3455results about "Random number generators" patented technology

The administration of protection of data on a client mobile computing device by a server computer system such as within an enterprise network or on a separate mobile computing device is described. Security tools are described that provide different security policies to be enforced based on a location associated with a network environment in which a mobile device is operating. Methods for detecting the location of the mobile device are described. Additionally, the security tools may also provide for enforcing different policies based on security features. Examples of security features include the type of connection, wired or wireless, over which data is being transferred, the operation of anti-virus software, or the type of network adapter card. The different security policies provide enforcement mechanisms that may be tailored based upon the detected location and / or active security features associated with the mobile device. Examples of enforcement mechanisms are adaptive port blocking, file hiding and file encryption.

Random partial shared secret recognition is combined with using more than one communication channel between server-side resources and two logical or physical client-side data processing machines. After a first security tier, a first communication channel is opened to a first data processing machine on the client side. The session proceeds by delivering an authentication challenge, identifying a random subset of an authentication credential, to a second data processing machine on the client side using a second communication channel. Next, the user enters an authentication response in the first data processing machine, based on a random subset of the authentication credential. The authentication response is returned to the server side on the first communication channel for matching. The authentication credential can be a one-session-only credential delivered to the user for one session, or a static credential used many times.

A system and method of determining locations of one or more RFID tags within an RFID environment. The system includes a plurality of RFID readers, each operative to transmit and receive RF signals for scanning a tag disposed within an RF coverage region associated with the reader, and for receiving tag data in response to the scanning of the tag. A plurality of sub-locations is determined within the environment, each corresponding to at least a portion of at least one of a plurality of RF coverage regions associated with the readers. The sub-locations are mapped to a plurality of predefined locations within the environment. A reader scans a tag, and receives tag scan data from the tag in response to the scanning of the tag. The tag scan data includes a tag identifier associated with the scanned tag. The tag scan data is mapped to the sub-locations based on the RF coverage region associated with the reader. The location of the scanned tag is then determined with reference to the predefined locations within the environment, based on the tag identifier included in the tag scan data, the mapping of the tag scan data to the sub-locations, and the mapping of the sub-locations to the predefined locations.

A platform for managing delivery of content originating from one or more content providers to users is provided. The platform includes a portal that is configured to support access through a plurality of access channels configured to receive requests through one or more access channels. A request for content is received from an access device through an access channel. An identity management module is configured to determine a user associated with the message. A content manager is configured to manage content for delivery through the plurality of access channels and configured to determine eligible content for the user. A billing module is configured to process billing for the user and content provider based on the content provided to the user. The content manager is then configured to deliver the requested content to the user's access device through the access channel.

A server receives a message from a sender and transmits the message to a recipient. The server normally transmits the message in a first path to the recipient. When the sender indicates at a particular position in the message that the message is registered, the server transmits the message in a second path to the recipient. The sender can also provide additional indications in the message to have the server handle the message in other special ways not normally provided by the server. After learning from the recipient or the recipient's agent that the message was successfully received, the server creates, and forwards to the sender, an electronic receipt. The receipt includes at least one, and preferably all, of the message and any attachments, a delivery success / failure table listing the receipts, and the receipt times, of the message by the recipient's specific agents, and the failure of other agents of the recipient to receive the message and a an encrypted hash of the message and attachments subsequently. By verifying that the digital signature on the sender's receipt matches the digital receipt at the server, the server can verify, without retaining the message, that the receipt is genuine and that the message is accurate.

A method and system for using an Internet client's local authentication mechanism in systems having updated browser code, so as to enable third party authentication according to an authentication scheme specified by a participating server on clients with updated browser code, while not breaking clients with legacy browser code. A redirect response from a server has authentication data added thereto such that updated browser code can detect the data's presence and enable the use of local security mechanisms for authentication purposes with the server-specified authentication scheme, including local credential entry for verification at a third party login server. At the same time, if such a redirect response is received by prior browser code, the added data is ignored while conventional redirection occurs, such that third party authentication may be performed via redirection to a third party's Internet page that provides a form for credential entry.

An apparatus and method for generating one or more pools or sets of seeds for use in a central determination gaming system. In one embodiment of the present invention, a processor of the apparatus or seed generator randomly generates a predetermined number of random number seeds. After the predetermined number of seeds are generated, the processor simulates the game outcome value that each generated seed ultimately determines. Having simulated a game outcome value for each generated seed, the processor determines if the set of seeds satisfies a required condition or criteria. If the required conditions or criteria are satisfied, the set is complete and ready for use in a central determination gaming system. If the required conditions or criteria are not satisfied, the processor modifies the generated set of seeds until the required conditions or criteria are satisfied.

Systems and methods of authenticating user access based on an access point to a secure data network include a secure data network having a plurality of a network access points serving as entry points for a user to access the secure data network using a user device. The user is associated with a user identity, each network access point with a network access point identity. The user uses a user device to send an access request, requesting access to the secure data network, to the network access point, which then sends an authentication request to an identity server. The identity server processes the authentication request, by validating the combination of the user identity and the network access point identity, and responds with an authentication response, granting or denying access, as communicated to the user device via an access response. The secure data network may comprise an application level secure data network, in which the user uses the user device to request access to a network application. Furthermore, the identity server may validate the combined user identity and network access point identity data in conjunction with time information, access allowance data, and / or traffic volume data.

A random binary signal is generated using a plurality of noise sources, each of which defines events occurring at random intervals, the outputs of the sources being combined in such a way that the events are interspersed in the resultant signal.

The invention includes a method and apparatus for providing secure remote access to enterprise networks. An apparatus includes a network interface module adapted for maintaining a secure network connection with a network device independent of a power state of a host computer associated with the apparatus a storage module for storing information associated with the secure connection, and a processor coupled to the network interface and the memory where the processor is adapted for automatically initiating the secure connection without user interaction.

A user gains access to a private network by connecting to a network, either through a hardwired or wireless connection, and then initiates an Internet access request targeting any website. If the user is not already authorized for Internet access, then the user is sent to a first predetermined website that points the user to an authentication server accessible via the Internet. The authentication server sends the user an HTTP form pages requesting authentication information. When the user responds, a network monitoring device within the private network alters the form page to include the user's hardware address and an encoded ID based on the network's location. The authentication server forwards this data to a gate keeper server, which authenticates the new user and transmits an unblock message along with another encoded ID based on the network's location and the user's hardware address.

A user authentication system capable of maintaining high-level security and of reducing a user's load of operations necessary for login is provided. The user authentication system includes a user terminal, a mobile phone, a password issuing unit, and a service providing unit. When a user accesses the system via the user terminal, the service providing unit encodes connection information of the password issuing unit into a code, and sends the encoded code to the user terminal. The mobile phone decodes the code displayed on the user terminal, and accesses the password issuing unit using the connection information. The password issuing unit generates a one-time password, and sends the one-time password to the service providing unit and also to the mobile phone. The user terminal sends the one-time password displayed on the mobile phone and user identification information to the service providing unit. When the service providing unit determines that the two one-time passwords each sent from the user terminal and the password issuing unit are identical, the service providing unit permits the access of the user via the user terminal.

A method and apparatus for generating random numbers for use in electronic applications is disclosed. A given sequence of random binary numbers of a certain length can be decoded into several random numbers for a specific application. The upper range values of the random numbers to be decoded determine the number of bits required for the generation of the these random numbers. In the decoding process, the given random binary number divides a range value to generate a remainder and a quotient. The quotient becomes the new random binary number for the generation of other random numbers while the remainder is the generated random number. The process then repeats to generate other random numbers. At the end of the generation process, the last quotient determines the validity of the generated random numbers.

One embodiment of the present invention provides a system to facilitate global timeout in a distributed computing environment. The system operates by receiving an access request from a user at an application within the distributed computing environment. The system determines if the distributed computing environment has issued an authentication to a user device through which the user accesses the application and also determines if the authentication has expired because of non-use for a specified period. This authentication is stored within a time-stamped token on the user-device. If the authentication has not been received or has expired, the system redirects the access request to a single sign-on server for the distributed computing environment requiring the user to reauthenticate with the distributed computing environment, otherwise the system grants the user access to the application.