488 results about "Access key" patented technology

Methods and systems are provided for secure online data access. In one embodiment, three levels of security are provided where user master passwords are not required at a server. A user device may register with a storage service and receive a user device key that is stored on the device and at the service. The user device key may be used to authenticate the user device with the storage service. As data in the storage service is encrypted with a master password, the data may be protected from disclosure. As a user master key or derivative thereof is not used in authentication, the data may be protected from a disclosure or breach of the authentication credentials. Encryption and decryption may thus be performed on the user device with a user master key that may not be disclosed externally from the user device.

In a mobile communication system, a method and system for obtaining location-dependent services information by using a mobile station. An information beacon containing services information pertaining to the location of the beacon is disposed in an environment. The beacon is capable of communicating with the mobile station when the mobile station is located within the operating range of the beacon. The mobile station includes a services access key which, when selected while the mobile station is within the operating range of the beacon, will transmit a query to the beacon requesting location-based services. In response to the query, location-based services information will be transmitted to the mobile station.

Methods and apparatus for disseminating over the Internet product information produced and maintained by product manufacturers using existing universal product codes (bar codes) as access keys. A cross-referencing resource preferably implemented by the existing Internet Domain Name System (DNS) receives Internet request messages containing all or part of a universal product code value and returns the Internet address at which data or services relating to the identified product, or to the manufacturer of that product, may be obtained. By using preferred Web data storage formats and protocol which conform to XML, XLS, XLink, Xpointer, RDF and Web service standards specifications, product and company information may be seamlessly identified, retrieved and integrated with information from other sources. A “web register” module can be employed to provide an Internet interface between a shared sales Internet server and an otherwise conventional inventory control system, and operates in conjunction with the cross-referencing server to provide detailed product information to Internet shoppers who may purchase goods from existing stores via the Internet.

This is a method to carry out safe transactions using programmable mobile telephones. The use of programmable handsets—for example with Java technology—, to which an application is downloaded (e.g. Java application) allows people to carry out safe transactions. The application allows the buyer / seller to carry out the transaction, including the verification, with just one connection. The data that was sent is then encrypted and transmitted via GPRS or any other data transmission protocol, to a transactions server, where the transactions are verified and authorised. The security of the process is provided mainly by the use of up to five non related identification elements, including an access key unique for each user, stored in the mobile handset.

A system, apparatus, and method are directed towards generating chains of encrypted decryption keys for content in a highly distributed environment. In one embodiment, the key chain may be provided within an Entitlement Control Message (ECM). An access key that enables decryption of a current link within the chain of decryption keys may be provided to a downstream recipient using an out-of-band mechanism. Alternatively, the access key may be provided through an in-band mechanism, such as through the use of Entitlement Management Message (EMM), or the like. In one embodiment, the access key within the EMM may be further encrypted by another encryption key that may be unique to the downstream recipient.

A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.

Methods are provided for communicating with and regulating access to a storage system contained within a file system. Storage access keys are used to communicate to the file system changes in location of data stored in the storage system. Fence keys are used to regulate access to the storage system.

Apparatus and method for provisioning an access key used for a controlled access broadcast service is disclosed. In one aspect, a method for secure processing in a device that securely stores a secret key comprises receiving a plurality of challenges from a network, generating a plurality of ciphering keys based on the secret key and the plurality of challenges, and generating an access key based on the plurality of ciphering keys.

A system to manage and control usage rights for cryptographic keys. A kernel process is provided with secure and exclusive authorization to access certain keys in a key hierarchy. Special authorization is required for other processes or users to access keys used by the kernel. A persistent storage area is used to hold a Kernel Authorization Data field for the root key and / or other keys used by the kernel or other specialized processes. The authorization data, and the keys it protects, can be used to protect other portions of, or the entire, key structure. The persistent storage area is reserved in a TPM or similar security hardware.

The present invention relates to a method for operating a network comprising communicating devices representing nodes of the network. More precisely, the invention relates to a method for operating a network (1), comprising a node (D1) and a system management device (3), the system management device comprising a root keying material being a set of alpha-secure functions having a degree of complexity of, and the node being provided with a node keying material share of degree of complexity α derived from the root keying material. The method comprises the following steps, upon receipt at the system management device of a request for an external user (4) to gain access to the node (D1): the system management device generates an external user keying material share of degree of complexityα from the root keying material and an access identifier, the system management device generates an access keying material of degree of complexity less than α, from the external user keying material share and an identifier of the node, the system management device provides the external user with the access keying material share and the access identifier, the external user derives a key from the access keying material share, and transmitting this key and the access certificate to the node, the node computes a key from the access identifier and the node keying material share, and the node compares the key transmitted by the external user and the key computed by the node, so as to authenticate the external user.

A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.

A method and apparatus for personally controlled sharing of medical image and other health data are disclosed. According to one aspect, the subject matter described herein includes a method for patient mediated access to patient health information maintained by different healthcare facilities and other health record repositories. The methods includes, using a central key server and a plurality of data servers local to healthcare facilities and other health record repositories. At the central key server, a patient controlled registry of access keys that control access to patient health information maintained by different healthcare facilities is provided. The central key server receives, from a data server of a first healthcare facility, a request for an access key that controls access to health information for a patient maintained by a second healthcare facility. In response to the request, the central key server authenticates credentials of the patient and the first healthcare facility, verifies permission from the patient to release the access key to the first healthcare facility, locates the access key for the health information for the patient at the second healthcare facility, and provides the access key to the first healthcare facility. The access key is used by the data server of the first healthcare facility to obtain health information for the patient directly from the data server of the second healthcare facility after successful authentication and verification by the second healthcare facility.