Abstract: A handheld electronic device and a method for entering a password thereof are provided. The method includes following steps. Motion change information of the handheld electronic device in three-axis directions is detected. One current candidate password information in a plurality of candidate password information is provided to display on a display screen according to the motion change information. The current candidate password information is set as a selected password information according to a selection operation.

Abstract: Various embodiments are disclosed that relate to security of a computer accessory device. For example, one non-limiting embodiment provides a host computing device configured to conduct an initial portion of a mutual authentication session with an accessory device, and send information regarding the host computing device and the accessory device to a remote pairing service via a computer network. The host computing device is further configured to, in response, receive a pairing certificate from the remote pairing service, the pairing certificate being encrypted via a private key of the remote pairing service, and complete the mutual authentication with the accessory device using the pairing certificate from the remote pairing service.

Abstract: A technique communicates data between a first client device and a second client device. The technique involves establishing a regular communications pathway from the first client device to the second client device through a communications server, and establishing a highly confidential communications pathway from the first client device to the second client device. The highly confidential communications pathway circumvents the communications server. The technique further involves, after the regular communications pathway and the highly confidential communications pathway are established, conveying highly sensitive information from the first client device to the second client device only through the highly confidential communications pathway to avoid exposing the highly sensitive data to the communications server through the regular communications pathway.

Abstract: The present invention seeks to meet these needs by providing a password generation and retrieval system (PGRS) that generates encrypted passwords with a computer program using an algorithm that combines a website information such as a domain name or email address, the user's own text input or phrase, and the user's own numeric value or pin number. The present invention does not involve the maintenance of a database of any kind. As such, there is no login required and no records are kept of the visitors, their input or the passwords generated. Preferably, the process is carried out using a website, browser extension, smart phone application and/or a stand-alone executable program.

Abstract: There is provided an information processing method of an information processing device, including acquiring tag-unique information unique to an IC tag from the IC tag through near field communication, acquiring device-unique information unique to the information processing device, transmitting the acquired tag-unique information and the acquired device-unique information to an outside, and receiving, from the outside, an authentication result of the acquired tag-unique information and a verification result of right information for using the IC tag, which are obtained based on the transmitted tag-unique information and device-unique information.

Abstract: An authentication method for accessing a user account of a service (28) on a data network (26), includes the following steps: reception (E20) by the service (28) of a request from a consulting device (10) for the service (28), the request including a first authentication information element, reception (E60) by the service (28) of an information element sent by an authentication security device manager (34), the information received by the service (28) being based on a second authentication information element originating from a security device (16; 18) associated with the user account, and authentication by the service (28), based on the first authentication information element and the information received from the authentication security device manager (34).

Abstract: System and method for automatically developing phishing detection rules. Based on detected phishing indicia, a quantitative score is computed for each of a plurality of predefined parameters, with each of the parameters relating to at least one of the phishing indicia. A requirement for evolving a phishing detection rule is assessed, and a new phishing detection rule is generated based on selected parameter scores meeting the rule evolution criteria and on corresponding content of the phishing indicia relating to those selected parameter scores. New phishing detection rules are applied recursively to detect phishing indicia, and more new rules can be further evolved in recursive fashion.

Abstract: A method of signature capture for a document uses a portable digital media device with a touch responsive screen on which the signer traces his signature. An URL address is sent to the device and opened in the web browser. The URL address is valid for a limited period of time, and the signature is stored at a webpage associated with the URL address.

Abstract: A computer implemented method for encrypting one or more files and wrapping them in an HTML document. The HTML document contains the encrypted files, the necessary code to decrypt the files, as well as user interface code to receive a passphrase input from a user. The HTML document can be opened using any modern web browser, to obtain the original files using the same passphrase with which the encryption was performed. This offers a convenient way of sharing encrypted files via email or cloud file sharing services using a platform independent file format (without having to install any additional software).

Abstract: A method of dynamically generating a security question for accessing a resource. The method comprises monitoring a behavior of said user during a monitoring period to identify automatically a deviation from a behavioral pattern indicative of repetitive behavior of a user, automatically generating a security question responded to by an indication of said deviation, receiving a user input inputted by a user in response to a presentation of said security question and said deviation, and authenticating, after said monitoring period, an access to a resource according to a match between said user input and said deviation.

Abstract: Disclosed are various embodiments for virtualized network honeypots. In one embodiment, client computing devices that are coupled to a network are each configured with both a primary host and a secondary virtualized host. The primary host provides workstation functionality for users having permission. The secondary virtualized host is configured to route network traffic to and from a honeypot server. The honeypot server is configured to provide a honeypot environment. In another embodiment, a network connection request for a requested service is received from a connecting device. If the connecting device is authorized, the network connection request is routed to the requested service. If the connecting device is not authorized, the network connection request is routed to a honeypot server.

Abstract: Lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts and/or compromised machines. An attack graph may be automatically generated based on compromised account-machine pairs to visually display probable paths of an attacker.

Abstract: A method and apparatus for unlocking a lock screen in an electronic device are provided. A method for unlocking a lock screen in an electronic device includes displaying a lock screen in which objects of the On and Off state have been randomly disposed, detecting a gesture for unlocking the lock screen, determining whether or not a first unlocking value generated in response to the gesture is identical with a predetermined second unlocking value, and unlocking the lock screen if the first unlocking value is identical with the second unlocking value.

Abstract: This disclosure describes systems and methods for profiling user behavior through biometric identifiers. A first biometric identifier associated with a first user of a user device may be captured. The first user may be identified based at least in part on the first biometric identifier. The first request for content and first information retrieved from the user profile may be transmitted. First data that corresponds to the first request for content may be received. A second biometric identifier associated with a second user of the user device may be captured during an active session associated with the first user profile. The second user may be identified based at least in part on the second biometric identifier. A second request for content and second information retrieved from the second user profile may be transmitted. A second data corresponding to the second request for content may be received.

Abstract: A method and apparatus for providing a lifetime extension to an identity assertion is provided herein. During operation a user will authenticate to an identity management server (also known as an authorization server or an authentication server) to obtain an identity assertion. An identity assertion will be provided upon successful authentication. The lifetime of the identity assertion will be based on whether or not biometric information of the user will be used by the device to which the assertion is being issued to identify the user prior to allowing the use of the identity assertion.

Abstract: Systems and methods are provided for online chats without displaying confidential information. A system sends, from a first online chat participant, an information request to a second online chat participant. The system receives, from the second online chat participant, a response based on the information request. The system notifies the first online chat participant of receiving the response from the second online chat participant without displaying confidential information of the response to the first online chat participant.

Abstract: The purpose of the invention is to provide a password with lower cost but higher safety used in an authentication system, and users may choose one specific picture as a password to register or log in the internet. Because the data string of the picture is too big for general crackers to alter, break and steal the data string of the picture with currently available cracked methods. The present invention of the authentication system also includes a communication device and a cloud server to provide users to register or log in the system.

Abstract: A method for negotiating security capabilities during movement of a User Equipment (UE) includes the following steps: a target network entity receives a Routing Area Update (RAU) Request from the UE; the entity obtains Authentication Vector (AV)-related keys deduced according to a root key, and sends the selected security algorithm to the UE; and the UE deduces the AV-related keys according to the root key of the UE. A system, SGSN, and MME for negotiating security capabilities during movement of a UE are also disclosed. The present invention is applicable to security capability negotiation between the UE and the network.

Abstract: An extensible personality-based secure messaging infrastructure deployed in a computerized system comprising at least one central processing unit, a memory, a storage system and a network interface unit, the system being accessible by a user, the system comprising: an application resource database configured to store at least one resource entry; a contact information database comprising at least one peer personality entry and an own personality entry, the at least one peer personality entry corresponding to at least one resource entry in the resource database; a key storage operatively coupled to the contact information database and comprising a plurality of communication channel key entries, a plurality of peer personalities key entries and a plurality of application resource key entries, and at least one of the plurality of the peer personalities key entries corresponding to at least one peer personality entry in the contact information database.

Abstract: Data security is enhanced by injecting insecurity into communications between two computer systems to test one of the computer systems. The insecurity is injected by modifying the communications between the two computer systems by modifying or adding messages. A response from one of the computer systems is monitored to determine whether the computer system reacts to the modification in a secure manner or if mitigating actions need to be performed.