Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: A secure server detects a login from a user originating from a first device. A second user-registered device is sent a message. The second device: translates the message into light-based communication that is captured by a camera of the first device, translates the message back into the original message, and sends the translated message to the secure server. The secure server authenticates the message and sends an indication to the first device that the second device is permitted to access the first device. In an embodiment, information passed between the first and second devices continue using light-based communications.

Abstract: At least two mobile devices introduce one another and select data for transfer to and receipt by at least one receiving mobile device using audio communications. Each of the devices uses its speaker(s) and its microphone to introduce and select the data. Once secure audio communications are confirmed between the devices, the selected data is acquired by the at least one receiving mobile device using audio communications or a different out-of-band communication wired or wireless network.

Abstract: An app of a mobile device registers the mobile device for a remote credential server (RCS) and receives a device token. When a credential for a remote asset is supplied on the mobile device it is routed to the RCS and stored external to the mobile device but referenced on the mobile device via an asset token. When the credential is needed, the device token and the asset token permit the RCS to authenticate and return the credential to or on behalf of the mobile device so that the mobile device can authenticate to and access the remote asset.

Abstract: Techniques for inserting analytic logic into network requests are presented. In an embodiment, instructions are dynamically inserted into web pages as the pages are requested. The instructions enable analytics to be captured and/or tracked when the web pages are processed. In another embodiment, web requests are intercepted and processed to include analytic instructions.

Abstract: Policies are communicated to a kernel service of an Operating System (OS) that define resource identifiers and events. When an event is received (from the kernel service) for a resource, the event is noted. Subsequent events received (from the kernel service) are: tracked, evaluated, and a determination is made whether a near real-time or real-time notification is to be sent.

Abstract: Techniques for secure debugging and monitoring are presented. An end user requests a secure token for logging information with a remote service. A secure monitoring and debugging token service provides the secure token. The remote service validates the secure token and configures itself for capturing information and reporting the captured information based on the secure token.

Abstract: A first device requests a protected resource (managed by a second device). A first authentication is performed by the second device upon receipt of the request. The second device provides an audio message back to the first device, which plays the audio message over a speaker. A third device captures the audio message as audio and uses the audio message to request a second authentication from the second device. The second device provides an authenticated session handle back to the first device for accessing the protected resource when both the first and second authentications are successful.

Abstract: A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service.

Abstract: Techniques for secure data extraction in a virtual or cloud environment are presented. Desired data from a Virtual Machine (VM) or an entire VM is extracted and encrypted with a key. This key is sealed to a machine or a group of machines. The encrypted data is then migrated and successfully used on startup for instances of the VM by having the ability to access the sealed key (and unsealing it) to decrypt the encrypted data.

Abstract: A late-binding token (LBT) is securely generated and provided to a device application. When the LBT is presented and validated, a resource associated with the presentation is bound to the LBT and authenticated for access to a service and provided valid credentials for accessing that service.

Abstract: A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource.

Abstract: Techniques for resetting authentication for touch-enabled devices are presented. When a user authenticates to a mobile device a touch profile (TP) is recorded. Each subsequent time the user unlocks a locked mobile device via touch, a new TP is noted. The new TP is compared to the recorded TP and if the deviation is within an acceptable tolerance, the user is permitted access to the mobile device without re-authentication. When the new TP is not within the acceptable tolerance of the recorded TP, the user is forced to re-authenticate before access is granted to the mobile device.

Abstract: Techniques for device independent session migration are presented. A secure mechanism is presented for a target device to receive a current authenticated communication session from an original device with minimal user interaction while automated security is enforced during session migration. In an embodiment, the target device is a mobile device and the original device is a desktop; the target device captures a data glyph that is visually presented on a display of the original device and the data glyph is then seamlessly communicated to a server manager for authentication and session migration.

Abstract: A user of a system defines a limited use access token for an external user for that external user to access defined resources of the system based on the user's account with the system. An access control system validates the access token when the external user attempts to access the defined resources and grants the external principal access to the defined resources.

Abstract: Techniques for protecting mobile applications are presented. A user's mobile device is provisioned and proxied over a cloud environment with enterprise policy enforced in that cloud environment. Enterprise applications run on the mobile device within the cloud environment. Administrative reporting and control occurs within the cloud environment and the enterprise applications establish connections to, authenticate to, and communicate with remote enterprise services via the provisioned cloud environment.

Abstract: Techniques for desktop migration are presented. A user authenticates to an original device and a token is generated for remoting to that device's desktop. A target device acquires the token while in proximity to the original device and uses the token to authenticate to a third-party service that provides a second token back to the target device. The second token permits the target device to authenticate and to directly connect via remoting software to the original device's desktop.