Abstract: One embodiment provides a method, including: identifying, using a short range wireless device of an electronic device, another user device; transferring, using the short range wireless device, connection data for a wireless local area network (WLAN) access point between the electronic device and the another user device; and connecting, using a processor of the electronic device, to the WLAN using the connection data. Other aspects are described and claimed.

Abstract: Apparatus and methods can be implemented to perform software testing or to perform emulated hardware testing using a cloud architecture that can utilize centralized testing technology and can enable scaling up to test for multiple tenants and scaling up to arbitrary numbers of programs tested for each tenant. A user can configure an initial test virtual machine on a cloud platform for a cloud service over a physical network such as the Internet. Components of the cloud architecture can create a set of clones of the initial test virtual machine and inject tools into each clone for testing. Testing of one or more clones of the set can be conducted in an environment isolated from the physical network and isolated from a backend of the cloud service. Additional apparatus, systems, and methods are disclosed.

Abstract: A method of authenticating access on an electronic device. A digital image overlaid by an array of alphanumeric characters is displayed on a three-dimensional display of the electronic device. The digital image includes a three-dimensional representation of a scene and is displayed in three-dimensional coordinates. The array of alphanumeric characters is positioned on the three-dimensional display with respect to the digital image in three dimensions in response to received input. Access to the electronic device is authenticated in response to detecting that a designated character in the digital image is aligned with a designated object in the digital image.

Abstract: Examples of techniques for sequential object set passwords are disclosed. In one example implementation according to aspects of the present disclosure, a computer-implemented method may include presenting, by a processing device, an object set to a user, wherein the object set comprises a plurality of objects in a first order; receiving, by the processing device, a rearranged object set, wherein the rearranged object set comprises the plurality of objects in a second order; comparing the rearranged object set to a known sequential object set stored in a data store; and responsive to determining that the rearranged object set matches a known sequential object set, enabling the user to access a restricted resource.

Abstract: Managing passwords is provided. A machine training process is performed using a set of existing passwords to train a machine learning component. Members of a set of semantic categories are used to categorize respective passwords in the set of existing passwords. Password strengths corresponding to a set of candidate passwords are evaluated using the machine learning component. A resource is secured with a candidate password having a password strength greater than or equal to a defined password strength threshold level.

Abstract: The subject disclosure relates to generating a set of token data for storage at a first data store of a first device, wherein the set of token data comprises at least two or more of flag data, no state data, first state data, second state data, event identification data, or token identification data. In an aspect, the disclosure further includes, assigning the flag data to the no state data within the first data store of the first device. Also, the disclosure includes the reassignment of the flag data from the no state data to the first state data based on an occurrence of a first validation event by a second device.

Abstract: A system that includes a plurality of cloud servers in signal communication with user devices and an authentication server. Each cloud server is configure to generate a cloud key that is uniquely linked with a user associated with a user device and the cloud server and send the cloud key to the user device. The authentication server is configured to receive a network resource access request comprising the cloud key from the user device, perform multi-factor authentication with the user associated with the user device, and identify a cloud server from among the plurality of cloud servers based on a user profile linked with the user. The authentication server is further configured to send a key validation request to the identified cloud server, receive a key validation response, determine whether the cloud key passes verification, and send a network resource access response to the user device.

Abstract: Haptic feedback can be provided by receiving an input character from a first user device, converting the input character to a haptic instruction comprising a plurality of tactile pulses, and outputting the haptic instruction on a second user device to cause the haptic motor of the second user device to vibrate according to the plurality of tactile pulses.

Abstract: An electronic apparatus is an electronic apparatus in a system including a terminal device and the electronic apparatus and includes a first communication device that is disposed in a first position and capable of wireless communication with the terminal device, a second communication device that is disposed in a second position and capable of wireless communication with the terminal device, and a processing unit. The first communication device transmits a beacon signal (a first position beacon) including position specifying information for specifying the first position and the second communication device transmits a beacon signal (a second position beacon) including position specifying information for specifying the second position.

Abstract: A method, computer program product, and computing system for receiving a key indicator and an encrypted password concerning an electronic device to be accessed. The key indicator may be processed to identify a decryption key. The encrypted password may be processed with the decryption key to generate a decrypted password.

Abstract: An obfuscation macro can expand obfuscation identification information into a data value during or prior to compiling source code, and insert a de-obfuscation call where the data value is referenced in the source code. An obfuscation utility can scan compiled binaries for data values containing obfuscation identification information. The obfuscation utility identifies and obfuscates data values containing obfuscation identification information within the compiled binaries. The de-obfuscation call de-obfuscates obfuscated data values during runtime.

Abstract: A method for verifying that default passwords have been changed without causing a security lockout, is provided, including enabling user identifiers associated with a plurality of devices, prior to an initial security test, identifying, a default password for a user identifier of each device, attempting a login to each device using the default password for the user identifier of each device, wherein: in response to determining that the login is successful, raising an alert against the user identifier as a security concern and maintaining an enabled state of the user identifier, in response to determining that the login is unsuccessful, disabling the user identifier so that the user identifier is in a non-enabled state, until a security lockout interval elapses, and retrying the login only for each user identifier in an enabled state during one or more subsequent security tests initiated after a predetermined alert interval.

Abstract: A personalized way to digitally record a person's physical activities over time serves web searching, business advertising, nostalgia, security and object tracing purposes. The chronological digital history of the person's physical presence over a time includes (i) digital network entries from other members who hold their portable wireless short range device near the person's device and transmit a URL or other key data and (ii) digital member entries such a digital photograph of a store sign. The digital network entries and digital member entries are automatically transmitted to a database located on a telecommunications network at a time of entry. Advertisers can transmit to members when members enter premises of advertiser's store. Upon sign-up online, the authentication data uniquely associated with an account is provided and key data they want to transmit is associated with the account. Digital histories can be used to improve web searching and networking opportunities.

Abstract: A method and system are provided for multifactor identification of a subject over a network using a rich credential, with selective disclosure of attributes and selective presentation of verification factors. A credential presentation application negotiates with a verifying server to agree on attributes to be disclosed and verification factors to be presented, and removes unneeded attributes and verification data from the rich credential by pruning subtrees from a typed hash tree without invalidating a signature that covers the root label of the tree. The credential presentation application proves knowledge of a private key, and as agreed upon may prove knowledge of a password and may arrange for biometric presentation applications to present one or more biometric samples to the verifier, which performs presentation attack detection and verifies the samples against verification data in the rich credential.

Abstract: A system and method for routing IP-based messaging, voice and video calling, comprising detecting network parameters of a network that a device is connected to, detecting a location of the device and routing the call based on the network parameters and the location.

Abstract: A method for unlocking a terminal screen and a terminal are disclosed. When it is detects that a user triggers an unlocking instruction for a terminal screen, a terminal generates and displays a random number; acquires a standard unlocking password through calculation according to an unlocking rule and the random number; receives an unlocking password input by a user and acquired through calculation according to the unlocking rule; identifies, according to the standard unlocking password, whether the unlocking password input by the user is correct; and when it is identified that the unlocking password input by the user is correct, unlocks the locked terminal screen. Compared with a manner of unlocking a terminal screen by using a fixed unlocking password in the prior art, embodiments of the present disclosure have a beneficial effect of unlocking a terminal screen by using a dynamic password, which improves security of a terminal.

Abstract: A secure element (SE) with a notion of time useful for checking secure items is disclosed herein. Use of Public Key Infrastructure (PKI) with secure elements is improved by verifying secure items used by an SE. Methods of obtaining time information by the SE include push, pull, opportunistic, and local interface methods. The SE uses the time information to evaluate arriving and stored public key certificates and to discard those which fail the evaluation. The SE, in some embodiments, uses the time information in cooperation with certificate revocation lists (CRLs) and/or online certificate status protocol (OCSP) stapling procedures.

Abstract: Methods, apparatus, and systems using dynamic authentication credentials to secure interactions between a user and a computer-based application are disclosed. Dynamic authentication credentials are generated based on a passcode value and a passcode-blinding data element value. The passcode and the passcode-blinding data element values are used to calculate a passcode verifier data element value. The passcode verifier data element value is then used to calculate the dynamic authentication credentials.

Abstract: A system on chip, comprising a processing unit for executing processes, a memory unit, and a memory control unit connected between the processing unit and the memory unit, is described. The memory control unit allocates a memory region to a process. The memory control unit comprises a process activity counter which counts a duration of the process or transactions by the process to or from the memory region and which maintains a process activity count representing the counted duration of the process or the counted transactions to or from the memory region. The memory control unit disables the memory region in response to the process activity count exceeding a maximum process activity count. Notably, it blocks the memory region against further transactions by the process and against transactions by any other processes. A method of operating a system on chip is also described.

Abstract: An information processing apparatus includes a processor configured to execute processing. The processing is configured to: receive authentication information for a first terminal device authenticated by an authentication server among a plurality of terminal devices to be authenticated by the same authentication information; obtain authentication information from a second terminal device among the plurality of terminal devices; and authenticate the second terminal device in place of the authentication server based on the authentication information for the first and second terminal devices.

Abstract: A user may provide a financial card to an automated teller machine (ATM) or point of sale (POS) terminal and may be authenticated by providing a gesture and/or an image selection via a mobile device to the ATM or the POS. The gesture and/or image selection may be provided using a touchscreen of the mobile device. The gesture and/or image provided by the user via the mobile device may be compared to a stored gesture and/or image provided by the user during an earlier registration of the financial card. If there is a match between the gesture and/or image provided by the user via the mobile device and the previously stored gesture and/or image, then the user is authenticated and may access an account associated with the financial card.

Abstract: Techniques for protecting passwords and/or password entry by a user are provided. User identification data for a user can be received from a remote computing device. An identity of the user can be determined based on the user identification data. A password for the user can be determined. A modified keyboard configuration associated with the user can be determined. A request can be transmitted to the remote computing device for the password for the user based on the modified keyboard configuration. A modified password from the remote computing device can be received. A converted password based on the modified password and the modified keyboard configuration can be determined. The converted password can be compared to the password for the user. The user can be authorized when the converted password matches the password for the user.

Abstract: The security of a personal image in an apparently trusted UI is improved through the use of a fingerprint sensor hardwired to a Trusted Execution Environment. The personal image may be a complete or partial representation of a fingerprint sensed by the fingerprint sensor enhanced through emphasis of features of the fingerprint. Alternatively, the personal image may be an object whose movement within the UI is controlled responsive to data received from the fingerprint sensor.

Abstract: A method is provided for identifying a strength of an input picture password formed by performing a sequence of gestures relative to a picture. The method includes storing, in a memory device, a crowdsource history of picture passwords formed by tracking a plurality of picture passwords used to authenticate a plurality of users. Each of the plurality of users has a respective user profile. The method further includes generating, by a processor-based demography-based pattern usage assessment generator, a demography-based pattern usage assessment by analyzing the crowd source history and the user profile of the plurality of users. The method also includes providing, by a user-perceptible indication device, an indication of the strength of the input picture password in accordance with the demography-based pattern usage assessment.

Abstract: Disclosed herein is a method for use in detection of abnormal behavior of a group of a plurality of entities of a computer system. The method is arranged to be performed by a processing system and comprises: creating a model of normal behavior of the group of entities; and determining, in accordance with the model of normal behavior of the group of entities, a parameter indicative of abnormal behavior of the group of entities. Also disclosed is an equivalent computer readable medium and anomalous behavior detection system.

Abstract: An intermediary can securely migrate a security credential between systems despite different underlying encoding technologies used for authentication by the system. This intermediary can also securely migrate an identity between different authentication technologies. A secure login interface program code that is digitally signed by the intermediary is provided in advance to devices that will source authentication requests. The interface program code is at least secure because it has been digitally signed by the intermediary. An instance of the secure interface program code directs authentication requests entered into the interface instance to the intermediary, which is at least identified by the digital signature. After a successful authentication by a destination system identified by the authentication request, the intermediary can migrate the authenticated security credential to a migration target.

Abstract: Provided are a method and an apparatus for controlling device using Bluetooth technology.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to authenticate and authorize devices, applications, users, and data protocol in network communications by exchanging nonpublic identification codes, application identifiers, and data type identifiers via pre-established communication pathways and comparing against pre-established values to provide authorized communication and prevent compromised nodes from spreading malware to other nodes.

Abstract: A restricted access device such as a cellphone, a tablet or a personal computer, analyzes contemporaneous keyboard inputs of a password and gestures to authenticate the user and enable further access to applications and processes of the restricted access device. The gestures may be facial gestures detected by a camera or may be gestures made by an avatar rendered on a display of the device. The password may be shorted based upon the context of the authentication as well as any gestures occurring during password entry. The gestures may be learned by the restricted access device during the password entry process.

Abstract: Disclosed are various embodiments for managing security credentials. In one embodiment, network content for a network site is obtained in response to a user request. A connection with a remote computing device that stores and manages security credentials for accessing network sites is authenticated using a master security credential and answers to knowledge-based questions. A security credential associated with the network site is provided to the client from the remote computing device based at least in part on the answers. Access to the network site is authenticated according to the security credential.

Abstract: A restricted access device such as a cellphone, a tablet or a personal computer, analyzes contemporaneous keyboard inputs of a password and gestures to authenticate the user and enable further access to applications and processes of the restricted access device. The gestures may be facial gestures detected by a camera or may be gestures made by an avatar rendered on a display of the device. The password may be shorted based upon the context of the authentication as well as any gestures occurring during password entry. The gestures may be learned by the restricted access device during the password entry process.

Abstract: A portable communication device (1) is capable of setting a sleep mode as an operation mode. An operation receiver (101) receives operations given by a user. A setter (102) sets the operation mode to the sleep mode when the operation receiver (101) receives no operation for a first time period. A displayer (103) displays an indicator on a display when the operation receiver (101) receives a first operation in the sleep mode. A launcher (104) launches, when the operation receiver (101) receives operations for specifying the indicator, an application program associated with the specified indicator.

Abstract: A device may receive an input that indicates a request to initiate a transaction at an ATM device. The device may instruct the user to capture one or more images of the ATM device. The device may determine that an image has been captured and process the image to determine first information that identifies the ATM device. The device may send the first information to a server device and receive a signal that indicates the ATM device has been validated. The device may cause an augmented reality (AR) overlay to be displayed, wherein the AR overlay includes second information related to authenticating the user to the ATM device. The device may determine whether a user action is performed with respect to the second information included in the AR overlay, and perform a device action related to the second information, the ATM device, or the AR overlay.

Abstract: Disclosed are various embodiments for distributing and verifying ephemeral security credentials of variable entropy across channels of communication of variable levels of security assurance. In one embodiment, a security credential is generated for a user account. A subset of a set of communication channels associated with the user account is determined based at least in part on respective measures of entropy and/or security assurance corresponding to individual ones of the set of communication channels. The security credential is divided into multiple portions. A corresponding portion of the portions is sent across individual channels of subset of channels. A client computing device is authenticated for access to the user account based at least in part on receiving the portions of the security credential.

Abstract: A user authentication server includes: a variable keypad generation unit for generating a variable keypad including password keys and a biometric authentication key, wherein the position of each password key and the position of the biometric authentication key are changed in each generation of the keypad; an authentication information storage unit for storing authentication information of portable terminal users; and an authentication unit for authenticating a user by remotely providing information of generated variable keypad to a portable terminal, and comparing biometric information and information of the positions of the password keys in accordance with the order of input by the user, received from the portable terminal, with the authentication information stored in the authentication information storage unit.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online on a public service provider's website. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group is granted access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a user to a user account. The computing platform may generate a first one-time passcode for a first computing device associated with the user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a first registered-device authentication prompt for a second computing device associated with the user account and may send, to the second computing device, the first registered-device authentication prompt. Thereafter, the computing platform may receive first one-time passcode input and a first response to the first registered-device authentication prompt, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, which the computing platform may send to the client portal server.

Abstract: The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.

Abstract: In one aspect, a method includes receiving an identifier; obtaining a plurality of prompts using the identifier, wherein a first prompt corresponds to a first character of an access code, and a second prompt corresponds to a second character of the access code; causing the first prompt and the second prompt to be presented on a display at locations corresponding to a first alternative; causing third prompts and fourth prompts to be presented on the display at locations corresponding to a second alternative; receiving an audio signal comprising speech spoken by a user; and determining whether the audio signal comprises the user speaking the first prompt followed by the second prompt.

Abstract: An image forming apparatus includes an operation panel which receives an entry of a password, a control portion which determines whether or not the entry password is correct and a storage portion. The storage portion stores, as an item of information which indicates that the entry password is wrong and which is included in notification information, an item to be notified that is previously set by a user, and when the control portion performs notification processing for notifying the notification information to an outside, the control portion includes, in the notification information, information corresponding to the item to be notified.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A monitoring apparatus, includes a memory configured to store history information regarding a login attempt to a system by a communication apparatus in a state in which a first address is set, the system being a target to be monitored, and set a second address, and a processor coupled to the memory and configured to extract, from the history information, at least one of a variance of a number of login attempts per unit time and a length of a time of the login attempts, determine whether an attack in which accesses are attempted while an address is changed was executed on the system, according to the at least one of the variance and the length of the time, and add the second address of the system to a list that manages systems that had the attack when it is determined that the attack was executed.

Abstract: A cryptographic ASIC and method for enforcing a derivative key hierarchy for managing an information stream. A programming user provides a user passphrase that is used to generate a transform key and is then deleted. The transform key is inaccessibly, invisibly, and indelibly generated and stored in a one-time programmable memory with externally generated programming pulses during or after manufacture, without being reported out to the user who provided the user passphrase. A transform-enabled cryptographic circuit or method customized with the transform key processes a predetermined input message to obtain a predetermined output message indicating an identity of a particular information stream. Other input messages may also be processed, such as for verifying a blockchain, but replication requires knowledge of the transform key. Only a programming user with knowledge of the user passphrase is capable of creating an information stream, such as a blockchain.

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: The accessibility of a hyperlinked files is displayed. A hyperlink that references a resource is extracted from a target file. An attempt to acquire the resource is made by performing a first authentication operation. A first object is received in response to performing the authentication operation. A second object is acquired by performing a second authentication operation using pre-determined authentication information. The first object and the second object are compared to determine if the first object is the same as the second object. Information indicating the accessibility of the resource is presented via a display apparatus.

Abstract: Messages exchanged among users of a relationship management and work collaboration system are organized within user-defined, secure communication channels organized according to user-defined hierarchies that represent the users' personal relationships with one another. Security of the communications channels is maintained using individual, dynamic keys, each of the keys being uniquely associated with a respective one of the channels, and being generated according to combinations of individual passwords established by each respective channel's participants. In-bound messages in the form of e-mails are received and associated with respective ones of the channels according to e-mail aliases associated with the inbound messages. Out-bound e-mails may be sent to channel participants according to e-mail addresses associated with the participants and channel preferences established by the system users.

Abstract: A data processing system (DPS) provides protection for firmware. The DPS comprises (a) a host module comprising a management engine and (b) a security module in communication with the host module. The security module comprises a security coprocessor and a secret identifier for the security module. The DPS also comprises at least one machine-accessible medium comprising host firmware and security firmware. The host firmware, when executed by the management engine, enables to management engine to determine whether the security module is in communication with the host module, based on the secret identifier for the security module. The security firmware, when executed by the security coprocessor, enables the security coprocessor (a) to verify integrity of the host firmware and (b) to prevent the host module from booting with the host firmware in response to a determination that the host firmware has lost integrity. Other embodiments are described and claimed.

Abstract: A server device 201 comprises a communication part 231, a search history storage region 213, a data storage part 210, and a checking part 220. The communication part receives a set of a trapdoor and a deterministic encrypted keyword from a search device 401. The search history storage region 213 stores the set of the trapdoor and the deterministic encrypted keyword. The data storage part 210 stores keyword information in which search target data and an encrypted keyword are associated with each other. If the deterministic encrypted keyword is obvious, a deterministic encrypted keyword corresponding to the encrypted keyword is additionally associated with the search target data and the encrypted keyword in the keyword information. The checking part 220 checks whether or not a deterministic encrypted keyword which matches the received deterministic encrypted keyword exists in the search history storage region 213.

Abstract: A first data item is encrypted at a client device using a first encryption key. The encrypted first data item is included in a data object. A second encryption key is received at the client device from a key management device. The first encryption key is encrypted using the second encryption key. The encrypted first encryption key is included in the data object, and the data object is stored at a storage device.

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.