless device. The method further includes sending, by the first wireless device associated with the first user, second data such that the second data are only available to one or more third wireless devices respectively associated with one or more third users and within a second distance from the first wireless device.

DISTANCE-DEPENDENT OR USER-DEPENDENT DATA EXCHANGE BETWEEN WIRELESS COMMUNICATION DEVICES

In one embodiment, a method includes sending, by a first wireless device associated with a first user, first data such that the first data are only available to one or more second wireless devices respectively associated with one or more second users and within a first distance from the first wireless device. The method further includes sending, by the first wireless device associated with the first user, second data such that the second data are only available to one or more third wireless devices respectively associated with one or more third users and within a second distance from the first wireless device.

METHOD OF DETERMINING AN ASSOCIATION BETWEEN A BANK CARD AND A COMMUNICATION TERMINAL, DEVICE, SYSTEM AND PROGRAM THEREFOR

SAFETY DEVICE AND ITS PROCESS OF OPERATION

L'invention concerne un dispositif de sécurité, comprenant une entrée (IN) et une sortie (OUT) à laquelle est raccordée une ligne de commande d'un équipement à sécuriser, et: - des moyens d'acquisition de données d'identification (1), - des moyens de gestion (2) comprenant : -des moyens de stockage de données d'identification autorisées (3) et - des moyens de traitement (4), générant un signal d'identification en cas de succès d'une comparaison entre une donnée d'identification acquise avec une donnée d'identification stockée, lesdits moyens de gestion étant connectés à des moyens de pilotage (6) produisant sur la ligne de commande un signal de sortie (S0, ..., Sm), caractérisé en ce qu'une ligne d'entrée sur laquelle transite un signal d'entrée (E0, ..., En) est raccordée sur ladite entrée, et en ce que lesdits moyens de pilotage commandent l'état du signal de sortie en fonction d'une part, du signal d'entrée et, d'autre part, du signal d'identification.

METHOD FOR REGISTERING SECURE CERTIFICATE IN DEVICE THROUGH CELLULAR NETWORK, FOR AUTHENTICATING UNRELIABLE APPARATUS THROUGH RELIABLE NETWORK

PURPOSE: A method for registering a secure certificate in a device through a cellular network is provided to improve a security system for authentication by comparing an issue time with a return time of a token from a mobile apparatus to an authentication server. CONSTITUTION: A method for registering a secure certificate in a device through a cellular network includes the steps of: receiving an authentication request for an authentication token from a mobile apparatus through a first network(410); generating the authentication token in response to the received authentication request(420); transmitting the generated token to the mobile apparatus through a second reliable network; receiving the verifying request which includes a first identifier and the generated token, from the mobile apparatus through the first network(430); and checking whether the first identifier of the verifying request is identical with the first identifier of the authentication request, and the generated token of ...

Method for authenticating an RFID tag

Association of in-band and out-of-band identification credentials of a target device

An association between a system's in-band identification credentials with out-of-band identification credentials may arise by making a universal serial bus device emulation in the form of either a virtual mass storage device or a virtual network adaptor. In the case of the former, a machine readable name is decoded to determine which KVM port a target device is connected to. Such can be used to associate a system's known in-band identification credentials with decoded out-of-band identification credentials from the virtual mass storage device. In the case of the latter, the target may be searched and queried through an out-of-band path to ascertain in-band identification credentials.

SYSTEM AND METHOD FOR SECURITY AUTHENTICATION OF A BI-DIRECTIONAL SUBSCRIBER ON A COMMUNICATION NETWORK, AND RECORDING MEDIUM ON WHICH THE METHOD IS RECORDED

The present invention relates to an authentication method for a subscriber accessing a network page provided on a communication network such as the internet. Generally, a method is used in which a user inputs information through a keyboard on a user's personal computer so as to access a website and log into the website. However, this method always has a risk that the confidential information can be leaked through a phishing tool that provides a function of intercepting typing performed on a keyboard. In order to solve the problem mentioned above, the present invention relates to a method for security authentication of a subscriber in a page accessed on a network without using tools in a user computer such as a keyboard and a mouse, and more particularly, a system and method for security authentication of a subscriber on a communication network, which fundamentally removes the risk of phishing by being able to authenticate a subscriber for accessing a network page throught the use of a smart ...

USE OF PERSONAL COMMUNICATION DEVICES FOR USER AUTHENTICATION

A user authentication server (102) receives a request (160) for a token (156). The request is transmitted from a personal communication device (106), such as a mobile phone or a pager, carried by a user (108). The server (102) generates a random token in response to the request and creates a new password by concatenating a secret passcode, which is known to the user, with the token. The server sets the user's password to be the new password. A communication module (118) transmits the token to the personal communication device. The user concatenates the secret passcode with the received token in order to form a valid password, which the user submits to gain access to the secure system. Accordingly, access to a system is based upon at least: information known to the user, such as the passcode, and an object possessed by the user, such as the personal communication device.

TRANSACTION SYSTEM, TRANSACTION METHOD, AND INFORMATION RECORDING MEDIUM

The safety is improved when executing a transaction instructed after the login from a user having carried out the login operation to the server. A transaction system () includes a server (), a first terminal (), and a second terminal (). A user logs-in the server () through the first terminal (). The server () generates a notice to be transmitted to the second terminal () when receiving an instruction of a transaction through the first terminal () from a user. The first terminal () or the second terminal () prompts the user to input a confirmation of details of the transaction when the notice is transmitted to the second terminal () from the server (). The server () regards the confirmation of the transaction made by the user as having been made when the input of the user matches with the details of the transaction.

Method and system for authenticating a user by means of a mobile device

There is provided a method for authenticating a mobile device user against an authenticating system connected to a client computer accessible to said user. The authenticating system uses a communication channel to send to the client computer a logon screen. This logon screen contains a 2D-code embedding, a URL of the authenticating system and a challenge generated by the authenticating system. With a 2D-code reader in the user's mobile device the URL and the challenge are decoded. The user then inputs a password and a response to the challenge is computed. The response is sent together with the user ID to the authenticating system. The authenticating system is able to ascertain that the response to the challenge necessarily comes from the user thereby verifying his identity. Once the user is authenticated, the authenticating system pushes to the client computer (identified by the challenge) a welcome screen.

METHOD FOR SECURING DISCOVERY INFORMATION AND DEVICE THEREFOR

The present invention relates to a method and a system for securing discovery information being transmitted through a direct radio signal in a wireless communication system which supports a device-to-device service, and a device-to-device communication method of a transmission terminal, according to one embodiment of the present invention, can comprise: synchronizing with a discovery resource cycle number; determining discovery channel logical timing information of a discovery physical channel through which discovery information is to be transmitted; generating security information by using a security key, the determined discovery channel logical timing information and the discovery information to be transmitted; and transmitting the discovery information including the security information through the discovery physical channel. According to one embodiment of the present invention, it is possible to prevent discovery information of a terminal to be wrongly transmitted due to a case where another rogue terminal receives and changes the discovery information of the terminal, or the like. 1. A device-to-device communication method of transmitting user equipment , the method comprising:synchronizing with a discovery resource cycle number;determining discovery channel logical timing information of a discovery physical channel at which discovery information is to be transmitted;creating security information by using a security key, the determined discovery channel logical timing information, and the discovery information to be transmitted; andtransmitting the discovery information including the security information to the discovery physical channel.2. The method of claim 1 , wherein the discovery channel logical timing information includes at least one of a discovery resource cycle number claim 1 , a discovery subframe number claim 1 , or a discovery physical channel index.3. The method of claim 1 , wherein the security information includes at least one of a message ...

Authenticating wireless phone system

An authenticating portable electronic device such as a cellular phone having radio frequency transmission capability, battery power and a keypad. The device further includes a biometric reader proximate the keypad of the device for authenticating the user of the device, as well as a transreceiver in the device for communicating authentication signals with a remote location to verify the identity of the user. Remote locations may be gates, doors or badge screening locations. Also included is a transmitter for sending signals to a transceiver receiver having a connection to a wire telephone system within a structure to permit phone calls using the device through the receiver to and from the wire telephone system. The device includes a connector for connecting to a docking cradle operably connected to a computer for authenticating the user before allowing access to the computer, which can also be the battery charging interface.

METHOD FOR AUTHORIZING ACCESS TO PROTECTED CONTENT

The invention refers to a method for authorizing access to a third party application, called client (2), to protected resources owned by a user (1) and hosted in a server (3). The method comprising: the client being used by the user asking for a temporary token to the server; the server sending a first SMS to the user, said first SMS providing means to authenticate the user; authenticating the user by the means provided in previous two steps; the user authorizing the client; the server sending a second SMS to the user providing some information needed to obtain an access token; the client getting the information of the previous step from the user and the access token; the client accessing protected resources using the access token.

SYSTEMS AND METHODS FOR IMPROVED ELECTRONIC DATA SECURITY

An electronic data protection (EDP) computing device for protecting sensitive data of a user during a computer interaction between the user and a business entity computing device associated with a business entity is provided. The EDP computing device is configured to receive interaction data for the computer interaction from the business entity computing device. The interaction data includes an interaction identifier, a business entity identifier, and a user identifier in lieu of a protected data object. The EDP computing device generates a token request message using the interaction data and a request token and transmits the token request message to the user computing device, prompting the user to pick a user account. The EDP computing device receives a response token identifying an account selected to complete the computer interaction, retrieves the protected data object, and completes the computer interaction using the protected data object.

Association of in-band and out-of-band identification credentials of a target device

An association between a system's in-band identification credentials with out-of-band identification credentials may arise by making a universal serial bus device emulation in the form of either a virtual mass storage device or a virtual network adaptor. In the case of the former, a machine readable name is decoded to determine which KVM port a target device is connected to. Such can be used to associate a system's known in-band identification credentials with decoded out-of-band identification credentials from the virtual mass storage device. In the case of the latter, the target may be searched and queried through an out-of-band path to ascertain in-band identification credentials.

Data communication

A client terminal sends a communication request to a server. The server generates at least one digit code according to a first preset rule. The server sends information including the at least one digit code to the client terminal. The client terminal generates at least one input box, a number of which corresponds to a number of the at least one digit code, detects an input event of the at least one input box, and obtains data of the at least input box when the input event occurs. The client terminal sends the data of the at least one input box as at least one verification data to the server. The server compares the digit data corresponding to the at least one digit code with the verification data and sends a successful information code to the client terminal when the two are the same. The techniques improve password security.

Secure Configuration of Mobile Application

Secure configuration of a mobile application (app) includes sending the required configuration data for the app to the user's mobile computing device in a communication, for example an email with an attachment. A verification value is included in the attachment to protect the authenticity and integrity of the configuration data. A challenge code is issued to the user (or group of users). The challenge code is used to verify the configuration data.

METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE

A system detecting and protecting against identity theft by abusing a computer users ID and password or protecting a user against identity replication through parallel user session via a second authentication level using a second channel, a one-time-passcode and user contextual location information. When accessing networks, computer systems or programs, the said networks, computer systems or programs will validate user ID and password and collect contextual information about the user, the device, the used network etc. Once validated, a message is send by a second means that may be a cell phone SMS network or an instant message, said message containing a real-time session-specific one-time passcode. The session specific code and the collected information provides information enabling the user to detect a compromised identity through a mismatch between presented information and the information representing the user and the passcode protects against fraudulent access.

DISPOSABLE BROWSERS AND AUTHENTICATION TECHNIQUES FOR A SECURE ONLINE USER ENVIRONMENT

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services.

AUTHENTICATION METHOD AND SYSTEM

Communication system providing wireless authentication for private data access and related methods

A communication system may include a server configured to provide data access based upon an authenticated logon, and a computer configured to access the server to receive a temporary authenticated logon identification (ID) for the server. The communication system may further include a mobile wireless communications device including a housing, a wireless transceiver carried by the housing, a sensor carried by the housing, and a controller carried by the housing, the controller being coupled to the wireless transceiver and the sensor. The controller may be configured to cause the sensor to wirelessly retrieve the temporary authenticated logon ID from the computer, and cause the wireless transceiver to wirelessly communicate logon data to the server for providing data access via the computer based upon the temporary authenticated logon ID.

A personal token having enhanced signaling abilities

The invention relates to a personal token (10) comprising a microprocessor and a memory, said personal token (10) storing and running a software entity which constitutes an end-point for communication over the internet, characterized in that the software entity constitutes an end-point according to a signaling protocol over the internet which signaling protocol is of the type intended at initiating a session (20, 30, 40, 50, 60) of real-time conferencing between end-points.

Computer user detection apparatus

A new detection apparatus is disclosed, which has particular application for detecting the new presence or absence of a computer user. The absence of a user can trigger a computer display to power down, while the detected presence of a user can trigger the display to power back up, optionally requiring a log in. The detection apparatus operates fully automatically and so provides a reliable way of saving power and ensuring security of data.

A personal token having enhanced signaling abilities

The invention relates to a personal token (10) comprising a microprocessor and a memory, said personal token (10) storing and running a software entity which constitutes an end-point for communication over the internet, characterized in that the software entity constitutes an end-point according to a signaling protocol over the internet which signaling protocol is of the type intended at initiating a session (20, 30, 40, 50, 60) of real-time conferencing between end-points.

ASSOCIATION OF IN-BAND AND OUT-OF-BAND IDENTIFICATION CREDENTIALS OF A TARGET DEVICE

УСТРОЙСТВО СВЯЗИ, СПОСОБ УПРАВЛЕНИЯ УСТРОЙСТВОМ СВЯЗИ И ПРОГРАММА

Изобретение относится к вычислительной технике. Технический результат заключается в установке беспроводного параметра, полученного на основе информации, полученной посредством захвата изображения. Устройство связи содержит первый блок выполнения, сконфигурированный с возможностью выполнения первого процесса установки беспроводного параметра, который предназначен для беспроводной связи и хранится в устройстве связи, в другом устройстве связи посредством устройства связи на основе информации, полученной из изображения, которое захвачено посредством устройства связи, второй блок выполнения, сконфигурированный с возможностью выполнения второго процесса установки беспроводного параметра, который предназначен для беспроводной связи и установлен в другом устройстве связи, в устройстве связи на основе информации, полученной из изображения, которое захвачено посредством устройства связи, и блок выбора, сконфигурированный с возможностью выбора первого процесса или второго процесса, подлежащего выполнению ...

VERFAHREN, ANORDNUNG UND EINRICHTUNG ZUR AUTHENTIFIZIERUNG DURCH EIN KOMMUNIKATIONSNETZ

Anmeldesystem und -verfahren in einem drahtlosen lokalen Netzwerk

Method of controlling computer access

Image-processing system and image-processing method

An image-processing system comprising a peripheral device 10 , a web server 12 associated with the peripheral device 10 an application server 13 and a mobile phone 11 . The web server 12 is configured to send a registration request to register communication parameters of the peripheral device 10 in association with a piece of identification information at the application server 13 . The mobile device 11 is configured to determine the piece of identification information and to send a request to the application server 13 with the determined piece of identification information. The application server 13 is configured to associate the registered details of the peripheral device 10 with the request from the mobile device 11 thereby allowing a connection to be configured between the mobile device 11 and the peripheral device 10.

Peripheral authentication

This document describes techniques ( 300, 400 ) and apparatuses ( 100, 500, 600, 700 ) for peripheral authentication. These techniques ( 300, 400 ) and apparatuses ( 100, 500, 600, 700 ) may configure data lines for authentication between host device ( 102 ) and peripheral ( 106 ), use these configured data lines to authenticate the peripheral ( 106 ), and then reconfigure the data lines for use.

Mobile phone atm processing methods and systems

Embodiments provide systems, methods, processes, computer program code and means for using mobile devices to conduct transactions with ATM devices.

Methods to authenticate access and alarm as to proximity to location

Methods for authenticating access and providing positional awareness using mobile phones. Embodiments for authenticating access include receiving identification indicia from a person seeking access, sending a message to a person having authority for access, and receiving either a second message indicating that the person has taken an affirmative action to indicate authorization, or a password that was provided in the first message. Access may be computer access or physical access, as examples. Methods of providing positional awareness include obtaining or storing location coordinates, monitoring the location of a mobile phone, and providing an alarm, for example, through a second mobile phone. In a number of embodiments, location coordinates are automatically obtained from Internet websites. In some embodiments, parents can monitor the location of their children to make sure they do not get too close to a reported residence of a registered sex offender, for instance.

Method for facilitating access to a first access nework of a wireless communication system, wireless communication device, and wireless communication system

A method for facilitating access to a first access network ( 110 ) of a wireless communication system ( 100 ) comprises authenticating ( 300 ) a wireless communication device ( 102 ) with a second access network ( 104 ) and generating temporary access credentials using access information provided by the second access network ( 104 ). The wireless communication device ( 102 ) then transforms ( 302 ) the temporary access credentials and an identifier of the first access network ( 110 ) to provide first transformed access credentials which are transmitted ( 304 ) for performing authentication with the first access network ( 110 ). The identifier of the first access network ( 110 ) is provided to the second access network ( 104 ) which generates ( 308 ) second transformed access credentials using the identifier of the first access network ( 110 ) and the temporary access credentials. Authentication is performed ( 310 ) with the first access network ( 110 ), which includes comparing the first transformed access credentials with the second transformed access credentials and allowing access to the first access network ( 110 ) when the first transformed access credentials and the second transformed access credentials are substantially the same. A wireless communication device, and a wireless communication system are also disclosed and claimed.

System and Method for Authentication of Users in a Secure Computer System

A system and method for authenticating a user in a secure computer system. A client computer transmits a request for a sign-on page, the secure computer system responds by transmitting a prompt for a first user identifier, and the client computer transmits a request including a first identifier, a second identifier stored in an object stored at the client computer and a plurality of request header attributes. A server module authenticates the first and second user identifiers, and compares the transmitted plurality of request header attributes with request header attributes stored at the computer system and associated with the first and second user identifiers. If the first and second user identifiers are authenticated, and if a predetermined number of transmitted request header attributes match stored request header attributes, the server software module transmits a success message, and the user is allowed to access the secure computer system.

Methods and systems for identity verification

The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.

Authenticating a user of a system using near field communication

A system and machine-implemented method for providing a username and password to a system using a device, via establishing a near field communication link with the system; retrieving a username and password from storage on the device; and transmitting the username and password to the system via the near field communication link, wherein the username and password are configured to be used by the system to authenticate the user on the system.

Method of Connecting a Mobile Station to a Communcations Network

A method of connecting a mobile station to a communications network is provided, and includes performing an authentication of the mobile station at the network. A secure identifier, generated at the mobile station, is received at a gateway node and at an access node from an authentication node of the network if it is determined by the authentication that the mobile station is a subscriber to the network. A first secure communications tunnel is established from the access node to the mobile station using a value of the secure identifier and a second secure communications tunnel is established from the access node to the gateway node of the network using the value of the secure identifier. The first and second communications tunnels are bound together to form a communications path between the mobile station and the network.

Identity Verification System Using Network Initiated USSD

The invention provides a method and means of authenticating a user in a communications session (such as an on-line payment) on a first communications channel (such as the Internet 12 ). In a preliminary step, data pertaining to the user and a user-operated mobile phone 24 is stored in a data store 18 that is in communication with the first communication channel. In this step, data uniquely associated with the phone SIM, preferably the SIM IMSI is recorded along with more general user data, including the mobile phone number or MS ISDN. The communications session triggers an out-of-band authentication of the communications session on a second channel established between the mobile phone 24 and the service provider 22 associated with the phone using network initiated Unstructured Supplementary Services Data (USSD). The USSD session is used to handle the out-of-band authentication process.

System for mobile security

A method and apparatus for mobile security using a short wireless device. The method and device increases mobile device security and data security and reduces false alerts.

Secure Information Release

An embodiment of the invention provides a responder such as a health care professional with quick and secure access to select information about a user. An embodiment of such quick and secure access to select information may include receiving a user request to authenticate a responder mobile phone from the responder mobile phone, separately sending a common secure data to each of the responder's mobile phone and the user's mobile phone, receiving user authorization to release select data to the responder's mobile phone, the user's authorization received from the responder's mobile phone. Other embodiments are described herein.

PASSWORD-BASED AUTHORIZATION FOR AUDIO RENDERING

A method and device for processing one or more audio streams based on password-based privacy restrictions is described. A device may be configured to receive unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with a password, wherein the one or more audio streams are from audio elements represented in an acoustic environment that comprises one or more sub-acoustic spaces, each of the one or more audio streams representative of a respective soundfield, and generate the respective soundfields of the unrestricted audio streams. 1. A device configured to process one or more audio streams , the device comprising:a memory configured to store the one or more audio streams; and receive unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with a password, wherein the one or more audio streams are from audio elements represented in an acoustic environment that comprises one or more sub-acoustic spaces, each of the one or more audio streams representative of a respective soundfield; and', 'generate the respective soundfields of the unrestricted audio streams., 'one or more processors coupled to the memory, and configured to2. The device of claim 1 , further comprising a modem coupled to the one or more processors claim 1 , wherein the one or more processors are further configured to:send the password to a host device via the modem; andobtain, from the host device via the modem, only the unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with the password.3. The device of claim 2 , wherein the modem is configured to:transmit a data packet that includes a representation of the password over a wireless link; andreceive a different data packet that includes a representation of only the unrestricted audio streams of the one or more audio streams based on privacy restrictions associated with the password.4. The device of claim 1 , ...

DEVICE INTRODUCTION AND ACCESS CONTROL FRAMEWORK

In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method. 1. (canceled)2. An apparatus of a station (STA) , configured to operate as an enrollee and implement at least part of a registration protocol , the apparatus comprising: configure the STA to send a first registration protocol message (M1), for transmission to a registrar device, the processing circuitry being configurable to send the M for transmission on an out-of-band (OOB) channel and being configurable to send the M1 for transmission on an in-band channel, the M1 being part of a registration protocol and indicating that the STA is an enrollee seeking to join a wireless local area network (WLAN) domain, wherein the M1 includes a public key associated with the enrollee;', 'receive a second registration protocol message (M2), the processing circuitry being configurable to cause the STA to receive the M2 on the in-band channel and being configurable to cause the STA to receive the M2 on an OOB channel, to determine a shared secret, wherein the shared secret is to authenticate an in-band communication between the enrollee and the registrar device, the in-band communication including domain credential issuance for the enrollee; and', 'encode a third registration protocol message (M3), wherein the M3 includes one or more indications to confirm knowledge of the shared secret by the enrollee device; and', 'memory configured to store at least the shared secret., 'processing circuitry configured to3. The apparatus of claim 2 , wherein the shared secret is randomly generated.4. The apparatus of claim 2 , wherein the processing circuitry is configured to configure the STA to generate at least one ...

Methods to authorizing secondary user devices for network services and related user devices and back-end systems

Methods are provided to authorize a secondary user device for a network service provided over a network. Responsive to receiving a request from a primary user device, a voucher may be transmitted over the network to the primary user device. A request for an authorization waiver may be received from the secondary user device over the network, wherein the request for the authorization waiver includes the voucher that was transmitted to the primary user device. Responsive to receiving the request from the secondary user device including the voucher, an authorization waiver may be transmitted to the secondary user device. Related methods of operating primary and secondary user devices are also discussed.

METHOD AND SYSTEM OF PERFORMING AN AUTHORIZATION MECHANISM BETWEEN A SERVICE TERMINAL SYSTEM AND A HELPDESK SYSTEM

A method of performing an authorization mechanism between a service terminal system (ATM) and a helpdesk system (HD) includes the steps of: 1. A method of performing an authorization mechanism between a service terminal system and a helpdesk system comprising the steps of:Sending from the service terminal system or a user thereof a request message to the helpdesk system or an operator thereof, the request message comprising a one-time code, an identifier for the service terminal system and a set of access right data about rights for using said service terminal system by said user;Creating at the helpdesk system a response message by using the one-time code, the access right data and an ident key derived from an operation on the identifier and a base key, the base key being a common secret of both, the helpdesk system and the service terminal system;Sending from the helpdesk system or the operator thereof said response message to the service terminal system or to the user thereof;Creating at the service terminal system a reference response message by using the one-time code, the access right data and the ident key;Comparing at the service terminal system the response message with the reference response message to authorize the user to use the service terminal system according to the rights being represented by said access right data.2. The method of claim 1 , wherein the request message and/or the response message is configured to be communicated via a public audio or text communications link claim 1 , in particular a communications link providing phone calls claim 1 , SMS claim 1 , Email claim 1 , and/or Instant Messaging.3. The method of or claim 1 , wherein the one-time code is a random generated token or a challenge created by a random process being performed by the service terminal system claim 1 , on request of the user.4. The method of one of the preceding claims claim 1 , wherein the ident key is a terminal key created by helpdesk system in that the ...

ENABLING ACCESS TO DATA

Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module. 120.-. (canceled)21. An apparatus for enabling access to secure data , the apparatus comprising:a first module arranged to generate a passcode that is limited use, and make the passcode available to a user;a second module and a third module arranged to communicate to enable detection of the third module being in proximity to the second module; anda fourth module arranged to receive the passcode via user input;wherein the apparatus is arranged to enable access to secure data in dependence on the fourth module receiving the passcode generated by the first module, and the third module being in proximity to the second module.22. The apparatus of claim 21 , wherein:the apparatus is arranged to make a seed value concurrently available to the first and fourth modules by transferring the seed value between the second and third modules;the first module is arranged to use the seed value to generate the passcode; andthe fourth module is arranged to validate the received passcode using the seed value.23. The apparatus of claim 22 , wherein the first module and the third module comprise synchronized clocks claim 22 , the seed value being determined by the first and third modules using an indication of time from respective clocks.24. The apparatus of claim 22 , wherein the first and third modules are communicatively connected claim 22 , and are arranged cooperate whereby to generate and ...

METHOD AND SYSTEM OF MULTI-CHANNEL USER AUTHORIZATION

The present disclosure relates to a system and methods for providing user authorization via a computer network, particularly, by using mobile authorization, wherein a user can be granted access in a variety of mobile channels. The preferred embodiment of the claimed disclosure presents a user authorization system comprising a user device associated with a data source via a data channel, while the data source is associated with an authentication system, in which there are: 1. A user authorization system comprising a user device associated with a data source via a data channel , while the data source is associated with an authentication system , in which there are:the user device configured to form an authorization request to the data source via at least one mobile channel associated with said device;the data source configured to receive the user authorization request and transmit the corresponding request to the authentication system; andthe authentication system providing user authorization on said resource via at least one mobile channel associated with the user device.2. The system according to claim 1 , wherein the mobile channel is a messenger software application or a graphical user interface element.3. The system according to claim 1 , wherein the authentication system contains data on available authorization channels for each data source and stores user authorization data for each available mobile channel.4. The system according to claim 1 , wherein the authorization request contains at least information identifying the user and access data for the selected mobile channel.5. The system according to claim 4 , wherein the authorization request is encrypted on the user device and decrypted in the authentication system.6. The system according to claim 3 , wherein the authentication system further sends an authorization confirmation request to a mobile channel of the user device and authorizes the user on the resource claim 3 , based on a response received from ...

Mobile key via mobile device audio channel

A system and method are described for performing authentication on a computing device using a mobile device connected over an audio channel to the computing device, in scenarios where smart card authentication may have been traditionally used. An application executing on the computing device receives a request from a user, which request requires authentication of the user before being allowed by the application. An audio transmission containing encoded data including information authenticating the user is received at the computing device from the user's mobile device via a microphone. The audio transmission is decoded and the information authenticating the user is extracted. The information authenticating the user is verified and the request is allowed in the application.

EFFICIENT AUTHENTICATION OF A USER FOR CONDUCT OF A TRANSACTION INITIATED VIA MOBILE TELEPHONE

A method and system for authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone is presented. Efficient use is made of keystrokes on the data-enabled telephone. The data-enabled telephone is capable of initiating telephone calls over a telephone network and of engaging in two-way data communication with a data server in a network and the server enables conduct of the transaction. Caller identification information is received at the server. The information is associated with a telephone call request initiated by the user via the data-enabled telephone to a service number. The caller identification provides basis for authentication of the user and the caller identification information received at the service number is used to address a message to the user. Included in such a message is a logon key for use by the user in accomplishing the transaction. Thus the user can use the logon key to enter into data communication with the server for conduct of the transaction. 1. A method of authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone in such a manner as to make efficient use of keystrokes on the data-enabled telephone , such data-enabled telephone capable of initiating telephone calls over a telephone network and of engaging in two-way data communication with a data server in a network , such server enabling conduct of the transaction , the method comprising:receiving caller identification information associated with a telephone call request initiated by the user via the data-enabled telephone to a service number, such caller identification providing a basis for authentication of the user; andusing the caller identification information received at the service number to address a message to the user;including in such message a logon key for use by the user in accomplishing the transaction; andsending such message;so that on receipt of the message, the user may use the logon key ...

EFFICIENT AUTHENTICATION OF A USER FOR CONDUCT OF A TRANSACTION INITIATED VIA MOBILE TELEPHONE

A method and system for authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone is presented. Efficient use is made of keystrokes on the data-enabled telephone. The data-enabled telephone is capable of initiating telephone calls over a telephone network and of engaging in two-way data communication with a data server in a network and the server enables conduct of the transaction. Caller identification information is received at the server. The information is associated with a telephone call request initiated by the user via the data-enabled telephone to a service number. The caller identification provides basis for authentication of the user and the caller identification information received at the service number is used to address a message to the user. Included in such a message is a logon key for use by the user in accomplishing the transaction. Thus the user can use the logon key to enter into data communication with the server for conduct of the transaction. 1. A method of authenticating a user for conduct of a transaction initiated by the user via a data-enabled telephone in such a manner as to make efficient use of keystrokes on the data-enabled telephone , such data-enabled telephone capable of initiating telephone calls over a telephone network and of engaging in two-way data communication with a data server in a network , such server enabling conduct of the transaction , the method comprising:receiving caller identification information associated with a telephone call request initiated by the user via the data-enabled telephone to a service number, such caller identification providing a basis for authentication of the user; andusing the caller identification information received at the service number to address a message to the user;including in such message a logon key for use by the user in accomplishing the transaction; andsending such message;so that on receipt of the message, the user may use the logon key ...

Comprehensive authentication and identity system and method

A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.

AUTHENTICATION METHOD AND SYSTEM FOR A TELECOMMUNICATIONS SYSTEM

An authentication method for a telecommunications system comprising a computer network and a telephone network that includes receiving, at an Authentication System across the computer network, data indicative of an authentication request. The request is typically made by a provider in connection with a user (e.g. by a provider to obtain authentication from a user as the result of an authentication trigger detected by a provider system). A telephone call is establishing by the telephone network between the Authentication System and a telephone device with a telephone number associated with the user. A PIN is received from the user at the Authentication System during the telephone call. It is then determined if the received PIN is valid. The authentication request is authenticated if the PIN is determined to be valid. 1. An authentication method for a telecommunications system comprising a computer network and a telephone network , the method comprising:receiving, at an Authentication System across said computer network, data indicative of an authentication request,establishing by said telephone network a telephone call between said Authentication System and a telephone device with a telephone number associated with a user;receiving, at said Authentication System during said telephone call, a user password;determining at said Authentication System if said received user password is valid;authenticating said authentication request if said user password is determined to be valid.2. The method of wherein said request is made by a provider in connection with said user.3. The method of or claim 1 , including delivery by said Authentication System to said telephone device during said telephone call identification data claim 1 , typically identification data relating to said authentication request claim 1 , said identification data for example comprising any one or more of a provider name claim 1 , provider password claim 1 , system password claim 1 , application password ...

System and method for nfc peer-to-peer authentication and secure data transfer

A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

Contact-less tag with signature, and applications thereof

A method which comprises generating a first signature by encoding an identifier with a first additional data set at a first time instant; responding to a first read request from a tag reader by releasing the first signature; generating a second signature by encoding the identifier with a second additional data set at a second time instant, the second additional data set being different from the first additional data set; and responding to a second read request by releasing the second signature. Also, a method which comprises obtaining a signature from a contactlessly readable tag; decrypting the signature with a key to obtain a candidate identifier and a scrambling code associated with the signature; and validating the candidate identifier based on at least one of the scrambling code and the signature.

Disposable Browsers and Authentication Techniques for a Secure Online User Environment

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services. 1. A system for enabling access to content using disposable browsers , the system comprising:a memory comprising computer instructions; and establish a secure environment for operating a disposable browser session;', 'initiate the disposable browser session within the secure environment, wherein a disposable browser associated with the disposable browser session is displayable on a client device executing a thin client process and located externally to the system;', 'configure the disposable browser session with session data associated with the disposable browser session;', 'receive first data from the client device, the first data being associated with a content request initiated on the disposable browser displayed on the client device;', 'communicate with a remote server associated with the content request;', 'execute a command associated with the content request or received from the remote server;', 'transmit, to the client device, second data associated with the command or associated with the content request;', 'receive, from the client device, a user interaction with image data displayed on the client device, wherein the image data is rendered on the client device based on the second data;', 'transmit, to the remote server, third data associated with the user interaction with the ...

Media access control (mac) address identification

The technology described in this document can be embodied in a method that includes establishing a first wireless communication channel between a first device and a second device. The method also includes accessing, by an application executing on the first device, a transmitter of a first device to transmit to a second device one or more signals configured to cause an occurrence of an event on the second device. The one or more signals are transmitted over a second wireless communication channel between the first device and the second device. The method further includes receiving, from the second device over the first wireless communication channel, information representing a media access control (MAC) address of the first device, and storing, on a storage device accessible by the first device, a representation of the MAC address of the first device. The MAC address is associated with the second wireless communication channel.

Information processing terminal, information processing method, and computer-readable medium

According to this invention, in printing from a mobile terminal to a printer, the distance between them is measured in an LE mode, and when the distance reaches a predetermined distance, print data is transmitted to the printer in a normal mode and held in the printer. When the distance becomes shorter, a print execution instruction is issued to the printer in the normal mode, thereby causing the printer to execute printing.

SYSTEM AND METHOD TO DISABLE AUTOMATED DRIVING MODE BASED ON VEHICLE OPERATION CONTEXT

One general aspect includes a system to restrict vehicle operations, the system including: a memory configured to include one or more executable instructions and a processor configured to execute the executable instructions, where the executable instructions enable the processor to carry out the following steps: receiving a vehicle-occupant credential; determining whether the vehicle-occupant credential triggers an operation constraint; and when the operation constraint is triggered, restricting a vehicle from operating in an autonomous driving mode. 1. A method to restrict vehicle operations , the method comprising:receiving, via a processor, a vehicle-occupant credential;determining, via the processor, whether the vehicle-occupant credential triggers an operation constraint; andwhen the operation constraint is triggered, via the processor, restricting a vehicle from operating in an autonomous driving mode.2. The method of claim 1 , further comprising:when the operation constraint is triggered, via the processor, providing a notification configured to inform a vehicle occupant the vehicle is restricted from operating in the autonomous driving mode.3. The method of claim 1 , further comprising:when the operation constraint remains untriggered, via the processor, allowing the vehicle to operate in both the autonomous driving mode and manual driving mode.4. The method of claim 1 , further comprising:based on the vehicle-occupant credential, via the processor, receiving a vehicle-operation permission; anddetermining, via the processor, whether the vehicle-operation permission triggers the operation constraint.5. The method of claim 4 , wherein the vehicle-occupant credential comprises a virtual vehicle key and identity information.6. The method of claim 4 , wherein the vehicle-operation permission is received from a remote entity.7. The method of claim 1 , wherein the vehicle-occupant credential is received from a mobile computing device.8. A system to restrict vehicle ...

User movement and behavioral tracking for security and suspicious activities

A security platform architecture is described herein. A user identity platform architecture which uses a multitude of biometric analytics to create an identity token unique to an individual human. This token is derived on biometric factors like human behaviors, motion analytics, human physical characteristics like facial patterns, voice recognition prints, usage of device patterns, user location actions and other human behaviors which can derive a token or be used as a dynamic password identifying the unique individual with high calculated confidence. Because of the dynamic nature and the many different factors, this method is extremely difficult to spoof or hack by malicious actors or malware software.

MULTIDEVICE USER AUTHENTICATION IN GROUP-BASED COMMUNICATION SYSTEMS

Method, apparatus and computer program product for multi-device user authentication are described herein. For example, the apparatus includes at least one processor and at least one non-transitory memory including program code. The at least one non-transitory memory and the program code are configured to, with the at least one processor, identify, on a first computing device, a first active interface session associated with one or more active authentication conditions each configured to enable access to a group-based communication interface of a group-based communication system; cause a first computing device to present an authentication command interface for the first active interface session; receive an interface session request from a second computing device indicating electronic communication by the second computing device with the authentication command interface; and cause the second computing device to execute limited user authentication routines each configured to enable a respective active authentication condition on the second computing device. 1. (canceled)2. A computer-implemented method for multi-device user authentication for one or more group-based communication interfaces of a group-based communication system , the computer-implemented method comprising:causing a first computing device to present an authentication command interface for a first active interface session of the first computing device, the first active interface session associated with one or more active authentication conditions, wherein each active authentication condition enables access to a respective group-based communication interface of the group-based communication system, and wherein the authentication command interface is associated with an aggregate authentication token;receiving an interface session request from a second computing device indicating receipt by the second computing device of the aggregate authentication token;determining if the request satisfies at least one ...

NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM, COMMUNICATION MANAGEMENT METHOD, AND COMMUNICATION MANAGEMENT DEVICE

A non-transitory computer-readable recoding medium having stored therein a communication management program that causes a communication management device to execute a process. The process includes authenticating a terminal in response to an authentication request from the terminal, receiving a communication content destined to a communication target system, the communication target system sharing access-authentication information with the communication management device, adding a first information with the communication content, the first information corresponding to a result of the authentication request, detecting whether the communication content includes a second information that is identified by the communication target system as information added by the communication management device, deleting the second information when the second information is detected in the communication content; and transmitting the communication content to the communication target system. 1. A non-transitory computer-readable recoding medium having stored therein a communication management program that causes a communication management device to execute a process comprising:authenticating a terminal in response to an authentication request from the terminal;receiving a communication content destined to a communication target system, the communication target system sharing access-authentication information with the communication management device;adding a first information with the communication content, the first information corresponding to a result of the authentication request;detecting whether the communication content includes a second information that is identified by the communication target system as information added by the communication management device;deleting the second information when the second information is detected in the communication content; andtransmitting the communication content to the communication target system.2. The non-transitory computer-readable ...

Systems and Methods for Facilitating User Authentications in Network Transactions

Systems and methods are provided for use in facilitating user authentication in connection with network transactions. One exemplary method includes detecting a transaction involving an account and a merchant, where the account is provided by a first issuer to a user and is associated with a region of the user, and identifying, by a computing device, a region of the merchant involved in the transaction. The method also includes appending, by the computing device, the region to a region list, when the identified region is different from the region of the payment account, and transmitting a region indicator for the user to a second issuer of a different account associated with the user, whereby the second issuer is permitted to rely on inclusion of the region of the merchant in the region list to approve a further transaction by the user involving the second issuer. 1. A method for use in facilitating user authentication in connection with a network transaction , the method comprising:detecting a transaction involving an account and a merchant, the account provided by a first issuer to a user and associated with a region of the user;identifying, by a computing device, a region of the merchant involved in the transaction;appending, by the computing device, the region to a region list data structure for the consumer, when the identified region of the merchant involved in the transaction is different from the region of the payment account; andtransmitting a region indicator for the user to a second issuer of a different account associated with the user, whereby the second issuer is permitted to rely on inclusion of the region of the merchant in the region list data structure to approve a further transaction by the user involving the second issuer.2. The method of claim 1 , wherein detecting the transaction includes detecting the transaction based on the first issuer claim 1 , when the first issuer is registered to receive region indicators.3. The method of claim 1 , ...

COMMUNICATION DEVICE AND TERMINAL DEVICE

A communication device may supply connection information to a first wireless interface so as to store the connection information in an interface memory, establish a wireless connection via a second wireless interface with a terminal device by using the connection information after the connection information has been sent to the terminal device, execute a first authentication using first authentication information in a case where the first authentication information is received from the terminal device, send a first registration instruction to the terminal device by using the wireless connection via the second wireless interface in a case where the first authentication is successful, and execute a second authentication using the first authentication information in a case where the first authentication information which has been registered in the terminal device is received from the terminal device after the first registration instruction has been sent to the terminal device. 1. A communication device comprising:a first wireless interface comprising an interface memory;a second wireless interface different from the first wireless interface, wherein a distance with which a wireless communication can be performed via the second wireless interface is longer than a distance with which a wireless communication can be performed via the first wireless interface;a processor; anda memory storing computer-readable instructions therein, the computer-readable instructions, when executed by the processor, causing the communication device to:supply connection information to the first wireless interface so as to store the connection information in the interface memory, the connection information being for establishing a wireless connection via the second wireless interface, wherein the first wireless interface is configured to send the connection information in the interface memory to a terminal device by using a communication session in a case where the communication session with ...

ENABLING ACCESS TO DATA

Systems, methods and apparatus for enabling access to secure data. A first module is arranged to generate a limited use passcode and make the passcode available to a user. A second module and a third module are arranged to communicate whereby to enable detection of the third module being in proximity to the second module. A fourth module is arranged to receive a passcode via user input. The apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module. 1. An apparatus for enabling access to secure data , the apparatus comprising:a first module arranged to generate a limited use passcode and make the passcode available to a user;a second module and a third module arranged to communicate whereby to enable detection of the third module being in proximity to the second module; anda fourth module arranged to receive a passcode via user input;wherein the apparatus is arranged to enable access to secure data in dependence on the fourth module receiving a valid passcode generated by the first module and the third module being in proximity to the second module.2. The apparatus of claim 1 , wherein:the third and fourth modules are communicatively connected, and the fourth module is arranged to provide data indicative of the passcode received via user input to the third module;the third module is arranged to transfer data indicative of the passcode to the second module;the first and second modules are communicatively connected; andthe apparatus is arranged to determine whether the generated passcode made available to the user by the first module was received via user input at the fourth module.3. The apparatus of claim 1 , wherein the first claim 1 , second claim 1 , third and fourth modules share a secret which has been uniquely assigned thereto for use in determining whether the third module is in proximity to the second module and ...

One time credentials for secure automated bluetooth pairing

Various communication devices may benefit from one time credentials applied in secure automated pairing to improve the security of pairing. For example, certain unattended communication devices capable of implementing mechanisms used for Bluetooth pairing to authenticate with each other may benefit from one time credentials applied in secure automated Bluetooth pairing. A method may include initiating Bluetooth pairing from a first device to a second device. The method may also include querying the second device for a sequence value before pairing is initiated. The method may further include computing a personal identification number/passkey of the first device for the pairing with an arbitrary algorithm. The method may also include pairing, with the personal identification number/passkey, the first device with the second device. The personal identification number/passkey can be determined based on at least one arbitrary shared secret between the first device and the second device, and the sequence value.

A METHOD FOR AUTHENTICATING A USER WHEN LOGGING IN AT AN ONLINE SERVICE

Provided is a method for authenticating a user when logging in at an online service, where the online service is provided by a server arrangement and the method is based on a communication between the online service and a primary device and between the online service and a secondary device. The method comprising the following steps: a user identification specified by the user at the secondary device and not including any credential is received by the online service; an authentication request is transmitted by the online service to the primary device where the primary device is associated with the user identification; an authentication response comprising at least one credential is transmitted by the primary device to the online service, where the at least one credential originates from a storage in the primary device and is only transmitted through the authentication response upon a successful local authentication of the user at the primary device. 2. The method of claim 1 , wherein the at least one credential comprises a password and/or a PIN and/or biometric data.3. The method according to claim 1 , wherein the local authentication verifies at least one second credential specified by the user at the primary device claim 1 , where the at least one second credential preferably comprises a password and/or a PIN and/or biometric data.4. The method according to claim 1 , wherein in step a) the information that the primary device is to be used for authenticating the user is transmitted by the secondary device to the online service.5. The method according to claim 1 , wherein the authentication request transmitted in step b) by the online service includes an identification of the secondary device where the method is terminated if the secondary device with this identification is not registered for a user login at the online service.6. (canceled)7. The method according to claim 1 , wherein the authentication response transmitted in step c) by the primary device further ...

ELECTRONIC ACCOUNT RECOVERY THROUGH ACCOUNT CONNECTIONS

A method for managing account data and handling account recovery requests are disclosed. The method comprises a multi-level identity verification process, including a first level where a specific computing device requesting recovery of an electronic account is requested to identify a trusted contact for the electronic account and a second level where the specific computing device is requested to provide a dynamically generated security code that has been communicated to a trusted contact identified by the specific computing device. 1. A method comprising:receiving, from a first computing device, over a computer network, identification data that indicates one or more electronic accounts, in an online network, related to a first electronic account of the first computing device;storing the identification data in association with the first electronic account;after storing the identification data, receiving a first request from a second computing device to recover the first electronic account;in response to receiving the first request, causing a first plurality of items to be displayed by the second computing device;receiving, from the second computing device, a selection of a particular item of the first plurality of items;after determining that the particular item corresponds to a particular electronic account of the one or more electronic accounts, causing first verification data to be transmitted to a third computing device of the particular electronic account;after causing the first verification data to be transmitted to the third computing device of the particular electronic account, receiving second verification data from the second computing device;in response to determining that the second verification data matches the first verification data, allowing the second computing device to access the first electronic account,wherein the method is performed by one or more computing devices.2. The method of claim 1 , the identification data including a classification of ...

MOBILE PHONE ATM PROCESSING METHODS AND SYSTEMS

Embodiments provide systems, methods, processes, computer program code and means for using mobile devices to conduct transactions with ATM devices. 1. A system comprising: receiving a request from a mobile device, for conducting a transaction at a value dispensing device;', 'subsequent to receiving the request for conducting the transaction, receiving a code information associated with the value dispensing device;', 'identifying the value dispensing device from a network of value dispensing devices based on determining that the value dispensing device corresponds to the received code information; and', 'in response to the identifying the value dispensing device from the network of value dispensing devices, executing instructions to cause the transaction to be processed by the value dispensing device., 'one or more processors, one or more computer-readable memories, with program instructions stored on the one or more computer-readable memories, the one or more processors configured to execute the program instructions to cause the system to perform the operations comprising2. The system of claim 1 , wherein the code information is received from the mobile device.3. The system of claim 1 , the operations further comprising:determining the transaction from a plurality of transactions based analyzing the received code information and determining that the transaction corresponds to the received code information.4. The system of claim 1 , the operations further comprising:authenticating a user of the mobile device based on authentication information received from the mobile device.5. The system of claim 4 , wherein the authentication information received from the mobile device includes one or more attributes of the mobile device.6. The system of claim 5 , wherein the authenticating the user of the mobile device further comprises comparing the received one or more attributes of the mobile device to one or more stored attributes.7. The system of claim 1 , wherein the value ...

User authentication system and method

A computer-implemented method and system are provided for authenticating the identity of a user registered with a computer system. The authentication method comprises generating a multi-dimensional array of elements that are addressable by respective sets of indices, generating a challenge code comprising a linear array of elements for addressing a first set of indices of the array of elements, transmitting the multi-dimensional array of elements and challenge code to at least one computing device associated with the user, receiving a response code from the user, and verifying the user's identity when the received response code matches a derived code obtained by retrieving elements from the multi-dimensional array at locations addressed by elements taken from the challenge code and a personal code stored at the computer system, wherein the personal code comprises a linear array of elements for addressing a different set of indices of the array of elements.

Techniques for call-based user verification

Techniques for call-based user verification are described. In one embodiment, for example, an apparatus may comprise a processor circuit and a storage component. The apparatus may further comprise a session component, an identification (ID) component, a mapping component, and a verification component. The session component may be operative on the processor circuit and configured to receive session data from a client device and store the session data in the storage component. The ID component may be operative on the processor circuit and configured to request ID data from a server, receive ID data from the server, and send the ID data to the client device. The mapping component may be operative on the processor circuit and configured to map the session data with the ID data. The verification component may be operative on the processor circuit and configured to receive a confirmation from the client device, request verification from the server, and upon receiving verification from the server, verify the client device. Other embodiments are described and claimed.

METHODS AND SYSTEMS FOR VALIDATING MOBILE DEVICES OF CUSTOMERS VIA THIRD PARTIES

A method for authenticating a mobile device in real-time. The method includes detecting the mobile device, sending a text message containing a unique uniform resource locator (“URL”) to the mobile device, and detecting an access of the unique URL by the mobile device through a first communication path. In response to detecting the access of the unique URL, requesting and subsequently receiving, by the host system in real-time, a phone number and a subscriber identification ID associated with the mobile device through a second communication path distinct from the first communication path, and a device fingerprint of the mobile device through the first communication path. The method further includes initiating a risk analysis based on the phone number, the subscriber ID, and the device fingerprint and determining an authentication status of the mobile device based on the risk analysis. 1. A method for authenticating a mobile device in real-time , comprising:detecting, by a host system, the mobile device in communication with the host system;sending, by the host system, a text message comprising a unique uniform resource locator (“URL”) to the mobile device;detecting, by the host system, an access of the unique URL by the mobile device through a first communication path; a phone number and a subscriber identification (“ID”) associated with the mobile device through a second communication path distinct from the first communication path, and', 'a device fingerprint of the mobile device through the first communication path to identify the mobile device;, 'in response to detecting the access of the unique URL by the mobile device, requesting, by the host system, in real-time the phone number and the subscriber ID through the second communication path, and', 'the device fingerprint through the first communication path;, 'in response to requesting the phone number, the subscriber ID, and the device fingerprint by the host system, receiving, by the host system, in real- ...

Mobile device authentication in heterogeneous communication networks scenario

A method and device for authenticating a user of a communication device accessing an online service. The online service is accessible over a data network and is provided through a service platform. The communication device is connected to a mobile phone network and to the data network. The communication device includes an interface software application configured to interact with the service platform through the data network for fruition of the online service, and a messaging function configured to send messages through the mobile phone network. A user-side authentication application is provided at the communication device, a provider-side authentication application is provided at the service platform, and an authentication control function is provided in communication relationship with the provider-side authentication application and with the mobile phone network.

MULTI-FACTOR AUTHENTICATION

Security is improved by adding a security heartbeat for and endpoint as a factor in a multi-factor authentication system. The security heartbeat may be used directly as an authentication factor, e.g., where the heartbeat provides a reliable and verifiable indication of identity, or the security heartbeat may be used as a gating input for some other verification method, e.g., where a text message with a temporary security code can only be transmitted to a user when the user's endpoint is providing a secure heartbeat. 1. A computer program product comprising computer-executable code embodied in a non-transitory computer-readable medium that , when executing on an authentication service accessible through a data network , performs the steps of:receiving a heartbeat from an endpoint through a data network, wherein the heartbeat is cryptographically secured by the endpoint to permit verification of a source of the heartbeat with reference to a trusted third party;receiving a request from the endpoint for a token suitable for authenticating a user of the endpoint to a secure service accessible by the endpoint through the data network;evaluating a health status of the endpoint based on the heartbeat;generating the token if the health status of the endpoint is satisfactory; andreturning the token to the endpoint.2. The computer program product of further comprising transmitting information for verifying the token to an access control system used by the endpoint to access the secure service.3. The computer program product of further comprising generating a defective token if the health status of the endpoint is unsatisfactory.4. A method comprising:receiving a heartbeat from an endpoint that is cryptographically secured;receiving a request for authentication data for the endpoint;evaluating a health status of the endpoint based on the heartbeat;generating authentication data if the health status of the endpoint is satisfactory; andtransmitting the authentication data to a ...

Detecting lateral movement by malicious applications

Attempts at lateral movement are detected by monitoring failed login attempts across a number of endpoints in a network. By configuring endpoints across the network to report unsuccessful login attempts and monitoring these login attempts at a central location, patterns of attempts and failures may advantageously be detected and used to identify malicious attempts at lateral movement within the network before any unauthorized lateral movement is achieved.

Auto-user registration and unlocking of a computing device

The subject technology provides for detecting, by a first computing device, a second computing device being within a predetermined distance of the first computing device, the first computing device being in a locked mode. The subject technology receives an access key from the second computing device. Additionally, the subject technology exits, by the first computing device, the locked mode based on the access key from the second computing device.

MULTIDEVICE USER AUTHENTICATION IN GROUP-BASED COMMUNICATION SYSTEMS

Method, apparatus and computer program product for multi-device user authentication are described herein. For example, the apparatus includes at least one processor and at least one non-transitory memory including program code. The at least one non-transitory memory and the program code are configured to, with the at least one processor, identify, on a first computing device, a first active interface session associated with one or more active authentication conditions each configured to enable access to a group-based communication interface of a group-based communication system; cause a first computing device to present an authentication command interface for the first active interface session; receive an interface session request from a second computing device indicating electronic communication by the second computing device with the authentication command interface; and cause the second computing device to execute limited user authentication routines each configured to enable a respective active authentication condition on the second computing device. 1. A computer-implemented method for multi-device user authentication for one or more group-based communication interfaces of a group-based communication system , the computer-implemented method comprising:identifying, on a first computing device, a first active interface session associated with one or more active authentication conditions, wherein each active authentication condition enables access to a respective group-based communication interface of the group-based communication system;causing the first computing device to present an authentication command interface for the first active interface session, wherein: (i) the authentication command interface is associated with an expiration time, (ii) the authentication command interface is associated with an aggregate authentication token; and (iii) the aggregate authentication token is generated using the expiration time;receiving an interface session request from ...

Function Execution Device and Communication Terminal

A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal. 1. A function execution device configured to execute one or more of a plurality of functions in a function execution portion of the function execution device , the function execution device comprising:a first interface configured to perform wireless communication with a communication terminal using a first communication protocol, the first interface configured to transmit network information to the communication terminal;a second interface configured to perform wireless communication over a wireless network with the communication terminal using a second communication protocol, where the wireless network is accessible by the communication terminal using the network information transmitted via the first interface;a processor; and selecting whether the function execution device performs a determination using authentication information transmitted from the communication terminal;', 'receiving, via the second interface, the authentication information from the communication terminal over the wireless network, the authentication information being transmitted by the communication terminal in response to it being selected that the function execution device performs the determination;', 'in a case where it is selected that the function execution device performs the determination and both the function execution device and the communication ...

User identification proofing using a combination of user responses to system turing tests using biometric methods

A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

METHOD FOR PROVIDING AUTOFILL FUNCTION AND ELECTRONIC DEVICE INCLUDING THE SAME

An electronic device and method are disclosed, the method including a communication circuitry, a memory storing an application, a display, and a processor operatively connected with the communication circuitry, the memory, and the display. The processor executes the method, including: receiving a request to execute the application, outputting an information input screen relevant to executing the application on the display based on the request, receiving at least one piece of input information to be entered into the information input screen, from a specific external electronic device via the communication circuitry, and automatically entering the at least one piece of input information into the information input screen. 1. An electronic device , comprising:a communication circuitry;a memory storing an application;a display; anda processor operatively connected with the communication circuitry, the memory, and the display, wherein the memory includes instructions that, when executed, cause the processor to:receive a request to execute the application;output an information input screen relevant to executing the application on the display based on the request;receive at least one piece of input information to be entered into the information input screen, from a specific external electronic device via the communication circuitry; andautomatically enter the at least one piece of input information into the information input screen.2. The electronic device of claim 1 , wherein the information input screen includes an authentication screen that secures access to the application.3. The electronic device of claim 2 , wherein the input information includes authentication information utilized to authenticate a user for access to the application.4. The electronic device of claim 1 , wherein the processor is configured to:access an input information transmission/reception history stored in the memory to identify one or more external electronic devices registered in the input ...

SYSTEMS AND METHODS FOR USING IMAGING TO AUTHENTICATE ONLINE USERS

Systems and methods are disclosed for authenticating an identity of an online user. One method includes receiving from the user, through a first device, a request to access a web page associated with the user's online account; transmitting to the user an image that contains a unique ID and a URL of an authentication server; and receiving from the user, through the first device, an authentication request containing the unique ID. The method also includes receiving from the user, through a second device, a log-in ID associated with the user and the unique ID; and authenticating the identity of the user to grant the user access, through the first device, to the web page associated with the user's online account. 120-. (canceled)21. A method for authenticating an identity of an online user , the method including:receiving registration data of an online user, wherein the registration data is used to access a web page associated with the online user;receiving, from a registration device, a request to access the web page associated with the online user;transmitting, by an authentication server, in response to the request to access the web page from the registration device, an image that contains a unique identifier (“ID”);receiving, at the authentication server from the online user through a first device, an authentication request containing a digital certificate, the unique ID and a log-in identifier (“ID”);authenticating, by the authentication server, the first device of the online user based on the digital certificate, the unique ID and log-in ID;transmitting the web page associated with the online user to the first user device when the first user device is authenticated, the requested web page including an access number and a unique authentication code associated with the registration data of the online user;receiving, at a voice recognition server associated with the access number, the unique authentication code associated with the registration data of the online user ...

METHODS AND SYSTEMS FOR VALIDATING MOBILE DEVICES OF CUSTOMERS VIA THIRD PARTIES

A method for authenticating a mobile device in real-time. The method includes detecting the mobile device, sending a text message containing a unique uniform resource locator (“URL”) to the mobile device, and detecting an access of the unique URL by the mobile device through a first communication path. In response to detecting the access of the unique URL, requesting and subsequently receiving, by the host system in real-time, a phone number and a subscriber identification ID associated with the mobile device through a second communication path distinct from the first communication path, and a device fingerprint of the mobile device through the first communication path. The method further includes initiating a risk analysis based on the phone number, the subscriber ID, and the device fingerprint and determining an authentication status of the mobile device based on the risk analysis. 1. A method for authenticating a user device comprising:sending, by a host system, a message comprising a uniform resource locator (“URL”) to the user device;receiving, by the host system, an indication that the user device has accessed the URL through a first communication path; a device fingerprint of the user device through the first communication path; and', 'a device identification (“ID”) associated with the user device;, 'in response to receiving the indication, requesting and receiving, by the host system the risk analysis comprises comparing the device ID and the device fingerprint with a stored device ID and a stored device fingerprint, respectively; and', 'the stored device fingerprint is a previous device fingerprint obtained from a previous communication with the user device; and, 'initiating, by the host system, a risk analysis, whereindetermining, by the host system, an authentication status of the user device based on the risk analysis.2. The method of claim 1 , wherein:the first communication path comprises a cellular network.3. The method of claim 1 , further comprising ...

System and method for enhanced security and management mechanisms for enterprise administrators in a cloud-based environment

A cloud-based platform (e.g., cloud-based collaboration and/or storage platform/service) is described that provides administrators with better visibility into content and activity across an enterprise account via advanced search tools and activity reports. Administrator tools are also provided that allow for actively managing content and passively monitoring content with real-time alerts sent to the administrator if usage of the cloud-based platform changes within the enterprise account. A reporting API is also supported by the cloud-based platform to permit the platform's activity logs to be retrieved by a third-party platform. Additionally, administrators are provided with the option to select two-step login verification of enterprise account users.

Function Execution Device and Communication Terminal

A system and method for providing an authentication state of a function execution device to a communication terminal is described. In some examples, the authentication state indicates whether authentication information is needed from the communication terminal before the communication terminal can request performance of one or more functions performable by the function execution device. In other examples, the communication terminal may provide to the communication terminal the authentication information irrespective of whether the function execution terminal has previously provided its authentication state to the communication terminal. 1. A function execution device comprising:a function execution portion configured to execute one or more of a plurality of functions, the function execution device including authentication state information;an NFC-compatible interface configured to perform wireless communication with a communication terminal using an NFC-compatible communication protocol, the NFC-compatible interface configured to transmit network information and the authentication state information to the communication terminal;a Wi-Fi-compatible interface configured to perform wireless communication over a Wi-Fi-compatible network with the communication terminal using a Wi-Fi-compatible communication protocol, where the Wi-Fi-compatible network is accessible by the communication terminal using the network information communicated via the NFC-compatible interface;a processor; and receiving, via the Wi-Fi-compatible interface, authentication information from the communication terminal over the Wi-Fi-compatible network when both the function execution device and the communication terminal are joined to the Wi-Fi-compatible network;', 'transmitting the authentication information to another device;', 'receiving confirmation that the communication terminal is authorized; and', 'controlling the function execution portion to execute a function of the one or more of the ...

WIRELESS MULTI-FACTOR AUTHENTICATION BASED ON PROXIMITY OF A REGISTERED MOBILE DEVICE TO A PROTECTED COMPUTING DEVICE AT ISSUE

Systems and methods for a passive wireless multi-factor authentication approach are provided. According to one embodiment, a user authentication request is received by a first computing device connected to a private network. The user authentication request is sent by an endpoint protection suite running on the first computing device to an authentication device associated with the private network. A proximity of a second computing device, which was previously registered with the authentication device to be used as a factor of a multi-factor authentication process involving the first computing device, is determined by the authentication device in relation to one or more wireless access points of a wireless network of the private network. The user authentication request is then processed by the authentication device based on the proximity. 1. A method comprising:receiving, by a first computing device connected to a private network, a user authentication request;sending, by an endpoint protection suite running on the first computing device, the user authentication request, to an authentication device associated with the private network;determining, by the authentication device, a proximity of a second computing device to one or more wireless access points of a wireless network of the private network, wherein the second computing device has been registered with the authentication device to be used as a factor of a multi-factor authentication process involving the first computing device; andprocessing, by the authentication device, the user authentication request based on the proximity, including, when the proximity is within a preconfigured radius, the authentication device sends an affirmative response to the endpoint protection suite accepting the user authentication request and when the proximity is outside of the preconfigured radius, the authentication device sends a negative response to the endpoint protection suite rejecting the user authentication request.2. The ...

Challenge and Response in Continuous Multifactor Authentication on a Safe Case

Disclosed is an apparatus performing a method including: receiving, by a decision unit coupled to a plurality of sensors at least partially supported by a housing which holds a personal communication device, trait data of a user of the personal communication device and determining whether or not a first authentication score generated based on a first set of trait data and a first set of weights assigned to the first set of trait data is above a pre-determined threshold. In some embodiments, the method includes providing a challenge to the user based on a determination that the first authentication score is below the pre-determined threshold, and gating electronic access to the personal communication device based on whether or not a second authentication score generated based on a second set of trait data and the first set of weights is above the pre-determined threshold. 1. An apparatus comprising:a housing arranged to hold a personal communication device;a plurality of sensors, at least partially supported by the housing, operable to receive trait data of a user of the personal communication device; and determine whether or not a first authentication score generated based on a first set of trait data and a first set of weights assigned to the first set of trait data is above a pre-determined threshold;', 'provide a challenge to the user based on a determination that the first authentication score is below the pre-determined threshold; and', 'gate electronic access to the user of the personal communication device based on whether or not a second authentication score generated based on a second set of trait data and a second set of weights is above the pre-determined threshold, wherein the second set of trait data is obtained from the user and in response to the challenge., 'a decision unit, coupled to the plurality of sensors, operable to2. The apparatus of claim 1 , further comprising a local communication device at least partially supported by the housing and ...

Systems and Methods for Cloud-Based Continuous Multifactor Authentication

Disclosed is an apparatus performing a method including: receiving, from an apparatus including a housing arranged to hold a personal communication device used by a user, a notification indicating a first authentication score of the user is below a first pre-determined threshold, providing a challenge to the personal communication device. In some embodiments, the challenge is selected based on one or more sensor data obtained by at least one of the apparatus or the personal communication device. In some embodiments, the method includes calculating a second authentication score based on a response to the challenge, and causing the apparatus, to gate electronic access to the personal communication device based on whether the second authentication score is above a second pre-determined threshold. 1. A system comprising:an apparatus including a housing arranged to hold a personal communication device;a plurality of sensors, at least partially supported by the housing, operable to receive trait data of a user of the personal communication device; and receive, from the apparatus, a notification indicating a first authentication score of the user is below a first pre-determined threshold;', 'provide a challenge to the personal communication device, wherein the challenge is selected based on one or more sensor data obtained by at least one of the apparatus or the personal communication device;', 'calculate a second authentication score based on the response to the challenge; and', 'causing the apparatus to gate electronic access to resources associated with the personal communication device based on whether the second authentication score is above a second pre-determined threshold., 'a server, in communication with the apparatus, operable to2. The system of claim 1 , wherein the server is further operable to:assign a set of weights to the response, wherein the response includes a set of trait data; andcalculate the second authentication score based on the set of trait data ...

SYSTEM AND METHOD FOR CROSS-CHANNEL AUTHENTICATION

A system may include a memory and processor. The memory may store a user account identifier associated with a user account. The processor may be able to receive at least one user credential and authenticate the user account based at least in part on the at least one user credential. The processor may also receive a first request, from a device associated with the user account, to generate a one-time password and generate the one-time password in response to receiving the first request. The processor may associate the one-time password to the user account and communicate the one-time password to the device associated with the user account. The processor is further able to receive a second request, from a transaction device, the second request comprising an attempted one-time password, determine whether the attempted one-time password is valid and communicate, to the transaction device, an indication that the attempted one-time password is valid in response to determining that the attempted one-time password is valid. 1. An authentication system comprising: 'store a user account identifier associated with a user account; and', 'a memory operable to receive at least one user credential;', 'authenticate the user account based at least in part on the at least one user credential;', 'receive a first request, from a mobile device associated with the user account, to generate a one-time password;', 'generate the one-time password in response to receiving the first request;', 'associate the one-time password to the user account;', 'communicate the one-time password to the mobile device associated with the user account;', 'receive a second request, from a transaction device, the second request comprising an attempted one-time password, wherein the transaction device is different from the mobile device;', 'determine whether the attempted one-time password is valid; and', 'communicate, to the transaction device, an indication that the attempted one-time password is valid in ...

TOKENIZED ACCOUNT INFORMATION WITH INTEGRATED AUTHENTICATION

Techniques are disclosed relating to tokenized account information with integrated authentication. In some embodiments, a shared secret key is used for tokenization and authentication. In some embodiments, a payment device stores an encrypted version of the secret key and decrypts the secret key based on a user-provided password. In some embodiments, the payment device uses the secret key and a moving factor to generate a limited-use password. In some embodiments, the payment device uses the limited-use password to modify a first identifier of an account of the user. In some embodiments, the authentication system retrieves a stored version of the secret key and a copy of the account number using a second identifier. In some embodiments, the authentication system generates the limited-use password based on the stored secret key and a moving factor, de-tokenizes the modified first identifier, and compares the result with the retrieved copy of the account number. 1. An apparatus , comprising:one or more processors; and access first and second identifiers, each of which is individually sufficient to identify the same account of a user initiating a transaction, wherein the second identifier is different than the first identifier;', 'decrypt, using a password, a first instance of a secret key, wherein the first instance of the secret key is encrypted;', 'generate, based on the secret key, a limited-use password;', 'generate a modified first identifier based on the limited-use password and at least a portion of the first identifier;', retrieve, using the second identifier, a second instance of the secret key and a copy of the first identifier;', 'use the second instance of the secret key to reconstruct the first identifier from the modified first identifier; and', 'authenticate the transaction of the user based on a comparison of the reconstructed first identifier to the retrieved copy of the first identifier., 'transmit the modified first identifier and the second ...

System and method for nfc peer-to-peer authentication and secure data transfer

A reader device may generate a first identifier. The reader device may transmit the first identifier to a mobile device. The reader device may receive encrypted data and unencrypted data from the mobile device in which the encrypted data includes a second identifier. The reader device may evaluate whether the first identifier and the second identifier correspond to one another.

Method and system for authentication

An authentication system performing user-centered authentication may include: an authentication service component acting as an authentication procedure of an online service server; and a mobile authentication agent component acting as the authentication procedure of an access terminal which accesses the online service server. Herein, the authentication service component may confirm a mobile authentication agent component corresponding to user information input from the access terminal as basic authentication information, transmit an authentication password value to each of the confirmed mobile authentication agent component and the online service server which the access terminal intends to access, and transmit an authentication success message to the online service server when a password verification value or an authentication agreement value corresponding to the authentication password value is received from the mobile authentication agent component.

METHOD AND SYSTEM FOR CONFIGURABLE DEVICE FINGERPRINTING

Methods and systems for configurable device fingerprinting and/or achieving communications with enhanced security are disclosed herein. In one example embodiment, a method of configurable device fingerprinting includes storing, at a server, first information regarding one or more selected system attributes, and further includes receiving, at the server, a first signal requesting that a first client device be registered and including system information pertaining to the first client device. Also, the method includes extracting, from the system information, relevant portions of the system information corresponding to the one or more selected system attributes, where the server determines a fingerprint of the first client device based at least in part the relevant portions. Additionally, the method includes generating a first identifier pertaining to the first client device at least indirectly in response to the extracting of the relevant portions, and sending the first identifier for receipt by the first client device. 1. A method of configurable device fingerprinting , the method comprising:storing, at a server, first information regarding one or more selected system attributes;receiving, at the server, a first signal requesting that a first client device be registered and including system information pertaining to the first client device;extracting, from the system information, relevant portions of the system information corresponding to the one or more selected system attributes, wherein the server determines a fingerprint of the first client device based at least in part the relevant portions;generating a first identifier pertaining to the first client device at least indirectly in response to the extracting of the relevant portions; andsending the first identifier for receipt by the first client device.2. The method of claim 1 , further comprising:receiving the first information at the server, at least indirectly from a user interface device, and wherein the ...

SUPPORT OF QUALITY OF SERVICE FOR V2X TRANSMISSIONS

The present disclosure relates to a transmitting device for transmitting vehicular data via a sidelink interface to one or more receiving devices. The transmitting device performs autonomous radio resource allocation for transmitting the vehicular data via the sidelink interface. An application layer generates the vehicular data and forwards the vehicular data together with a priority indication and one or more quality of service parameters to a transmission layer responsible for transmission of the vehicular data via the sidelink interface. The transmission layer performs autonomous radio resource allocation based on the received priority indication and the one or more quality of service parameters. The transmission layer transmits the vehicular data via the sidelink interface to the one or more receiving devices according to the performed autonomous radio resource allocation. 1. A communication apparatus comprising: obtains one or more quality of service configurations provisioned in the communication apparatus;', 'forwards vehicular data together with a priority indication from an application layer to a transmission layer;', 'determines, in the transmission layer, one of the one or more quality of service configurations depending on the priority indication forwarded from the application layer; and', 'performs autonomous radio resource allocation for transmitting the vehicular data via a sidelink interface based on the determined one quality of service configuration, and, 'circuitry, which, in operation,'}a transmitter, which is coupled to the circuitry and which, in operation, transmits the vehicular data via the sidelink interface to one or more receiving apparatuses according to the autonomous radio resource allocation,wherein, in case different sidelink logical channels are multiplexed in one transport block (TB) to transmit the vehicular data, transmission of the TB via the sidelink interface is performed based on a sidelink logical channel associated with a ...

Transaction Authentication

A biometric token is generated for a user and provided to a user-operated device. A pre-staged transaction is defined by a user and the user supplies the token for association with the pre-staged transaction. Subsequently, a user visits a transaction terminal and a new candidate token is generated from biometric attributes of the user. The candidate token is matched to the token associated with pre-staged transaction to authenticate the user and the pre-staged transaction is processed at the transaction terminal as a completed transaction. 1. (canceled).2. A method , comprising:receiving a selected biometric type from a user;capturing biometric measurements from the user that correspond to the selected biometric type;generating a biometric token from the biometric measurements based on the biometric type;associating the biometric token with a pre-staged transaction defined by the user and a user identifier for the user; andproviding the biometric token and a pre-staged transaction identifier for the pre-staged transaction to the user.3. The method of claim 2 , wherein receiving further includes authenticating the user to an account before receiving the selected biometric type from the user.4. The method of claim 3 , wherein capturing further includes activating one or more biometric-enabled devices of a user-operated device based on the selected biometric type.5. The method of claim 4 , wherein generating further includes obtaining the biometric measurements from one or more biometric-enabled devices of the user-operated device that is a transaction terminal.6. The method of claim 4 , wherein generating further includes obtaining the biometric measurements from the one or more biometric-enabled devices of the user-operated device that is a mobile phone claim 4 , a wearable processing device claim 4 , a desktop computer claim 4 , a laptop computer claim 4 , or a tablet computer.7. The method of further comprising:identifying the user at a transaction terminal; ...

METHOD AND SYSTEM FOR PROACTIVE FRAUDSTER EXPOSURE IN A CUSTOMER SERVICE CHANNEL

A computer-implemented method for analyzing call interactions in an interactions database by a Proactive Fraud Exposure (PFE) engine is provided herein. The computer-implemented method may generate a voiceprint for each call interaction; (ii) use a machine learning technique to group the call interactions into one or more clusters based on respective voiceprints in the voiceprints database; (iii) store the one or more clusters; and (iv) rank and classifying the one or more clusters to yield a list of potential fraudsters. The computer-implemented method may further transmit the list of potential fraudsters to a user to enable the user to review said list of potential fraudsters and to add fraudsters from the list to a watchlist database. 1. A computer-implemented method for analyzing call interactions in an interactions database by a Proactive Fraud Exposure (PFE) engine , the computer-implemented method comprising:(i) generating a voiceprint for each call interaction in an interactions database to be stored in a voiceprints database;(ii) using a machine learning technique to group call interactions in the interaction database into one or more clusters based on respective voiceprints in the voiceprints database,wherein each one of the one or more clusters is associated with a repeating speaker's voice based on the generated voiceprints;(iii) storing the one or more clusters in a clusters database;(iv) ranking and classifying the one or more clusters stored in the clusters database to yield a list of potential fraudsters, andtransmitting the list of potential fraudsters to an application to display to a usersaid list of potential fraudsters via a display unit, thus enabling said user to review said list of potential fraudsters and to add fraudsters from the list to a watchlist database.2. The computer-implemented method of claim 1 , wherein the generating of voiceprints is performed by extracting i-vectors which represents a speaker effect and a channel effect.3. The ...

METHOD FOR SECURING DISCOVERY INFORMATION AND DEVICE THEREFOR

The present invention relates to a method and a system for securing discovery information being transmitted through a direct radio signal in a wireless communication system which supports a device-to-device service, and a device-to-device communication method of a transmission terminal, according to one embodiment of the present invention, can comprise the steps of: synchronizing with a discovery resource cycle number; determining discovery channel logical timing information of a discovery physical channel through which discovery information is to be transmitted; generating security information by using a security key, the determined discovery channel logical timing information and the discovery information to be transmitted; and transmitting the discovery information including the security information through the discovery physical channel. According to one embodiment of the present invention, it is possible to prevent discovery information of a terminal to be wrongly transmitted due to a case where another rogue terminal receives and changes the discovery information of the terminal, or the like. 132-. (canceled)33. A method for transmitting a discovery message by a transmitter in a device-to-device (D2D) communication system , the method comprising:identifying coordinated universal time (UTC) information associated with a discovery slot;generating security information based on the identified UTC information;generating discovery message including the generated security information; andtransmitting the discovery message.34. The method of claim 33 , wherein the generating the security information further comprising:receiving a security key from a server; andgenerating the security information based on the security key and the identified UTC information.35. The method of claim 34 , wherein the discovery message further includes discovery information associated to the security key.36. The method of claim 33 , wherein four least significant bits of the UTC information ...

Method for reading attributes from an id token

The invention relates to a method for reading at least one attribute stored in an ID token, wherein the ID token is assigned to a user, comprising the following steps: authenticating the user with respect to the ID token, authenticating a first computer system with respect to the ID token, after successful authentication of the user and the first computer system with respect to the ID token, read-access by the first computer system to the at least one attribute stored in the ID token for transfer of the at least one attribute to a second computer system.

COMPREHENSIVE AUTHENTICATION AND IDENTITY SYSTEM AND METHOD

A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process. 1. A method performed by a computing system for facilitating secure login to a website , the method comprising:receiving, at a computing system, a request from a website hosted by a different computing system to verify an attempt by a user to login to the website, the login attempt to the website not requiring the use of a password by the user, wherein the received request from the website includes information identifying the user but excludes any password associated with the user;determining, at the computing system, a telephone number associated with the user based on the received identifying information;transmitting a verification message to a mobile communication device of the user using the telephone number, the verification message requesting the user to perform a verification action;receiving an indication of an action by the user in response to the verification message;determining whether the action performed by the user satisfies the verification action requested by ...

MOBILE PHONE ATM PROCESSING METHODS AND SYSTEMS

Embodiments provide systems, methods, processes, computer program code and means for using mobile devices to conduct transactions with ATM devices. 1. A automated teller machine (ATM) transaction system comprising:a database storing data associated with transactions;a non-transitory memory; and receiving, from a mobile device, instructions for conducting an automated teller machine (ATM) transaction prior to the mobile device being located proximate any ATM;', 'storing the instructions for conducting the ATM transaction;', 'receiving, from the mobile device subsequent to storing the instructions for conducting the ATM transaction, an ATM code that was displayed by an ATM and captured and sent by the mobile device upon the mobile device being located proximate the ATM; and', 'executing the instructions for conducting the ATM transaction to process the transaction at the ATM in response to receiving the ATM code., 'one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising2. The ATM transaction system of claim 1 , wherein the operations further comprise:dynamically generating the ATM code for the ATM transaction such that the ATM code uniquely identifies the ATM transaction.3. The ATM transaction system of claim 1 , wherein the operations further comprise:generating the ATM code based on one or more of a time stamp, a location of the ATM, and a transaction amount.4. The ATM transaction system of claim 1 , wherein the operations further comprise:generating information identifying a set of transaction options available to a user of the mobile device and a request for selection of at least one of the transaction options; andtransmitting, to the mobile device, the information identifying the set of transaction options and/or the request for selection of at least one of the transaction options.5. The ATM transaction system of claim 4 , wherein ...

METHOD FOR SECURING DISCOVERY INFORMATION AND DEVICE THEREFOR

The present invention relates to a method and a system for securing discovery information being transmitted through a direct radio signal in a wireless communication system which supports a device-to-device service, and a device-to-device communication method of a transmission terminal, according to one embodiment of the present invention, can comprise: synchronizing with a discovery resource cycle number; determining discovery channel logical timing information of a discovery physical channel through which discovery information is to be transmitted; generating security information by using a security key, the determined discovery channel logical timing information and the discovery information to be transmitted; and transmitting the discovery information including the security information through the discovery physical channel According to one embodiment of the present invention, it is possible to prevent discovery information of a terminal to be wrongly transmitted due to a case where another rogue terminal receives and changes the discovery information of the terminal, or the like. 1. A method for transmitting a discovery message of a transmitter in a device-to-device (D2D) communication system , the method comprising:receiving a D2D application code and a security key;identifying coordinated universal time (UTC) information associated with a discovery slot in which the discovery message is transmitted;generating the discovery message including the D2D application code and security information calculated based on the identified UTC information and the security key; andtransmitting the discovery message,wherein the security key is associated with the D2D application code.2. The method of claim 1 , further comprising:requesting the D2D application code to a server.3. The method of claim 1 , wherein the UTC information is identified based on time information provided by network.4. The method of claim 1 , wherein four least significant bits of the UTC information are ...

Vehicle data protection

A vehicle includes one or more controllers, programmed to responsive to detecting a mismatch between a biometric information of a user collected via a biometric sensor and a biometric record, send a lockup signal to a mobile device enrolled with the vehicle to lock an application; and responsive to successfully performing an authentication through an interaction with the application in a lockup mode, send an unlock signal to the mobile device to unlock the application.

CONTROLLING A DEVICE

In accordance with an example aspect of the present invention, there is provided an apparatus comprising at least one receiver configured to receive, via a first channel, a secret value and an identifier of a local node and, via a second channel, a random value, and at least one processing core configured to cause transmission to the local node of a first message comprising a hash value, the hash value being derived based on a set comprising the secret value, the random value, and an instruction. 138-. (canceled)39. An apparatus comprising:at least one receiver configured to receive, via a first channel, a secret value and an identifier of a local node and, via a second channel, a random value, andat least one processing core configured to cause transmission to the local node of a first message comprising a hash value, the hash value being derived based on a set comprising the secret value, the random value, and an instruction.40. The apparatus according to claim 39 , wherein the at least one processing core is configured to derive the hash value.41. The apparatus according to claim 39 , wherein the at least one receiver is further configured to receive claim 39 , over the first channel claim 39 , a pin code claim 39 , and to derive the hash value based further on the pin code.42. The apparatus according to claim 39 , wherein the first channel comprises a Bluetooth channel claim 39 , a Bluetooth low-energy channel claim 39 , a near field communication channel claim 39 , an infra-red channel or a visual pattern recognition channel.43. The apparatus according to claim 39 , wherein the second channel comprises a websocket channel claim 39 , a hypertext transport protocol channel claim 39 , a constrained application protocol channel claim 39 , extensible messaging and presence protocol claim 39 , message queue telemetry transport claim 39 , alljoyn or hypertext transport protocol channel 2.0 channel.44. The apparatus according to claim 39 , wherein the at least one ...

Methods and systems for validating mobile devices of customers via third parties

A method for authenticating a mobile device in real-time. The method includes detecting the mobile device, sending a text message containing a unique uniform resource locator (“URL”) to the mobile device, and detecting an access of the unique URL by the mobile device through a first communication path. In response to detecting the access of the unique URL, requesting and subsequently receiving, by the host system in real-time, a phone number and a subscriber identification ID associated with the mobile device through a second communication path distinct from the first communication path, and a device fingerprint of the mobile device through the first communication path. The method further includes initiating a risk analysis based on the phone number, the subscriber ID, and the device fingerprint and determining an authentication status of the mobile device based on the risk analysis.

MOBILE PHONE ATM PROCESSING METHODS AND SYSTEMS

Embodiments provide systems, methods, processes, computer program code and means for using mobile devices to conduct transactions with ATM devices. 1. (canceled)2. A method comprising:receiving an automated teller machine (ATM) transaction request comprising location data and a device signature from a mobile device;determining, using the location data, that the mobile device is within a predetermined distance to a first ATM;causing a display of the first ATM to display an ATM code based on determining that the mobile device is within the predetermined distance to the first ATM;receiving code data from the mobile device;verifying that the code data is associated with the ATM code;receiving, after verifying that the code data is associated with the ATM code, authentication data from the mobile device;determining that the authentication data is associated with the device signature; andexecuting the ATM transaction request through the first ATM in response to determining that the authentication data is associated with the device signature.3. The method of claim 2 , wherein the device signature comprises data indicating hardware attributes of the mobile device.4. The method of claim 2 , wherein the device signature is a first device signature claim 2 , wherein the authentication data comprises a second device signature claim 2 , and wherein determining that the authentication data is associated with the device signature comprises comparing the first device signature to the second device signature.5. The method of claim 4 , further comprising:receiving, through the ATM, a user input; anddetermining that the user input matches a stored input, wherein the executing the ATM transaction request is in further response to determining that the user input matches the stored input.6. The method of claim 5 , wherein determining that the user input matches the stored input is before determining that the authentication data is associated with the device signature.7. The method of ...

PERSONAL IDENTIFICATION NUMBER DISTRIBUTION DEVICE AND METHOD

The method of distributing a personal identification number to a user of a financial instrument associated with the personal code includes: a step of sending to a user, via a first channel, a request code associated with the financial instrument; a step of receiving the request code via a second channel; a step of matching the request code with one personal code; and a step of sending the matched personal code via a third channel to the user. In particular embodiments, the financial instrument is sent to a user via the first channel together with the corresponding request code. In particular embodiments, the step of matching the request code with one personal code includes a step of checking the user mobile phone number and the method further includes a step of decrypting the personal code using the request code as a decryption key. 1. A method of distributing a card and a PIN for the card to a user of the card , a mobile phone number being associated with the user and the PIN being necessary for using the card , comprising:determining, for the card and for the PIN, a request code and storing, in a server, in a table of records stored on the server, a record comprising the request code, the PIN and the mobile phone number, the request code being specific to the record in the table of records;transmitting the card to the user, and transmitting the request code to the user by a first channel;retrieving, at the server, a request code from a mobile phone number through a second channel different from the first channel;searching, at the server in the table of records, for a record containing the request code;comparing, at the server, the mobile phone number from which the request code has been received to the mobile phone number stored in the same record as the request code; andin the event that the mobile phone number from which the request code has been received and the mobile phone number stored in the same record as the request code are identical, transmitting the ...

Computer-Implemented Method for Mobile Authentication and Corresponding Computer System

In one embodiment of the present invention a computerized method includes receiving at a personal-mobile device a first communication, which includes information for requesting user verification for logging into an account of a user, via a computing device. The account is with a service provided by an application server. The method includes starting a personal-authentication application on the personal-mobile device in response to receiving the first communication, and receiving in the personal-authentication application a user verification for confirming logging into the account. The method includes logging into the account via the computing device based on receipt of the user verification. Embodiments of the present invention provide enhanced security for logging into an account that a user may have with a service by providing that a personal-mobile device, such as a mobile telephone, which is personal to a user, is configured as a security token for login to the account.

Two factor authentication using a one-time password

Methods and systems for online authentication eliminate the common username plus password combination, using instead a novel two-factor authentication that employs a mobile phone number and a one-time, limited life password. The user provides the mobile phone number to a login dialog and receives, from a service provider, the one-time password, e.g., via a text message, at the mobile device to which the phone number belongs. If the user enters the one-time password before it expires, the user is authenticated and logged in. A method for authentication or authorization to a website includes: receiving a phone number from a user via a communication network in response to a login prompt displayed to the user; transmitting a one-time password to the phone number using text messaging; and in response to receiving the one-time password back from the user, authenticating the user for transactions with the website.

Device pairing

Alternative pairing is used to enable communication between devices, but without conventional processes required for pairing. Moreover, multiple wireless bonds may be enabled, where both a device is linked to another device and an account is associated with the device and also a backend server. Once an appropriate bond is established, a streaming app (or partial or lightweight version of an application including a selected subset of application functionality) can be streamed to a device such that the user can enter information that can be transmitted to a paired device over the wireless connection. This can enable the association of the device to be performed with respect to the backend servers of the relevant provider. Such an approach can also establish a mechanism for the user to create an account while downloading the full application, or remainder of the application in some embodiments, in the background.

SYSTEMS AND METHODS FOR USING IMAGING TO AUTHENTICATE ONLINE USERS

Systems and methods are disclosed for authenticating an identity of an online user. One method includes receiving from the user, through a first device, a request to access a web page associated with the user's online account; transmitting to the user an image that contains a unique ID and a URL of an authentication server; and receiving from the user, through the first device, an authentication request containing the unique ID. The method also includes receiving from the user, through a second device, a log-in ID associated with the user and the unique ID; and authenticating the identity of the user to grant the user access, through the first device, to the web page associated with the user's online account. 120-. (canceled)21. A method for authenticating an identity of an online user , the method including:receiving registration data of an online user, wherein the registration data is used to access a web page associated with the online user;receiving, from a registration device, a request to access the web page associated with the online user;transmitting, by an authentication server, in response to the request to access the web page from the registration device, an image that contains a unique identifier (“ID”);receiving, at the authentication server from the online user through a first device, an authentication request containing a digital certificate, the unique ID, and a log-in identifier (“ID”);authenticating, by the authentication server, the first device of the online user based on the digital certificate, the unique ID, and log-in ID;transmitting the web page associated with the online user to the first user device when the first user device is authenticated, the requested web page including an access number and a unique authentication code associated with the registration data of the online user;receiving, at a biometric matching server associated with the access number, the unique authentication code associated with the registration data of the online ...

Disposable Browsers and Authentication Techniques for a Secure Online User Environment

Disclosed herein are systems and methods that allow for secure access to websites and web-based applications and other resources available through the browser. Also described are systems and methods for secure use and retention of user credentials, as well as methods for dynamic authentication of users and integrity checking of service providers in online environments. Thus, described in the present specification are systems and methods for constructing and destroying private, secure, browsing environments (a secure disposable browser), insulating the user from the threats associated with being online for the purposes of providing secure, policy-based interaction with online services. 1. A secure system for enabling access to web content using disposable browsers , the secure system comprising:a memory comprising computer instructions; and establish a secure environment for operating a disposable browser session;', 'initiate the disposable browser session within the secure environment, wherein a disposable browser associated with the disposable browser session is displayable on a client device executing a thin client process and located externally to the secure system;', 'configure the disposable browser session with session-specific data associated with the disposable browser session;', 'receive first data from the client device, the first data being associated with a web content request initiated on the disposable browser displayed on the client device;', 'communicate with a remote server associated with the web content request;', 'execute a web command associated with the web content request;', 'transmit, to the client device, second data associated with the web command or the web content request, wherein the second data comprises image data;', 'receive, from the client device, a user interaction with the image data displayed on the client device;', 'transmit, to the remote server, third data associated with the user interaction with the image data displayed on ...

REGISTRATION PROCESS USING MULTIPLE DEVICES

A server includes a processor, memory, and a communications interface. During a registration process the communications interface receives a phone number associated with a client mobile device, from a client computer system. In response to receiving the phone number, the processor generates a password and associates it with the client computer system. The password is transmitted to the client mobile device using the received phone number, and a password interface is transmitted to the client computer system. The processor waits up to a predetermined amount of time for the password transmitted to the client mobile device to be returned to the server device via the password interface transmitted to the client computer system. In response to the predetermined amount of time expiring without receiving the password, a message allowing the registration process to be completed using the client mobile device is transmitted to the client mobile device. 1. A server device comprising:a processor;memory coupled to the processor;at least one communications interface coupling the processor to a communications network;the communications interface configured to receive, from a client computer system, a phone number associated with a client mobile device, wherein the phone number is received during a registration process; generate a password;', 'associate the password with the client computer system;', 'transmit the password to the client mobile device using the phone number received from the client computer system;', 'transmit a password interface to the client computer system;', 'wait up to a predetermined amount of time for the password transmitted to the client mobile device to be returned to the server device via the password interface transmitted to the client computer system; and', 'in response to the predetermined amount of time expiring without receiving the password via the password interface, transmitting a message to the client mobile device, the message allowing ...

TERMINAL DEVICE, PERSONAL AUTHENTICATION SYSTEM AND PERSONAL AUTHENTICATION METHOD

A technology which is highly safe and furthermore highly convenient in personal authentications via a mobile terminal is provided. A terminal device of the present invention includes: a position determining section that determines a position of the terminal device at predetermined time intervals, and accumulates the position as position information; a movement history generating section that generates a movement history by using the position information accumulated in a predetermined period, and stores the movement history as movement history information; a registration processing section that transmits, for registration, the movement history information to a personal authentication apparatus; and an authentication requesting section that makes an authentication request to the personal authentication apparatus by using the movement history information stored after the transmission by the registration processing section to the personal authentication apparatus 1. A terminal device comprising:a position determining section that determines a position of the terminal device at predetermined time intervals, and accumulates the position as position information;a movement history generating section that generates a movement history by using the position information accumulated in a predetermined period, and stores the movement history as movement history information;a registration processing section that transmits, for registration, the movement history information to a personal authentication apparatus; andan authentication requesting section that makes an authentication request to the personal authentication apparatus by using the movement history information stored after the transmission by the registration processing section to the personal authentication apparatus.2. The terminal device according to claim 1 ,wherein along with the movement history information, the registration processing section transmits, to the personal authentication apparatus, terminal ...

Mobile Security Fob

A computer-implemented method comprising: receiving, from a primary factor authentication device by one or more computer systems, a request to enroll a mobile device as a secondary factor authentication device; and 1. A computer-implemented method of enrolling a mobile device for secondary multifactor authentication , the method comprising:receiving from a primary factor authentication device by one or more computer systems, a request to enroll a mobile device as a secondary factor authentication device;generating by the one or more computers, a pairing instruction for the primary factor authentication device, which pairing instruction includes information that causes the primary factor authentication device to execute a pairing operation with the mobile device;transmitting by the one or more computers, the pairing instruction to the primary factor authentication device; andenrolling by the one or more computer systems the mobile device as a secondary factor authentication device for the primary factor authentication device.2. The method of further comprising:generating, by the one or more computer systems, a key code for enrolling the mobile device as the secondary factor authentication device; andtransmitting the key code to the primary factor authentication device.3. The method of wherein the primary factor authentication device is configured to re-transmit the key code to the mobile device.4. The method of further comprising:receiving by the one or more computers from an authentication system that received the key code from the mobile device, a message specifying validation of the key code.5. The method of wherein the mobile device has a unique device identifier claim 1 , the one or more computers accesses a user profile that is associated with login credentials of a user and the mobile device claim 1 , and enrolling further comprises:receiving, by the one or more computer systems from an authentication system, the unique device identifier of the mobile device; ...

Methods and Systems for Thwarting Side Channel Attacks

A computing device may use machine learning techniques to determine the level, degree, and severity of its vulnerability to side channel attacks. The computing device may intelligently and selectively perform obfuscation operations (e.g., operations to raise the noise floor) to prevent side channel attacks based on the determined level, degree, or severity of its current vulnerability to such attacks. The computing device may also monitor the current level of natural obfuscation produced by the device, determining whether there is sufficient natural obfuscation to prevent a side channel attack during an ongoing critical activity, and perform the obfuscation operation during the ongoing critical activity and in response to determining that there is not sufficient natural obfuscation to adequately protect the computing device against side channel attacks.

IMPROVED SUPPORT OF QUALITY OF SERVICE FOR V2X TRANSMISSIONS

The present disclosure relates to a transmitting device for transmitting vehicular data via a sidelink interface to one or more receiving devices. The transmitting device performs autonomous radio resource allocation for transmitting the vehicular data via the sidelink interface. An application layer generates the vehicular data and forwards the vehicular data together with a priority indication and one or more quality of service parameters to a transmission layer responsible for transmission of the vehicular data via the sidelink interface. The transmission layer performs autonomous radio resource allocation based on the received priority indication and the one or more quality of service parameters. The transmission layer transmits the vehicular data via the sidelink interface to the one or more receiving devices according to the performed autonomous radio resource allocation. 1. An integrated circuit configured to control a process of a communication apparatus , wherein the process comprises:obtaining one or more quality of service configurations provisioned in the communication apparatus;generating vehicular data in an application layer and forwarding the vehicular data together with a priority indication to a transmission layer;determining, in the transmission layer, one of the one or more quality of service configurations depending on the priority indication forwarded from the application layer,performing autonomous radio resource allocation for transmitting the vehicular data via a sidelink interface based on the determined one quality of service configuration; andtransmitting the vehicular data via the sidelink interface to one or more receiving apparatuses according to the autonomous radio resource allocation,wherein, in case different sidelink logical channels are multiplexed in one transport block (TB) to transmit the vehicular data, transmission of the TB via the sidelink interface is performed based on a sidelink logical channel associated with the ...

Device authentication

The present invention relates to a computer network that provides secure authentication. The computer network comprises a server operable to generate a token comprising identification information; a first device to be authenticated, the first device being operable to receive the token; a second device associated with a trusted identifier, the second device being operable to retrieve the token from the first device and associate the token with the trusted identifier to authenticate the first device at the server.

SECURING HEADLESS DEVICES FROM MALICIOUS (RE-)CONFIGURATION

Illustrative embodiments include a headless medical device (S) for performing implementing a medical resource or function (F) in context with a configuration device (D) and an optional host device (H) for locking or unlocking a lock status (L) of the headless medical device respective to action requests relating to the medical resource or function. 1. A device comprising:a first communication interface for communicating with the device;a second communication interface for communicating with the device;a programmable electronic chip; and initially configuring the second communication interface via the first communication interface and then switching a lock status of the device to a locked state; and', controlling, via the second communication interface, the lock status of the device;', 'receiving, via the first communication interface, an action request relating to the second communication interface or to the medical function; and', 'executing the action request conditional upon the lock status controlled via the second communication interface being in an unlocked state., 'after the initial configuration of the second communication interface], 'a non-transitory storage medium storing instructions readable and executable by the programmable electronic chip to operate a medical function, and to perform a communication method including2. The device of wherein:the first communication interface comprises a first radio operating in accord with a first wireless protocol; andthe second communication interface comprises a second radio operating in accord with a second wireless protocol.3. The device of wherein the first radio operates in accord with a Near-Field Communication protocol and the second radio operates with a Bluetooth protocol.4. The device of wherein the first radio and the second radio are two different virtual radios sharing the same physical radio transceiver hardware.5. The device of wherein:one of the first and second communication interfaces comprises a ...

Proximity credential sharing

Techniques are disclosed relating to user authentication. In some embodiments, a first computing device receives, from a second computing device, a request for a user credential to be input into an authentication prompt associated with the second device. The first computing device determines a proximity associated with the second computing device based on a received wireless location beacon and, based on the request and the determined proximity, presents a selection prompt asking a user of the first computing device to select a user credential stored in the first computing device. The first computing device then provides the selected user credential to the second computing device to input into the authentication prompt. In some embodiments, the first computing device receives the wireless location beacon from a remote controller of the second computing device and determines a proximity based on a signal strength associated with the received location beacon.

Multi-factor user authentication for network access

An authentication server associated with a network authenticates a primary user credential responsive to a request from a client device to access the network. The authentication server queries a database server for contact information for obtaining a secondary user credential. The contact information is provided to a third-party authentication server to obtain and authenticate the secondary user credential. In response to both the third-party authentication server obtaining and authenticating the secondary user credential successfully and the authentication server authenticating the primary user credential successfully, the client device is granted access to the network.

Handling Encoded Information

A method comprises a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding the encoded information from the encoded information item, and transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the computing apparatus, and the first server apparatus receiving the first message from the device, establishing the identity of the user of the device, wherein establishing the identity of the user comprises using the first identifier to determine if the user is registered with the first server apparatus in response to establishing the identity of the user, authorising the user to access a service, and providing the service to the user via the computing apparatus using the apparatus identification information item or sending a second message to a second server apparatus, the second message including the apparatus identification information item and indicating that the user is authorised to access the service provided by the second server apparatus, the second server apparatus responding to receipt of the second message by providing the service to the user via the computing apparatus using the apparatus identification information item. 115-. (canceled)16. A method comprising: obtaining a graphical encoded information item which is displayed on a sign proximate to a computing apparatus;', 'decoding the encoded information from the encoded information item; and', 'transmitting a first message to first server apparatus, the first message including the decoded information and a first identifier identifying the device or a user of the device, wherein the decoded information includes an apparatus identification information item for allowing identification of the ...

제 2접속경로를 이용한 사용자인증시스템 및 사용자인증방법

제 2접속경로를 이용한 사용자인증시스템은 전자상거래, 인터넷주식매매, 폰 뱅킹 등의 서비스에 있어서, 제 1접속경로를 통한 사용자가 기설정된 범위를 벗어나는 요구를 요청하면 제 2접속경로를 이용하여 사용자인증을 수행함을 특징으로 한다. 이러한, 제 2접속경로는 전화통신망 및 그 통신시스템으로 구현되는 것이 바람직하다. 또한, 기존의 인증방식과 본 발명에 따른 인증방식을 유기적으로 결합시켜 사용자인증을 수행할 수 있다. 이러한 경우, 기존의 제 1접속경로를 통한 인증은 기설정된 범위내의 사용자요구를 처리하기 위해 시스템에의 단순접속을 허용하는 1차적 인증으로 하고, 본 발명에 따른 제 2접속경로를 통한 인증은 사용자가 기설정된 범위를 벗어나는 중요정보에 대한 접근 또는 갱신을 허용하기 위한 최종적인 사용자인증으로 적용되는 것이 바람직하다. 본 발명에 따른 사용자인증시스템은 월등하게 향상된 보안효과 및 신뢰성을 제공하게 되어 통신망을 이용한 전자상거래서비스 등의 이용에 있어서 사용자가 안심하고 신용거래를 할 수 있게 하며, 관련 산업발전을 촉진시키는 효과를 더 제공한다.

Система автоматизированного управления многоуровневым полномочием на приведение в действие электронных и электрических устройств

1. Система автоматизированного управления многоуровневым полномочием на приведение в действие электронных и электрических устройств, содержащая одно или несколько беспроводных или проводных управляемых устройств и одно или несколько отдельных связных и (или) передающих устройств для санкционирующего работу кода и (или) отдельных пользовательских идентификаторов для сообщения этих кодов потребителю или устройству, отличающаяся тем, что разрешение на приведение в действие электронных или электрических устройств, либо управление или доставку санкционирующего кода производят автоматически на основе местоположения уполномоченного пользователя и (или) устройства, либо заранее заданного взаимоотношения между ними, так что уровень безопасности или срабатывания защищаемого устройства можно изменять согласно местоположению и режиму обслуживания, ! так, что географические данные базовых станций в мобильной телефонной сети используют в качестве кода, и пользователь и (или) устройство должны располагаться в пределах заранее заданной базовой станции в мобильной телефонной сети, а уровень полномочия на приведение в действие определяют на основе местоположения различных базовых станций, ! или так, что присутствие пользователя определяют через информацию базовой станции мобильной телефонной сети и беспроводной линии связи ближнего действия, такой как Bluetooth или WLAN, таким образом, что активируют линию связи ближнего действия автоматически, когда пользователь прибывает в пределы определенной базовой станции в мобильной телефонной сети, ! или санкционирующий работу код передают с завода пользователю через у� РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) 2008 151 976 (13) A (51) МПК H04W 4/00 (2009.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ, ПАТЕНТАМ И ТОВАРНЫМ ЗНАКАМ (12) ЗАЯВКА НА ИЗОБРЕТЕНИЕ (71) Заявитель(и): ИННОХОУМ ОЙ (FI) (21), (22) Заявка: 2008151976/09, 06.06.2007 (30) Конвенционный приоритет: 08.06.2006 FI 20065390 (43) Дата публикации заявки: 20.07.2010 Бюл. № 20 (72) ...

Encoded information processing

FIELD: processing of encoded information. SUBSTANCE: technical result is achieved by generating an encoded information element comprising an inspection information element; transmitting an encoded information item to a computing device through a second server; receiving first message from portable device, comprising an encoded information item and a first identifier identifying a portable device user; identifying a computing device based on information decoded from the encoded information item; comparing the decoded version of the verification information element with the reference verification information element to determine whether there is a match; when determining establishment of identification information of user, using a first identifier to determine whether a user of the portable device is registered on the first server; and transmitting to second server second message, containing an indication that the user is authorized to access the service. EFFECT: technical result consists in improvement of personal data protection user. 48 cl, 3 dwg РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (13) 2 742 910 C1 (51) МПК H04L 29/06 (2006.01) G06F 21/34 (2013.01) G06F 21/36 (2013.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ОПИСАНИЕ ИЗОБРЕТЕНИЯ К ПАТЕНТУ (52) СПК G06F 21/34 (2020.02); G06F 21/36 (2020.02); G06F 16/9554 (2020.02) (21)(22) Заявка: 2016151899, 25.11.2011 (24) Дата начала отсчета срока действия патента: (73) Патентообладатель(и): ИНСИГНИЯ АйПи ЛТД (GB) Дата регистрации: 11.02.2021 25.11.2010 GB 1020025.1 Номер и дата приоритета первоначальной заявки, из которой данная заявка выделена: 2013128748 25.11.2010 (45) Опубликовано: 11.02.2021 Бюл. № 5 2 7 4 2 9 1 0 R U (54) ОБРАБОТКА ЗАКОДИРОВАННОЙ ИНФОРМАЦИИ (57) Реферат: Изобретение относится к области обработки информации, декодированной из элемента закодированной информации. Технический закодированной информации; сравнения результат заключается в повышении защиты декодированного варианта элемента ...

Handling encoded information

FIELD: data processing; cryptography. SUBSTANCE: invention relates to processing of encoded information. Method comprises steps of a portable device obtaining a graphical encoded information item which is displayed on a display of a computing apparatus, decoding encoded information from encoded information item, and transmitting a first message to first server apparatus, first message including decoded information and a first identifier identifying device or a user of device, wherein decoded information includes an apparatus identification information item for allowing identification of computing apparatus, and first server apparatus receiving first message from device, establishing identity of user of device, wherein establishing identity of user comprises using first identifier to determine if user is registered with first server apparatus in response to establishing identity of user, authorising user to access a service, and providing service to user via computing apparatus using apparatus identification information item or sending a second message to a second server apparatus, second message including apparatus identification information item and indicating that user is authorised to access service provided by second server apparatus, second server apparatus responding to receipt of second message by providing service to user via computing apparatus using apparatus identification information item. EFFECT: efficient protection of personal user data. 42 cl, 3 dwg РОССИЙСКАЯ ФЕДЕРАЦИЯ (19) RU (11) (13) 2 608 002 C2 (51) МПК H04L 29/06 (2006.01) G06F 21/34 (2013.01) ФЕДЕРАЛЬНАЯ СЛУЖБА ПО ИНТЕЛЛЕКТУАЛЬНОЙ СОБСТВЕННОСТИ (12) ФОРМУЛА (21)(22) Заявка: ИЗОБРЕТЕНИЯ К ПАТЕНТУ РОССИЙСКОЙ ФЕДЕРАЦИИ 2013128748, 25.11.2011 (24) Дата начала отсчета срока действия патента: 25.11.2011 (72) Автор(ы): ХАРРИС Ричард Х (GB) (73) Патентообладатель(и): ИНСИГНИЯ АйПи ЛТД (GB) Дата регистрации: (56) Список документов, цитированных в отчете о поиске: US 2009/0241175 A1, 24.09.2009. EP ...

Method for communication between vehicles

A method for the communication of vehicles including receiving a first message from a first vehicle by a second vehicle via vehicle-to-vehicle communication and/or vehicle-to-infrastructure communication and allocating the first message to the first vehicle based on the content of the first message by the second vehicle The method includes sending a second message from the second vehicle to the first vehicle via a separate communication channel by using information from the first message. Also disclosed is a method for vehicles to exchange data unrelated to traffic with one another.