Abstract: Biometric information is used to generate a one-time passcode in a two factor authentication process. A current biometric sample is obtained from a user requesting access to a secure resource, together with a user identifier and a current token code. A bio-hash value that encodes a distinct biometric identifier of the authentic user for the user identifier, combined with the authentic user's PIN, is retrieved. A computed PIN is generated based on biometric information extracted from the current biometric sample and the bio-hash value. The computed PIN is combined with the current token code to generate a one-time passcode. The one-time passcode and the user identifier are conveyed to an external user identity verification process that uses the one-time passcode to validate the computed PIN and current token code contained in the one-time passcode.

Abstract: A computing device described herein utilizes a secure cryptoprocessor of the computing device to compute a response to a request for authorization received from another local or remote device. The secure cryptoprocessor computes the response based on protected authorization credentials stored by the secure cryptoprocessor for one or more devices. The computing device then provides the computed response to the other device to cause the other device to grant or deny authorization. The computing device may also display information associated with the request for authorization, receive input indicating approval of the request, and utilize the secure cryptoprocessor in response to the received input.

Abstract: A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it's encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable.

Abstract: A first network device may measure one or more values of one or more parameters corresponding to a plurality of links and/or devices of the network. The first network device may compare the measured one or more values of the one or more parameters to an expected one or more values of the one or more parameters. The first network device may determine whether to transmit data onto a network path between the first device and one of the plurality of devices based on a result of the comparison, wherein at least one of the plurality of links and/or devices are not part of the network path. The first network device may be operable to utilize the discovered parameter values to generate a security key which may be utilized to encrypt and/or scramble content prior to transmitting the content onto the network.

Abstract: A system and method that correlate business transaction in a system and traffic generated from this business transaction in a network back to a user identity that invoked this business transaction and generated subsequent network traffic. The method enables a user to set up rules for tracking the activities in a system and network traffic and these rules can then be used later for monitoring user activities. The user activities, network traffic, and the user identity are correlated and stored in a data-to-business mapping file. This data-to-business mapping file can be used for auditing events in the system.

Abstract: A communication support system among a plurality of users within a hierarchical structure is disclosed herein. An electronic note may be transcribed using a computing device within an active session that has other authorized users. The communication support system may determine other devices authorized to receive electronic notes, at the end of each session all information is permanently deleted. Notes may be sent based a chain of command of those users in a session. Notes will be relayed based on an authorization level of each client computing devices and will be relayed when certain criteria are satisfied. The electronic note may be transmitted to a second client computing device based on the authorization level and the criteria being satisfied. The second computing device may then approve of and forward the electronic note to a relatively higher client computing device within the hierarchy, such as a third client computing device.

Abstract: The Internet is becoming an essential part of our lives. This trend is even stronger with the rise of cell phones having Internet access that almost the entire population carries with them at all times. Security is a huge problem on the Internet, however, and new authentication methods are needed specifically for cell phones. Presented here is a method of identifying a mobile electronic device by its configuration settings, potentially including contact list information. This invention, in particular, fills a crucial need to secure access to the Internet from mobile phones.

Abstract: A privileged account management system can detect when credentials used to access one or more servers have been shared or otherwise compromised. This detection can occur through analysis of simultaneous actions that are performed via multiple sessions associated with the same administrator. When two or more sessions associated with the same administrator are opened, the interactions performed over each of the sessions can be monitored to identify whether such interactions could be performed by a single administrator. If it is determined that the interactions over the multiple sessions could not reasonably be performed by a single administrator, various actions can be taken to address the possible breach to the security of the one or more servers.

Abstract: Systems, methods, and devices configured to build and utilize an intelligent cipher transfer object are provided. The intelligent cipher transfer object includes a set of participants protected by cloaking patterns. A portable dynamic rule set, which includes executable code for managing access to the protected set of participants, is included within the intelligent cipher transfer object. For a given user, the intelligent cipher transfer object may provide access to some of the participants while preventing access to other participants, based on the portable dynamic rule set therein.

Abstract: Methods, apparatuses, and computer program products are described herein that are configured to provide a web page with one or more additional layers allowing certain functionality to be performed without having to navigate away from the web page. One example embodiment may include a method for providing a page, the page comprising a main layer and one or more additional layers, displaying the main layer and one or more indications representing the one or more additional layers, receiving a selection of at least one of the one or more indications, and displaying the at least one of the one or more additional layers in conjunction with displaying the main layer, the at least one of the one or more additional layers configured to manipulate the main layer.

Abstract: Controlling access to position information at a receiver, or at another device external to the receiver. Various considerations, including a requested service type, a user type, a device type, a software application type, a payment, and/or other characteristics associated with a particular software application or distributor of that software application, may be used to control access to position information.

Abstract: A client application cryptographically protects application data using an application-layer cryptographic key. The application-layer cryptographic key is derived from cryptographic material provided by a cryptographically protected network connection. The client exchanges the cryptographically protected application data with a service application via the cryptographically protected network connection. The client and service applications acquire matching application-layer cryptographic keys by leveraging shared secrets negotiated as part of establishing the cryptographically protected network connection. The shared secrets may include information that is negotiated as part of establishing a TLS session such as a pre-master secret, master secret, or session key. The application-layer cryptographic keys may be derived in part by applying a key derivation function, a one-way function or a cryptographic hash function to the shared secret information.

Abstract: Secured electronic data storage on a hard drive is described. A computer system that incorporates the hard drive includes a shrink, shred, and data randomization algorithm built into the read/write function of the computer system for the purposes of securing any data that is stored on the hard drive. Data to be stored on the hard drive is processed using the algorithm which shrinks, shreds, and randomly distributes the data into multiple storage locations, for example multiple partitions of storage, different data storage drives of the hard drive, different folders of a storage device, and the like. An electronic log of where the data is distributed is kept in electronic data storage, on the computer system and/or separate from the computer system, that allows the data on the hard drive to be retrieved, reassembled, decompressed, and if necessary decrypted, upon receipt of a read/access request.

Abstract: A method of addressing an unauthorized disclosure of sensitive information at an imaging device, including receiving an indication of the unauthorized disclosure of sensitive information; receiving or generating preliminary information about the unauthorized disclosure; and transmitting the indication and the preliminary information to a remote location to initiate an investigation on the unauthorized disclosure. After receiving the indication, the method includes entering a reduced function mode by the imaging device; receiving a clearance key when in the reduced function mode; and after receiving the clearance key, exiting the reduced function mode and entering a normal mode of operation.

Abstract: A mechanism is provided for anonymizing sequential and location datasets. Responsive to receiving the sequential and location datasets from an enterprise, the sequential and location datasets are scanned to expose a set of privacy vulnerabilities. A set of privacy constraints P is generated based on the set of discovered privacy vulnerabilities and a set of utility constraints U is identified. The sequential and location datasets is anonymized using the set of privacy constraints P and the set of utility constraints U thereby forming an anonymized dataset. The anonymized dataset is then returned to the enterprise.

Abstract: To provide a secure access to business information, restriction rules are generated and associated with metadata of the business information. The restriction rules are propagated to a device application functioning on a device. The device application monitors a geo-fencing location of the device based upon the received restriction rules. Based upon a request to access the business information triggered at the device, the restriction rules associated with a current geo-fencing location of the device and the restriction rules associated with the requested business information is determined. Based upon the restriction rules associated with the requested business information and network connectivity, the requested business information is downloaded to the device. Based upon the restriction rules associated with the current geo-fencing location of the device, an access to the downloaded business information is rendered.

Abstract: Embodiments of the present invention provide a method, a device and a communications system for network convergence, which can support a charging manner of a network to which an access user belongs. The method for network convergence includes: after authentication of an access user is successful, receiving, by a second gateway, a PDN connection establishment message corresponding to the access user, where the message carries an access user identifier and is sent by a first gateway, the first gateway is a gateway of a first network in which the access user is currently located, and a service borne by the PDN connection corresponding to the access user includes a network side service of the access user in the first network; and initiating, by the second gateway, according to the access user identifier, a charging procedure corresponding to the access user.

Abstract: A method for determining an identifier of a conditional access card used in a conditional access system, in which the conditional access card autonomously modulates the timing of data packets sent by the conditional access card, according to a sequence that depends on the identifier of the card. The sequence is generated by a predefined non-linear function stored on the conditional access card, and the predefined non-linear function depends on both the identifier of the conditional access card and a non-linear random sequence that is known to the conditional access card and a monitoring station that receives transmissions from the conditional access card.

Abstract: A technique performs authentication with an external device. The technique involves receiving, by electronic circuitry, a messaging command. The technique further involves providing, by the electronic circuitry, a message to the external device in response to the messaging command. The message includes message fields which store message operating parameters e.g., Hypertext Transfer Protocol (HTTP) header fields containing HTTP operating parameters to form part of an HTTP transaction. The message fields of the message are arranged in a particular order to match an expected order during an order comparison operation performed by the external device to gauge authenticity of the message source. If the particular order matches the expected order, there is lower risk that the message source is fraudulent. However, if the particular order does not match the expected order, there is higher risk that the message source is fraudulent.

Abstract: Systems and methods for managing secured storage devices in an Information Handling System (IHS) are described. In some embodiments, a Baseboard Management Controller (BMC) may have program instructions stored thereon that, upon execution, cause the BMC to: identify a triggering event; send an alert to a Chassis Management Controller (CMC); receive, from the CMC, a request for one or more security keys pair usable to authenticate one or more secured Solid State Drives (SSDs) in a new configuration different from a previous configuration; and provide a response to the CMC.