A data processing method is performed at a computer system managing application programming interfaces (APIs) and mobile application entrances. An API invocation request initiated by an application system is received by the computer system, permission information corresponding to the application system is obtained according to an identifier of the mobile application entrance and an application system identifier that are carried in the API invocation request, then authentication is performed on the API invocation request according to the permission information and first authentication information carried in the API invocation request, and the application system is allowed to invoke an API for data processing when the authentication succeeds, so that internal data corruption caused due to that each application system at a mobile application entrance randomly invoke the API is avoided, thereby implementing uniform management on the internal data, greatly strengthening data security, and facilitating API interface expansion.

This invention relates to a method and a system for performing seamless authentication and identification of a mobile subscriber requesting to access a 3.sup.rd Party Merchant's online platform. The subscriber verification system intercepts a message sent from a first network node to a second network node during a data session establishment procedure. The subscriber verification system extracts a first set of identification values associated with a user equipment (UE) from the intercepted message. After the data session is established, the UE sends an encrypted request to access the Merchant server. The Merchant server identifies a second set of identification values associated with the encrypted request and sends them for validation to the subscriber verification system. The second set of identification values is compared against the first set of identification values. If the two set of identification values match, the UE is authenticated.

A trusted device, such as a wristwatch, is provided with authentication circuitry, used to perform an authentication operation to switch the trusted device into an authenticated state. Retention monitoring circuitry monitors the physical possession of the trusted device by the user following the authentication operation and switches the trusted device out of an authenticated state if the trusted device does not remain in the physical possession of the user. While the trusted device remains in the physical possession of the user, communication triggering circuitry is used to detect a request to establish communication with a target device that is one of a plurality of different target devices and communication circuitry is used to communicate with that target device using an authenticated identity of the user.

A communication device for communication with a network device during EAP-AKA′. The communication device is operative to receive a first Perfect Forward Secrecy, PFS, parameter value and at least one attribute value indicating a choice of a Diffie-Hellman group from the network device. The communication device is also operative to receive a cipher key, CK, and an integrity key, IK. Generate a modified cipher key, CK′, and a modified integrity key, IK′ based on CK, IK and an access network identity. Operations include calculating a second PFS parameter value. Send the second PFS parameter value to the network device. Calculate a third PFS parameter value. Derive, using a Pseudo-random function, a key based on the third PFS parameter value, CK′, IK′ and an identity associated with the communication device. A network device, methods, further communication devices, a server, computer programs and a computer program product are also disclosed.

A working method for an IC card having a fingerprint recognition function, comprising: an IC card receiving and determining an instruction type from a terminal, and when determined that the received instruction is an application selection instruction, the IC card selecting an application and returning a response to the terminal; when determined that the received instruction is a processing option acquisition instruction, the IC card acquiring a user fingerprint information verification state according to the content of the instruction, and if verification is successful, returning to the terminal a processing option instruction response containing an application file locator list for which a personal identification number does not need to be verified; if verification fails, returning to the terminal a processing option instruction response containing an application file locator list for which a personal identification number must be verified; when determined that the received instruction is a record reading instruction, the IC card returning a record reading response to the terminal according to the record reading instruction, wherein the record reading response contains a method for verifying a card holder. Thus, the risk of a personal identification number being leaked is avoided, thus enhancing the security of a transaction, while also improving user experience.

Implementations of the subject technology provide for performing, by a device, a request for obtaining information related to a phone authentication certificate (PAC) that was generated for the device, the PAC authenticating that a particular phone number is associated with the device, the request including packets of data. The subject technology receives the information related to the PAC, the information including an indication that the PAC was generated for the device. The subject technology sends, from the device, a request for validating the PAC to a remote server based at least in part on the information related to the PAC. Further, the subject technology receives a confirmation of validating the PAC from the remote server based at least in part on the information related to the PAC.

Systems and methods for synchronizing data between an online data source and a client application. The method includes, in response to a change in a permission associated with a user to a protected data set included in a shared data space of the online data source, receiving, with the client application associated with the user, a protected data synchronization token issued by the online data source associated with the protected data set and downloading, with the client application, the protected data set included in the shared data space from the online data source to the client application using the protected data synchronization token without re-downloading a public data set included in the shared data space. After downloading the protected data set, the method includes synchronizing the shared data space, including the protected data set and the public data set, using a stored data space synchronization token.

Provided is a method for automatic user authentication, including: (a) a first step in which a user credential is stored on a website in the course of membership registration, wherein the user credential includes a given mobile phone number; (b) a second step in which a service application is downloaded onto a first mobile terminal, wherein the first mobile terminal is linked to the website server; and (c) a third step in which the service application is activated on the first mobile terminal through automatic user authentication without an additional membership registration process.

A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.