Abstract: Concepts and technologies are disclosed herein for event-based security challenges. A computer can execute a security application. The computer can receive a request for authentication information associated with a user device. The computer can access event data corresponding to the user device. The computer can generate, based upon the event data, a challenge question and a response to the challenge question. The computer can provide data indicating the challenge question and the response to a requestor associated with the request.

Abstract: Automatic parameter value generation is disclosed. It is determined that a parameter value generation trigger associated with a parameter has occurred. A parameter value in accordance with a format of the parameter value is obtained. At least one location associated with a first component to which the parameter value is to be communicated is determined. The parameter value is communicated to the at least one location, and a parameter value refresh policy associated with the first component is determined.

Abstract: An information processing system including a communication unit that acquires information related to an interaction between objects from a sensing device that detects the interaction between the objects, an emotion information database constructed by accumulating an evaluation value used when an emotion value of each object generated based on the information related to the interaction between the objects is calculated, a certification unit that certifies the sensing device and issues certification information to the sensing device, and an authentication unit that authenticates the information related to the interaction transmitted from the sensing device based on the certification information issued to the sensing device.

Abstract: Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode, where sometimes the device is called Alice. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system (called Bob or the second party), which authenticates the passcode by at least generating a passcode from a passcode generator or nonce, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device (Alice's device) and by the administrator (Bob's device). This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on a nonce or the rounded time.

Abstract: A system for licensing an application or feature for use on a wireless mobile device is disclosed. The wireless mobile device is provided to a user with a licensable application or feature, but the application or feature has not been fully authorized for use. When the wireless device receives a request to use the application or feature, the wireless device operates the requested application or feature, and generates an irrevocable license request. The license request is transmitted to a license server at a time convenient for the wireless device. The license server generates a license certificate to the application or feature, and transmits the license certificate to the wireless mobile device. The wireless device receives the license certificate, which is stored in local memory. Accordingly, the application or feature is now fully licensed for future operation on the wireless mobile device. The license server operates accounting processes to generate license reports and license accounting information.

Abstract: Various systems, mediums, and methods herein describe aspects of personal information platforms accessible with client devices over communication networks in data infrastructures. A system may determine data associated with a user. The system may determine a personal information platform (PIP) based on the data associated with the user, where the PIP is configured to identify a number of data types from the data associated with the user. The system may determine accesses for one or more entities to the number of data types based on one or more services provided by the one or more entities to the user. The system may cause a client device to display an indication of the PIP, where the indication provides the one or more accesses of the one or more entities.

Abstract: A dual-factor PIN based authentication system and method uses a cryptogram provided by a contactless card associated with the client in association with a PIN stored by the contactless card to authenticate the client. In some embodiments, cryptogram authentication may be preconditioned upon a PIN match determination by the contactless card. In other embodiments, the cryptogram may be formed at least in part using the personal identification number (PIN) stored on the contactless card encoded using a dynamic key stored by the contactless card and uniquely associated with the client. Authentication may be achieved by comparing the cryptogram formed using the PIN against an expected cryptogram generated an expected PIN and an expected dynamic key.

Abstract: The present invention relates to a security method for a smart phone, in which method a security keyboard app is installed in a smart phone of a staff member so as to make it possible to monitor information leakage. The security method for a smart phone comprises the steps of: running a first app on a smart phone and, when the first app is subject to key input, determining, by means of a security keyboard app installed in the smart phone, whether the first app is a predetermined app which is to be subject to security; monitoring the key input which is inputted to the first app, if the first app is a predetermined app that is to be subject to security; transmitting the monitored key input to a security server; and blocking the key input if the monitored key input includes a predetermined security key word.

Abstract: A loading package is adapted for loading a profile for a subscription into a subscriber identity module. A loading sequence through the implementation of which in the subscriber identity module the profile is set up in the subscriber identity module. A profile loading counter sequence is generated on the basis of a counter reading of a profile loading counter maintained at a data preparation server; is adapted to load into the subscriber identity module a profile loading counter with the generated counter reading; and is loaded into the subscriber identity module before the loading sequence. The profile loading counter sequence is further adapted if no implemented profile loading counter is present in the subscriber identity module, to implement the profile-loading counter in the subscriber identity module with a counter reading which determines an admissible number of times which the loading package may be loaded into the subscriber identity module.

Abstract: A client transmits a user identifier and a password to a server via an application programming interface (API). The client establishes an authenticated session with the server in which the client has a first set of permissions for operations associated with the API. The client receives, responsive to a verification of the user identifier and password by the server, a logon response and a shared secret. The client generates a one time passcode (OTP) based upon the shared secret. The client sends the OTP to the server via the API. Responsive to the server validating the OTP against the shared secret, the server grants a second set of permissions for operations associated with the API.

Abstract: A system for performing an automated test is disclosed. The method comprises programming a application programming interface (API) to control a default production flow on a tester, wherein the production flow comprises a plurality of test sequences associated with executing tests on devices under test (DUTs) connected to the tester. The method further comprises configuring the API to modify the default production flow to customize the plurality of test sequences in accordance with a user-specific API, wherein the user-specific API comprises a modification to the production flow in accordance with testing requirements of a user. Finally, the method comprises integrating the user-specific API with the API to customize the API for the user.

Abstract: A client transmits a user identifier and a password to a server via an application programming interface (API). The client establishes an authenticated session with the server in which the client has a first set of permissions for operations associated with the API. The client receives, responsive to a verification of the user identifier and password by the server, a logon response and a shared secret. The client generates a one time passcode (OTP) based upon the shared secret. The client sends the OTP to the server via the API. Responsive to the server validating the OTP against the shared secret, the server grants a second set of permissions for operations associated with the API.

Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.

Abstract: A code is displayed on a screen with a first set of indicia, the code designed to be read only by a computer system. A second code is displayed only when it is determined that the code is being read. This determination is made by an optical sensor, such as a camera, detecting a particular wavelength of light above a threshold, the wavelength associated with an expected reader device. While the particular wavelength is detected the second code is displayed. Once the light is no longer detected, the display reverts back to the first code. In this manner, the second code, such as a barcode to be read is only displayed while the barcode is actually being read, but is otherwise hidden from view. The entire process can take place in under a second or in a fraction of a second, such as 1/10th of a second or less.

Abstract: Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that is within a range of values for each criterion in the set of criteria, is determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for creating a unified passcode. One of the methods includes identifying that an application program installed on the system is assigned to a profile for an organization, identifying that the profile requires a passcode to allow access to the application program, providing a user interface with which user input is able to specify whether the system should use separate passcodes to unlock the system and provide access to the application program, receiving first user input that specifies that the system is to use a single passcode to both unlock the system and provide access to the application program, receiving, while the system is locked, second user input that specifies the single passcode, unlocking the system, receiving user input that selects a user interface element to activate the application program, and activating the application program without requesting a passcode.

Abstract: A system, method, and program product for exchanging physical, virtual or fiat currency between two individuals at the same geographic location using account information stored on a server database. The payer activates payer mobile device using biometric identification, then inputs the amount to transfer along with a payee security code, then payer presses “send.” The payee activates payee mobile device using a biometric identification, then payee inputs the amount to receive along with a payer security code then payee presses “send”. Both the payer and the payee mobile devices simultaneously receive from the server an alphanumeric transaction code along with the amount. Transaction code and amount are displayed on the respective mobile screens. When payee verifies that both mobile devices display the same transaction code and dollar amount, then the payee presses “I Agree” key on payee mobile device. Then the funds are exchanged at the server database. Payer and payee may also exchange corresponding cash.

Abstract: A user, particularly a user with a visual impairment, enters a security code or PIN via a touchscreen using different levels of pressure for predetermined count times. The ability to enter the entire PIN without lifting the user's finger or stylus from the touchscreen helps to prevent the user's PIN from being compromised by a bystander. A haptic feedback device may be used to aid the user to count out the correct number for each of the digits of the PIN without visual or audio feedback that may be intercepted by another party.

Abstract: A service device processes a service request using account information of a user. The service device captures a first image of the user, generates a first user facial template based on the first image, and transmits the first user facial template with the account information to a service processing system. The user arrives at the service device to initiate a subsequent service request. The service device captures a second image of the user and generates a second user facial template based on the second image and searches for the first facial template matching the generated second facial template. The service device transmits a first stored matching facial template to the service processing system and a request for account information. The service device receives stored account information associated with the stored first facial template from the service processing system. The service device processes the subsequent service request using the account information.

Abstract: A system and method for generating data for use in cryptography or secure modulation is provided. The method may include randomly generating a public code using a secret key, wherein the public code includes an interior matrix and a summing matrix, both having a predetermined dimension of rows and columns. After receipt of the public code and the rule of obfuscation by a receiving computer node, the method may further include generating an obfuscated matrix pattern from the interior matrix, based upon the rule of obfuscation. For symmetric key utilization, the receiving computing node can generate a symmetric code from the summing matrix, based upon the rule of obfuscation, which can be for use in communication between computing nodes. Alternatively, a server node can retrieve or generate the public code and the rule of obfuscation to the computing node. Thereby, each node is enabled to communicate privately with each other.

Abstract: Systems and methods for generating a dynamic verification value for electronic payment transactions are disclosed. A user of a portable consumer device enrolls the account identifier associated with the portable consumer device and specifies one or more customized linkage rules that identify one or more user communication devices and user identifiers that should be used to submit an authentication request message to an entity that generates a dynamic verification value. A server computer that receives an authentication request message determines whether the authentication request message complies with the specified customized linkage rules and generates a dynamic verification value.

Abstract: A mobile data storage device connectable to an electronic device includes a communication interface unit, a storage module and a control module connected to aforementioned components. The control module allows establishment of a data connection to the electronic device after it is determined that credential information obtained from the electronic device is authenticated, receives an asserted user ID and an asserted user password from the electronic device, looks up a user authority in a permissions table based on the asserted user ID, and enables the electronic device to operate the storage module based on the user authority, the asserted user ID, the asserted user password and a ID-password table.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for dynamic mode switching and management of communications between devices. Example methods include receiving a first event from a first application on a first device, determining a first application identifier of the first application, and determining that the first device is in a communal mode. Example methods may include determining a communal mode profile for the first device, where the communal mode profile is associated with a first user account identifier that is associated with the first device, determining a set of user account identifiers associated with an accessory device identifier of the accessory device, and associating the set of user account identifiers and the accessory device identifier with the communal mode profile. Example methods may include receiving an indication of a second event, and disassociating the set of user account identifiers from the communal mode profile.

Abstract: In some embodiments a wagering game system comprises a personal area network device configured to render media content including results of a wagering game. The system can include a wagering game machine configured to determine and provide the wagering game results to the personal area network device. The wagering game machine can include a personal area network device transceiver configured to exchange data with the personal area network device, the data including the wagering game results, and a personal area network controller configured to detect the personal area network device, to procure an identification code for the personal area network device without player input, and to authenticate the personal area network device by use of the identification code. The system can also include a repository configured to store the identification code in association with a player identifier and to provide the identification code to the wagering game machine upon request.

Abstract: Systems and methods for biometric subscriber account authentication are described. When a subscriber initially accesses subscriber account data maintained by the communication network, a first non-biometric authentication protocol is used. The subscriber may then be invited to set up biometric authentication, which includes generating a private key/public key pair. Subsequently, biometric authentication is performed at the user device to unlock the private key/public key pair, which is then used to support authentication of the subscriber to the communication network using a second authentication protocol.

Abstract: This invention is a method and system for tokenless biometric authorization of an electronic communication, using a biometric sample, a master electronic identicator, and a public communications network, wherein the method includes: an electronic communication formation step, wherein at least one communication comprising electronic data is formed; a user registration step, wherein a user electronically submits a registration biometric sample taken directly from the person of the user; a public network data transmittal step, wherein the registration biometric sample is electronically transmitted to a master electronic identicator via a public communications network, said master electronic identicator comprising a computer database which electronically stores all of the registration biometric samples from all of the registered users; a user registration biometric storage step, wherein the registration biometric sample is electronically stored within the master electronic identicator; a bid biometric transmittal

Abstract: The method disclosed herein provides for performing device authentication based on the of proximity to another device, such as a key device. When a key device is not near a mobile communications device, an unlock screen is allowed to be presented on a display screen. Based on the mobile communications device receiving a first code to unlock the mobile communications device, the mobile communications device is unlocked in a first mode. Based on receiving a second code while the unlocked mobile communications device is in the first mode, the unlocked mobile communications device changes from the first mode to a second mode, wherein a level of functionality of the mobile communications device in the second mode is greater than a level of functionality of the mobile communications device in the first mode.

Abstract: A network of electronic appliances includes a plurality of network units of electronic appliances. The network units include a first network unit and a plurality of second network units. The first network unit is connected to at least one of the second network units. Each of the network units includes a stem server and a plurality of peripheral devices connected to the stem server. The stem server includes at least one passcode and at least one list of a plurality of registration codes. Each list is associated to a respective passcode. Each registration code of one list associating to one passcode corresponds to a respective peripheral device. Each registration code is generated in response to a respective passcode using physical randomness of a respective peripheral device in correspondence to the passcode. An address of each identification cell is defined by several word lines and bit lines.

Abstract: A password is secured using a first key. At least one of a password record, a username record, and as domain name record is created. The at least one password record, username record, and domain name record are associated. The associated records are encrypted using a second key, where the second key is different from the first key. A credentials record is created based on the encrypted associated records.

Abstract: A method is described for operating a computer system comprising a computer and a display unit, wherein a reference pattern is formed based on input value fed into the computer, wherein image signals for the display unit are generated based on the input value, wherein the image signals fed to the display unit are detected, wherein the detected image signals are subjected to a pattern recognition to provide a recognized pattern, and wherein the recognized pattern is compared with the reference pattern.

Abstract: Systems and methods provide for clickjacking prevention code provided in an embedded webpage to prevent clickjacking when the embedded webpage is called by an embedding webpage determined to be illegitimate. When the embedded webpage is loaded on a user device, the clickjacking prevention code is executed and initially prevents content of the embedded webpage from being rendered. Additionally, the clickjacking prevention code sends a message containing a secret to a known domain that provides legitimate embedding webpages. When the embedding webpage sends a message to the embedded webpage, the message is checked to see if it contains the secret. If the message contains the secret, the embedding webpage is legitimate since it originated from the known domain, and the content of the embedded webpage is rendered. Alternatively, if the message does not contain the secret, the content of the webpage is not rendered.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: Disclosed is a user authentication method including at least: (1) performing a primary conversion to generate a first common authentication key and performing a secondary conversion to provide an encrypted first common authentication key, and registering the encrypted first common authentication key; (2) generating a first server authentication key, and performing an OTP operation on the first server authentication key to generate first server authentication information; (3) performing a primary conversion to generate a second common authentication key, performing a secondary conversion to generate an encrypted second common authentication key, generating a first user authentication key, and performing an OTP operation on the first user authentication key to generate first user authentication information; and (4) performing a user authentication or an authentication of the authentication server for determining a genuineness of the authentication server, based on coincidence of the first server authentication

Abstract: A method for aiding a user in recalling and generating a password. Many times it is easier for a user to remember a place, phrase, person, or other piece of information based on a certain context. The present invention allows for generating a password based on contextual information provided by the user. By providing a context type and a pass phrase, a secure password can be generated. The invention also provides a mechanism for “fuzzy matching”, in which a user only needs to provide a password that is close enough to a stored password to gain access to a website or service. The context type and pass phrase can be used to create a list of passwords (the list being limited to a certain number of entries), each matched against a database of passwords to validate entry.

Abstract: Automatic parameter value generation is disclosed. It is determined that a parameter value generation trigger associated with a parameter has occurred. A parameter value in accordance with a format of the parameter value is obtained. At least one location associated with a first component to which the parameter value is to be communicated is determined. The parameter value is communicated to the at least one location, and a parameter value refresh policy associated with the first component is determined.

Abstract: Unique customer identification and behavior is linked between either concurrent or sequential channels of engagement. Unique identifiers are created, captured, and/or passed between these multiple contact channels, e.g. Web, mobile, IVR, phone, automotive, television, to identify and tag the customer and their context, e.g. history, pass behavior, steps progressed, obstacles and/or issues encountered, etc., uniquely.

Abstract: To improve the convenience of a user and further provide service comfortable and safe for the user. A PK storing PMD as personal related information of a user communicates with a service system. When first using the service system, the PK stores the service ID of the service system and a spoofing preventing method. When the PK communicates with the service system for a second time and thereafter, a spoofing preventing process is mutually performed, and then the PMD is provided to the service system. The service system reads or changes the PMD on the basis of access permission information set in advance by the user. The present disclosure is applicable to PDAs.

Abstract: A non-transitory computer-readable medium storing instructions readable by a mobile terminal including a memory, an input interface, a first communication interface and a second communication interface, the instructions causing the mobile terminal to perform processes comprising: a storage processing of storing workflow information including device identification information and action identification information; a specifying processing of specifying the image processing apparatus, as a designated device; an information reception processing of receiving connection information from the designated device through the first communication interface; an extraction processing of extracting the workflow information coinciding with a first condition, among the workflow information; and an execution instruction processing of transmitting execution instruction information to the designated device through the second communication interface by using the connection information, wherein the execution instruction information

Abstract: Devices, systems, and methods of password recovery and password reset, as well as resetting or recovering other types of user-authentication factor. A system monitors and tracks user-interactions that are performed by a user of an electronic device or a computerized service. The system defines a user-specific task or challenge, in which the user is requested to enter a phrase or perform a task. A user-specific feature is extracted from the manner in which the user performs the task. Subsequently, that user-specific feature is utilized instead of a security question, in order to verify the identity of the user and to allow the user to perform password reset or to perform a reset of another user-authentication factor; by presenting to the user the same task or a similar task, and monitoring the manner in which the user performs the fresh task.

Abstract: A method for secure transactions on a mobile handset or tablet equipped with a touch screen controlled by a secure processor such as a master secure element or Trusted Execution Environment having gesture recognition capabilities. Since the touch screen is fully controlled by the secure processor, the user can securely enter the transaction amount using gestures to validate the transaction.

Abstract: An information processing apparatus which allows execution of NFC touch-to-print printing on condition that user authentication is successful, thus preventing NFC touch-to-print printing from being performed by every user. The information processing apparatus is equipped with an NFC (near-field communication) unit which has a memory. When authentication of a user is successful, connecting information for an external device to connect to the information processing apparatus is written into the memory.

Abstract: In one embodiment, a first computing device receives an access token from a second computing device, the access token being generated by the second computing device for a specific software application executing on a specific computing device; stores the access token; receives a request for the access token from a software application executing on a third computing device; verifies whether the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated; and sends the access token to the third computing device only when the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: Systems and methods for providing multi-factor authentication are discloses herein. A method for multi-factor authentication may include a step for receiving an authentication window request from an electronic device. The authentication window request may be configured to identify a user. The method may further include enabling an authentication window responsive, at least in part, to receipt of the authentication window request. The method may further include receiving a login verification request from an application server. The method may further include providing a response to the application server responsive, at least in part, to receiving the login verification request. The response may indicate whether the user may be selectively authenticated.

Abstract: A payment handling system may operate to handle payments for the cost of an open ticket transaction in which incremental authorization operations are performed. The payment handling system may receive items to add to the open ticket, payment instruments for paying the cost of the open ticket or adjustments to any bill splitting arrangement throughout the life of the open ticket. As items are added, payment instruments are received, and/or adjustments are input, the amount allocated to the one or more payments instruments may be updated. Incremental authorization values may be determined for some or all of the payment instruments. When the amount allocated to a payment instrument exceeds the incremental authorization value, an authorization of the instrument is attempted and a new authorization value is determined. At the end of the interaction, the open ticket is closed and payment is executed.

Abstract: A resilient device authentication system for use with one or more managed devices each including a physical unclonable function (PUF), comprises: one or more verification authorities (VA) each including a processor and a memory loaded with a complete verification set (CVS) that includes hardware part-specific data associated with the managed devices' PUFs and metadata, the processor configured to create a limited verification set (LVS) through one-way algorithmic transformation of hardware part-specific data together with metadata from the loaded CVS so as to create a LVS representing both metadata and hardware part-specific data adequate to redundantly verify all of the hardware parts associated with the LVS; and one or more provisioning entities (PE) each connectable to a VA and including a processor and a memory loaded with a LVS, and configured to select a subset of the LVS so as to create an application limited verification set (ALVS).

Abstract: Client devices with wireless functionality, but without wide area network or cellular network functionality, can obtain network access via a host device, where the host device has network access. Such network access can be obtained when a client device of a user is in local range of a host device, e.g., of a different user. An indication of a relative movement between the client device and a host device can be used to establish a network sharing connection.

Abstract: Systems, devices and methods for managing charging and power status for portable devices are disclosed. The systems, devices and methods of the present invention comprise determining existing battery level and charge status of a device, comparing the battery level and charge status with predicted battery usage of tasks associated with calendar events scheduled to take place before the next charge, and transmitting an alert to one or more devices when a threshold likelihood that the battery level will not be sufficient for the predicted battery usage is exceeded. The present invention advantageously displays available power based on time available for certain tasks, and manages device power and resources by modifying and/or transferring tasks from a device having a battery level below a threshold level to one or more other devices with a higher battery levels.

Abstract: According to one embodiment, a method for access configuration in a wireless network includes acquiring authentication information of a digital device and information needed to access an Access Point (AP) of the digital device, from a Radio Frequency IDentifier (RFID) tag, and accessing the AP.

Abstract: A method and apparatus for conducting a secure transaction involving generation of a dynamic authentication code on a mobile device, based on secret data which does not identify an account. The authentication code and financial account identifying information are transmitted to a validating entity, which shares information about the secret data, to authorize the transaction.