Security systems for protecting assets are described, including password-based security systems that can provide different levels of access responsive to entry of a primary or secondary password. In some versions, user-configurable security rules can provide customized responses to entry of primary
Security systems for protecting assets are described, including password-based security systems that can provide different levels of access responsive to entry of a primary or secondary password. In some versions, user-configurable security rules can provide customized responses to entry of primary or secondary passwords, including feigned or limited access, security alerts, etc. Passwords comprising overt and covert components can be used to provide enhanced security and improved user control over system response. Improved security systems involving transactions between multiple parties are also considered, with options for user-customized security rules including primary and secondary passwords, and reverse challenge and response methods. Systems for Limited Use Credentials are also disclosed to reduce the risk of identity theft.
대표청구항▼
I claim: 1. A security system for controlling the access of a user to an asset, comprising a password-protected access interface and asset access means, the access interface comprising means for receiving user credentials comprising a password, wherein the access interface accepts user credentials
I claim: 1. A security system for controlling the access of a user to an asset, comprising a password-protected access interface and asset access means, the access interface comprising means for receiving user credentials comprising a password, wherein the access interface accepts user credentials in which the password is one of a recognized primary password and one or more recognized secondary passwords, the asset access means being operably associated with the access interface such that when the accepted user credentials comprise the primary password, the asset access means provides access to the asset, and when the accepted user credentials comprise one of the one or more secondary passwords, the asset access means provides relatively limited or feigned access to the asset, and when the user credentials do not comprise one of the primary password and the one or more secondary passwords, the asset access means denies access to the asset, further comprising a server for controlling the access interface, and user-defined security rules stored in memory accessible by the server, the access interface further comprising means for a reverse challenge and response system to allow the user to verify the trustworthiness of the security system prior to accessing the system with the primary or secondary password, wherein the reverse challenge and response system provides the user with a customized confirmation clue according to the user-defined security rules in response to deliberately entering an incorrect password. 2. The system of claim 1, wherein feigned access is provided in response to at least one of the one or more secondary passwords. 3. The system of claim 1, wherein at least one of the primary or secondary passwords comprises a covert password component. 4. The system of claim 3, wherein the covert password component conveys a security input, and wherein the covert component comprises one or more of a keyboard entry, an entered combination on a combination input system, a verbal input, an action with a mechanical object other than a data input device, and a specific body motion. 5. The system of claim 1, wherein the password-protected access interface comprises a sound-based system, and wherein at least wherein at least one of the primary or secondary passwords comprises a covert component associated with one or more sounds made by the user. 6. The system of claim 1, wherein use of the access interface comprises the use of an electrically powered portable device that generates and visibly displays a password that can be recognized by the security system as a component of a primary or secondary password according to user-defined security rules, responsive to an action of the user with the portable device, wherein the portable device comprises an electrical circuit with a switch responsive to the user action that determines the nature of the generated password, such that the user action results in a change to the displayed password, wherein the change transforms the password from a component of a secondary password to a component of a primary password, or transforms the password from a component of a primary password to a component of a secondary password. 7. The system of claim 6, wherein the portable device is a password synchronization device for displaying a password, and wherein the action with the portable device is selected from one of pressing a pressure-sensitive region on the portable device, touching a touch-sensitive region of the portable device, holding the portable device in a particular orientation, modifying the amount of light received by a photosensitive portion of the portable device, and opening or closing a switch associated with the portable device. 8. The system of claim 1, wherein the password-protected access interface is a computer interface, and wherein the asset comprises an electronic account, and wherein at least one of the primary or secondary passwords comprises an overt component and a covert component. 9. The system of claim 8, wherein the covert component is selected from an interaction with the computer interface involving timing of an input, a text entry into a graphical user interface, an action involving a detail of mouse movement with respect to a graphical user interface, contact with a predetermined portion of a contact-sensitive screen, a challenge and response input, and an audible input. 10. The security system of claim 1, wherein the access interface comprises a graphical user interface, and wherein the confirmation clue is visibly displayed on the graphical user interface. 11. The security system of claim 10, wherein the user-defined security rules specify a customized confirmation clue that is responsive to a characteristic of the incorrect password, the characteristic being selected from the length of the incorrect password and the alphanumeric content of at least a portion of the incorrect password. 12. A security system for controlling the access of a user to an asset, comprising a password-protected access interface and asset access means, the access interface comprising means for receiving user credentials comprising a password, wherein the access interface accepts user credentials in which the password is one of a recognized primary password and one or more recognized secondary passwords, the asset access means being operably associated with the access interface such that when the accepted user credentials comprise the primary password, the asset access means provides access to the asset, and when the accepted user credentials comprise one of the one or more secondary passwords, the asset access means provides relatively limited or feigned access to the asset, and when the user credentials do not comprise one of the primary password and the one or more secondary passwords, the asset access means denies access to the asset, wherein the asset comprises a credit card account, for which an authorized account user is provided with at least one credit card comprising a printed verification code thereon, and wherein the access interface comprises a password input request comprising a request for a verification code, wherein the appropriate verification code required as a component of the primary password differs from the printed verification code, and wherein at least one of the one or more secondary passwords comprises a verification code that is identical to the printed verification code on the credit card. 13. The system of claim 1, wherein the asset access interface comprises a CAPTCHA system adapted to receive a covert password component for at least one of the primary password and the one or more secondary passwords via a user action involving the CAPTCHA system, wherein the user action comprises deliberate entry of a CAPTCHA error according to predetermined rules. 14. The security system of claim 12, wherein the appropriate verification code required as a component of the primary password is derived from the printed verification code by application of an algorithm, according to predetermined rules. 15. The security system of claim 14, wherein the application of the algorithm on the printed verification code can be readily conducted mentally by an adult human of average intelligence. 16. The security system of claim 12, further comprising a security rule editing function that allows the owner of an asset to customize predetermined security rules to govern the level of access granted via the password-protected access interface in response to receiving a secondary password after a request for a verification code. 17. The security system of claim 16, wherein the security rule editing function enables the asset owner to specify the nature of access limitation in response to entry of a secondary password comprising the printed verification code, wherein the limitation may be selected from at least one of a reduced monetary limit for transactions with the credit card, a geographical limitation on use of the credit card, a limitation on the type of goods or services that may be obtained in using the credit card, a requirement for additional approval for the transaction from another party, and a temporal limitation on use of the credit card. 18. The security system of claim 12, wherein the appropriate verification code required as a component of the primary password is a variable verification code. 19. The security system of claim 12, wherein the appropriate verification code required as a component of the primary password is a static verification code. 20. A security system for controlling the access of a user to an asset, comprising a password-protected access interface and asset access means, the access interface comprising means for receiving user credentials comprising a password, wherein the access interface accepts user credentials in which the password is one of a recognized primary password and one or more recognized secondary passwords, the asset access means being operably associated with the access interface such that when the accepted user credentials comprise the primary password, the asset access means provides access to the asset, and when the accepted user credentials comprise one of the one or more secondary passwords, the asset access means provides relatively limited or feigned access to the asset, and when the user credentials do not comprise one of the primary password and the one or more secondary passwords, the asset access means denies access to the asset, further comprising a password synchronization system that generates one-time password components for comparison with a component of passwords entered into the access interface, and wherein the primary password is a multi-part password comprising the one-time password component and at least one other component, the one-time password component being different from but having a relationship to a one-time password root provided by a password synchronization device, the relationship being defined by an algorithm according to predetermined rules that modifies the one-time password root to yield the one-time password component, and wherein the access interface is adapted to recognize entry of a password comprising the one-time password root as a possible attempt at unauthorized access to the asset. 21. The system of claim 20, wherein the asset comprises an electronic asset containing sensitive and less sensitive information, and wherein the security system comprises a database with classification information for distinguishing sensitive and less sensitive information, wherein in response to the accepted user credentials comprising the primary password, the system provides access to both the sensitive and less sensitive information, and in response to the accepted user credentials comprising one of the one or more secondary passwords, the system provides access to only the less sensitive information. 22. The security system of claim 20, wherein the password synchronization system comprises a portable electronic device that generates the password root. 23. The security system of claim 22, wherein the user modifies the password root manually to yield the one-time password component. 24. The security system of claim 22, wherein the portable electronic device comprises a card with an embedded electronic circuit adapted to display the one-time password root. 25. The security system of claim 20, further comprising an administrative interface for customizing the predetermined rules. 26. The security system of claim 20, further comprising an administrative interface that enables the asset owner to specify the algorithm and specify the nature of the limited or feigned access to the asset in response to receipt of user credentials comprising one of the one or more secondary passwords. 27. A password-based security system for restricting access to an asset, comprising an asset access interface for receiving a two-part password comprising a one-time password component and a second password component, a password synchronization device for generating a one-time password root, wherein the one-time password component is obtained via operation of an algorithm upon the one-time password root, such that entry of valid user credentials comprising the one-time password component and the second password component is required for full access to the asset, whereas entry of otherwise valid user credentials in which the one-time password root is used instead of the one-time password component results in limited or feigned access to the asset. 28. The system of claim 27, wherein the algorithm can be selected from a plurality of options or modified by a user using an administrative interface for defining rules that control the response of the security system to entered user credentials. 29. The system of claim 27, wherein the operation of the algorithm upon the onetime password root can be readily conducted mentally by an adult human of average intelligence. 30. The system of claim 27, wherein the password synchronization device is a card comprising an embedded electronic circuit for displaying the one-time password root. 31. The system of claim 27, wherein the password synchronization device comprises a digital screen that visibly displays the one-time password root. 32. The system of claim 31, wherein the displayed password root comprises a plurality of alphanumeric characters, and the algorithm involves changing a subset of the alphanumeric characters. 33. An administrative graphical user interface for administering an electronic security system that provides an asset access graphical user interface controlling access to a protected asset through the use of user credentials comprising a primary password, the administrative graphical user interface comprising: a) user authentication means for entry of administrator credentials, wherein entry of valid administrator credentials identifies an authorized administrator of the security system; b) a security rule editing function accessible after entry of valid user credentials by the user authentication means, wherein the security rule editing function provides a display of security rules governing the response of the security system to attempted user access via the asset access graphical user interface and provides means for customizing the security rules, wherein the security rules can be edited to define a response of the security system to an entry in the asset access graphical user interface of one or more of a covert password component required for acceptance of the primary password, the absence of a covert password component required for acceptance of the primary password, and user credentials comprising at least one predetermined secondary password other than the primary password, wherein the administrative graphical interface is provided by a first party and the electronic security system is provided by a second party, the first party and the second party each having an independent relationship with an external authorizing agency, and wherein the user credentials comprise a Limited Use Credential used in place of a sensitive information item that is normally shared by the second party with the authorizing agency, wherein the Limited Use Credential is agreed upon between the first party and the authorizing agency as an acceptable substitute in place of the sensitive information item if provided by the second party, but wherein the Limited Use Credential is not accepted as a valid substitute in place of the sensitive information item if provided by a third party outside the scope of the agreement between the first party and the authorizing agency. 34. The administrative graphical user interface of claim 33, wherein the Limited Use Credential is a Social Security Number. 35. The administrative graphical user interface of claim 33, wherein the authorizing agency is a government agency and the second party is a corporation. 36. The administrative graphical user interface of claim 33, wherein the asset access graphical user interface comprises use of a CAPTCHA system adapted to recognize and accept a predetermined type of deliberate error in a CAPTCHA entry as a component of user credentials providing one of full, limited, and feigned access to the asset, according to predetermined security rules that have been customized via the security rule editing function.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (64)
Scheidt,Edward M.; Domanque,Ersin; Butler,Roger; Tsang,Wai, Access system utilizing multiple factor identification and authentication.
Baird, III, Leemon C.; Harmon, Mance E.; Young, R. Reed; Armstrong, Jr., James E., Apparatus and method for authenticating access to a network resource.
Kapp Michael A. (New Philadelphia) Protheroe Robert L. (Cambridge) Onega Albert (Lore City OH), Apparatus and method for producing a digitized transaction record including an encrypted signature.
Brown, Michael Wayne; Dutta, Rabindranath; Paolini, Michael A.; Smith, Jr., Newton James, Automatic teller system and method of marking illegally obtained cash.
Brody Bill E. (9254 Forest La. ; Apt. 904 Dallas ; Dallas County TX 75243) Tannenbaum David H. (14860 Oaks North Pl. Addison ; Dallas County TX 75001), Currency transfer system and method using fixed limit cards.
Lloyd, James Steven; Boeyen, Sharon M.; Vandergeest, Ronald J., Method and apparatus for providing access isolation of requested security related information from a security related information source.
Christopher Paul Kenneth Smithies GB; Jeremy Mark Newman GB, Method and system for the capture, storage, transport and authentication of handwritten signatures.
Smithies Christopher Paul Kenneth (Corfe Mullen ; Wimborne GB2) Newman Jeremy Mark (Frome ; Somerset GB2), Method and system for the verification of handwritten signatures.
Moussa Ali Mohammed (1302 Nelson Way Sunnyvale CA 94087) Chan Chih (13301 Glen Brae Dr. San Jose CA 95070), Method of automated signature verification.
Nielsen Jakob, Password helper using a client-side master password which automatically presents the appropriate server-side password in a particular remote server.
Nielsen Jakob, Password helper using a client-side master password which automatically presents the appropriate server-side password to a particular remote server.
Rahman Sam (4809 Laurette St. Torrance CA 90503) Magner Jim (5092 Tripoli Ave. Los Alamitos CA 90720) Brown John (12831 Longden St. Garden Grove CA 92645) Pun Adarsh (5404 White Fox Dr. Rancho Palos , Secure credit card which prevents unauthorized transactions.
Rahman Sam (4809 Laurette St. Torrance CA 90503) Magner James (5092 Tripoli Ave. Los Alamitos CA 90720) Brown John (12831 Longden St. Garden Grove CA 92645) Pun Adarsh (5404 White Fox Dr. Rancho Palo, Transaction device, equipment and method for protecting account numbers and their associated personal identification num.
Toksvig, Michael John McKenzie; Papakipos, Matthew Nicholas; Ondrejka, Cory Rudolph, Adjusting mobile device state based on user intentions and/or identity.
Miller, Mark A.; Alderucci, Dean P.; Bradshaw, Thomas D., Amusement device including means for processing electronic data in play of a game in which an outcome is dependant upon card values.
Barrows, Maximilian Francis; Ferraro, Paul Francis Dean; McHugh, Jason George; Passaglia, Abraham Martin; Roths, Andrew Jay; Shell, Eric Allan, Automatic token renewal for device authentication.
Cordes, Kevin R.; Loman, Clinton H.; Mantel, Brian D.; Paczkowski, Lyle W.; Steele, Kenneth R., Digest of biographical information for an electronic device with static and dynamic portions.
Cordes, Kevin R.; Loman, Clinton H.; Mantel, Brian D.; Paczkowski, Lyle W.; Steele, Kenneth R., Digest of biographical information for an electronic device with static and dynamic portions.
Paczkowski, Lyle W.; Schlesener, Matthew C., Enablement of a trusted security zone authentication for remote mobile device management systems and methods.
Bertz, Lyle T.; Paczkowski, Lyle W., Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., JTAG fuse vulnerability determination and protection using a trusted execution environment.
Schultz, Paul T.; Hahn, Mark J.; Sartini, Robert A.; Swinton, Jeffrey H., Method and apparatus for providing multi-sensor multi-factor identity verification.
Zhang, Jiang; Chen, Peter; Franks, Bill; Medvinsky, Alexander, Method and apparatus for secure management of debugging processes within communication devices.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., Method for enabling hardware assisted operating system region for safe execution of untrusted code using trusted transitional memory.
Krstic, Ivan; Martel, Pierre-Olivier J.; Hughes, Gregory Daniel, Method for managing security of a data processing system with configurable security restrictions.
Corlett, Douglas Dwyer; Weber, Jeffrey Lee; Larson, Todd Andrew; Hagerman, Ronald Christopher; Jones, Adam D.; Huynh, Frank, Methods and credential servers for controlling access to a computer system.
Truskovsky, Alexander; Bender, Christopher Lyle; Martin, Daryl Joseph, Methods and devices for detecting unauthorized access to credentials of a credential store.
Kominar, Jeremy L.; Adams, Neil Patrick; Truskovsky, Alexander; Bender, Christopher Lyle; Martin, Daryl Joseph, Methods and devices for providing warnings associated with credentials to be stored in a credential store.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services.
Cordes, Kevin R.; Loman, Clinton H.; Mantel, Brian D.; Paczkowski, Lyle W.; Steele, Kenneth R., Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device.
Prabhu, Triveni; Neelaraddi, Reshma Hanamantharaddi; Bhattacharya, Debojyoti; Krishnarao, Niranjan Sathyanarayanarao, Secure access control to an embedded device through a networked computer.
Ramachandran, Anirudh V.; Mundada, Yogesh H.; Bin Tariq, Muhammad Mukarram; Feamster, Nicholas G., Security systems and methods to reduce data leaks in enterprise networks.
Radicella, Michael; Burkley, Richard; Chapman, Kriston; Jones, Shirl; Matsumoto, Roger, System and method for integrating and adapting security control systems.
Radicella, Michael; Burkley, Richard; Chapman, Kriston; Jones, Shirl; Matsumoto, Roger, System and method for integrating and adapting security control systems.
Radicella, Michael; Burkley, Richard; Chapman, Kriston; Jones, Shirl; Matsumoto, Roger, System and method for integrating and adapting security control systems.
Azar, Cyrus; Brostoff, George, System and method for providing secure access to an electronic device using both a screen gesture and facial biometrics.
Moton, Jr., Robert T.; Enzmann, Mark J.; Zellner, Samuel N, System and method for remote control of appliances utilizing mobile location-based applications.
Moton, Jr., Robert T.; Enzmann, Mark J.; Zellner, Samuel N., System and method for remote control of appliances utilizing mobile location-based applications.
Moton, Jr., Robert T.; Enzmann, Mark J.; Zellner, Samuel N., System and method for remote control of appliances utilizing mobile location-based applications.
Perlman, Jeffrey William; Walsh, Sofia; Storey, Gregory Kenneth, System and method of validating a relationship between a user and a user account at a financial institution.
Gottschalk, Jr., Harold E.; Caldwell, Michael; Carleton, Joel, System and methods for identifying compromised personally identifiable information on the internet.
Gottschalk, Jr., Harold E.; Caldwell, Michael; Carleton, Joel, System and methods for identifying compromised personally identifiable information on the internet.
Gottschalk, Jr., Harold E.; Caldwell, Michael; Carleton, Joel, System and methods for identifying compromised personally identifiable information on the internet.
Cordes, Kevin R.; Loman, Clinton H.; Paczkowski, Lyle W.; Steele, Kenneth R., System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device.
Narayanan, Anantha; Cave, Ellis K.; Blaszczak, Bogdan; Broughton, Justin; Rangarajan, Mohan, Systems and methods for preventing sensitive information from being communicated into a non-secure environment.
McMillan, Helen; Skurtovich, John Lawrence; Kress, Anita; Sumida, Timothy; McVey, Michael Charles, Systems and methods for providing an integrated identifier.
Bye, Stephen J.; Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C.; Shipley, Trevor D., Systems and methods for provisioning and using multiple trusted security zones on an electronic device.
Bye, Stephen J.; Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C.; Shipley, Trevor D., Systems and methods for provisioning and using multiple trusted security zones on an electronic device.
Keohane, Susann Marie; McBrearty, Gerald Francis; Mullen, Shawn Patrick; Murillo, Jessica Carol; Shieh, Johnny Meng-Han, Techniques for presenting password feedback to a computer system user.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., Trusted code generation and verification to prevent fraud from maleficent external devices that capture data.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., Trusted security zone containers for the protection and confidentiality of trusted service manager data.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew C., Trusted security zone re-provisioning and re-use capability for refurbished mobile devices.
Paczkowski, Lyle W.; Ray, Amar N.; Sisul, James P., Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system.
Paczkowski, Lyle W.; Ray, Amar N.; Sisul, James P., Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system.
Bye, Stephen J.; Paczkowski, Lyle W.; Parsel, William M.; Schlesener, Matthew C.; Shipley, Trevor D., Trusted signaling in long term evolution (LTE) 4G wireless communication.
Paczkowski, Lyle W.; Parsel, William M.; Persson, Carl J.; Schlesener, Matthew Carl, Verifying Applications in Virtual Environments Using a Trusted Security Zone.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.