Abstract: Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, determine an offset to be used and, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by the offset.

Abstract: The present invention is to enable a user to input authentication information without burden, such that the user only has to memorize part of the authentication information even when inputting lengthy authentication information in order to ensure high-level security. When an operation of inputting and arranging authentication information in an information arrangement region is performed in a state where an arrangement status of a specified portion in the information arrangement region is set in advance as partial-authentication reference information in a reference authentication information memory, a CPU detects an arrangement status of the specified portion from an overall arrangement status in the information arrangement region, and performs, as partial authentication, processing of matching the detected arrangement status of the specified portion and the arrangement status of the specified portion set as the partial-authentication reference information.

Abstract: An authenticity accuracy, corresponding to a personal identification number, is determined. A device presents a correct image (or group of images) and an incorrect image (or group of images). Selections from a user are received until a sufficient number of correct images are selected to satisfy the authenticity accuracy. For example, a counter may be incremented when the correct image is selected, and the user may be considered to be authenticated if the counter reaches a sufficient level.

Abstract: According to one embodiment, a person authentication method includes obtaining, from a medium carried by a person who passes through a first position, first information indicating the gender and the age of the person; performing a first authentication operation with respect to a person whose face image is included in a first image obtained by capturing a person passing through the first position; and setting, as the first authentication operation, an authentication operation to be performed using the face image of a person having the gender and the age specified in the first information.

Abstract: A method of providing access to secure features of a device includes detecting motion of a secured device during entry of first access credentials on the secured device, storing first motion data in association with the first access credentials, the first motion data indicating a pattern of the detected motion, and granting access to a secured feature of the secured device when a user enters user access credentials matching the first access credentials accompanied by detected motion that produces user motion data matching the first motion data to a degree within a defined valid data range of the first motion data.

Abstract: A user detecting unit detects a mobile identification device in a communicable range of a wireless communication device, and determines a user in association with the detected mobile identification device and determines user authority of the user among general user authority and administrator user authority. The general user authority is prohibited from using a specific function allowed to the administrator user authority. The login processing unit performs a login process based on the detected user authority for the user. If the mobile identification device with the administrator user authority is detected after the login process based on the general user authority and a distance is less than a predetermined value between the detected mobile identification devices with the general user authority and the administrator user authority, then the authority changing unit changes the user authority of the user from the general user authority to the administrator user authority.

Abstract: A system and method of efficiently inspecting content is provided. Embodiments of the invention may inspect files accessed by an application prior to an activation of the application. Selective inspection of files accessed by an application may be based on a previous inspection. Inspection of files accessed by an application may be postponed or performed concurrently with the access. A prioritized queue may include references to files, a priority may be related to a risk level and an inspection order may be according to a risk level.

Abstract: Provided are an apparatus and method for inputting a character The apparatus includes a recognition unit configured to measure lengths from arbitrary points on a user's hands to respective fingertips and recognize a click gesture using the measured lengths, a control unit configured to control character input according to the recognized click gesture, and a display unit configured to display a character pad for the character input and display a character input according to the click gesture recognized on the character pad.

Abstract: The present invention relates to an application that is configured to provide secure access to confidential information. To protect the confidential information, the application may include functions that utilize a decoy application to disguise the functionality of the application. A unique sequence of inputs received through an interface associated with the decoy application may permit a user to access the confidential information. An authorized user that has been provided access to the confidential information may access configuration interfaces that permit the user to define the inputs that will serve as login credentials and to customize the appearance and functionality of the decoy application.

Abstract: A mobile communication system that includes a vehicle and a mobile device is provided. The method pertains to revoking communication control privileges of the mobile device previously authorized to control the vehicle. The method includes the steps of receiving a revocation request at the vehicle via a user interface device, the revocation request including a request to revoke the communication control privileges of the previously authorized mobile device, wherein the control privileges includes a capacity to remotely command at least one of a plurality of vehicle functions; and based on the revocation request, revoking at the vehicle the communication control privileges of the previously authorized mobile device.

Abstract: A method of operating a server comprises receiving an authorization request comprising a password, accessing an expiry date for the password, transmitting a response comprising the expiry date, ascertaining whether the password has expired, and receiving a new password, if the password has expired. Optionally, the transmitted response further comprises a date representing the last use of the password and/or an integer value representing a retry parameter.

Abstract: A personal computing device, server or other type of processing device authenticates a user attempting to access a protected resource by verifying user knowledge of one or more extracted characteristics of stored information indicative of an internal operating state of that resource. The one or more extracted characteristics are characteristics that would likely be known to the user if that user had made one or more previous authenticated accesses to the protected resource. For example, the extracted characteristics may be indicative of a manner in which the user had utilized the protected resource during the one or more previous authenticated accesses to the protected resource. The processing device receives input from the user regarding the one or more extracted characteristics, and grants or denies access to the protected resource based at least in part on the input received from the user.

Abstract: Disclosed are various embodiments for management functions relating to security credentials. Account data, which includes multiple security credentials for multiple network sites for a user, is stored in an encrypted form. A request to temporarily change the account data is obtained from a client. The request specifies a master security credential for accessing the account data. In response to the request, the multiple security credentials for the account data are changed to a single temporary security credential, as specified by a user. After an expiration period expires, the multiple security credentials are automatically reset to a plurality of different security credentials.

Abstract: In accordance with embodiments of the present disclosure, a method may include storing a system fingerprint of an information handling system, the system fingerprint comprising information associated with one or more information handling resources of the information handling system recorded during creation of the system fingerprint including information regarding a security seed, wherein the security seed comprises a value stored at a location of a non-transitory computer readable medium integral to an information handling resource of the one or more information handling resources. The method may also include during a verification mode, based on the information in the system fingerprint, determining whether potential tampering of the information handling system has occurred, and if potential tampering has occurred, issuing an alert indicating potential tampering with the information handling system.

Abstract: A method and apparatus for password entry, the method comprising: displaying a password inputting keyboard on a display, the keyboard including a character carrier and a position carrier, the character carrier and the position carrier are capable of relative movement between each other so that when the position of a character in the character carrier is corresponding to a position mark on the position carrier, the position of at least one other character in the character carrier is corresponding to at least one other position mark in the position carrier; in response to a user causing relative movement between the character carrier and the position carrier, aligning a character in the character carrier with a position mark in the position carrier; and in response to a lapse of a predetermined time, recording the character and its input order and changing the layout of the password inputting keyboard.

Abstract: Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process.

Abstract: A document management apparatus includes a reception unit, an operation information extraction unit, a memory, an executability determination unit, and an operation execution unit. The reception unit receives an operation request for an electronic document from an operator. The operation information extraction unit extracts operation information related to the operation request. The memory stores operation history information which is an accumulation of previous operation information which is operation information related to previous operation requests previously made for electronic documents. The executability determination unit reads the operation history information from the memory to determine whether or not an operation pertaining to the operation request is executable on the basis of the operation information and the operation history information.

Abstract: A technique provides access control on a mobile device (e.g., a smart phone, a tablet, etc.). The technique involves displaying an image on a touch screen of the mobile device. The technique further involves, while the image is displayed on the touch screen, receiving user input from a user. The user input includes user gestures applied to the touch screen over the displayed image. The technique further involves performing an access control operation which provides an access control result based on the user input, the access control result (i) providing access to a set of protected resources when the user input matches expected input and (ii) denying access to the set of protected resources when the user input does not match the expected input.

Abstract: The present invention provides an image display device comprising: a sensing unit for sensing an input gesture of a user; a display unit for outputting visual information among the executed data of an application when the application is executed; a collection unit for collecting control gesture information included in the executed data; and a control unit for executing an event of the application which is included in the executed data and corresponds to the control gesture information if the control gesture information and the input gesture sensed by the sensing unit are matching while the application is executed.

Abstract: Systems and methods for generating secure passwords, personal identification numbers (PINs), and other user credentials using touch-aware devices are described. In some cases, an end user of a computing device may use a touch-sensitive interface (e.g., a touchscreen) to indirectly enter user credentials for accessing protected information or a protected computing resource using the computing device. The end user may indirectly enter the user credentials by entering information that is different from the actual user credentials. In one example, the touch-sensitive interface may display a plurality of numbers and paths connecting the plurality of numbers and the end user of the computing device may select a sequence of numbers of the plurality of numbers using a touch gesture. The computing device may generate a user credential different from the sequence of numbers using the sequence of numbers selected by the end user.

Abstract: A document management apparatus includes a reception unit, an operation information extraction unit, a memory, an executability determination unit, and an operation execution unit. The reception unit receives an operation request for an electronic document from an operator. The operation information extraction unit extracts operation information related to the operation request. The memory stores operation history information which is an accumulation of previous operation information which is operation information related to previous operation requests previously made for electronic documents. The executability determination unit reads the operation history information from the memory to determine whether or not an operation pertaining to the operation request is executable on the basis of the operation information and the operation history information.

Abstract: The present invention relates to an application that is configured to provide secure access to confidential information. To protect the confidential information, the application may include functions that utilize a decoy application to disguise the functionality of the application. A unique sequence of inputs received through an interface associated with the decoy application may permit a user to access the confidential information. An authorized user that has been provided access to the confidential information may access configuration interfaces that permit the user to define the inputs that will serve as login credentials and to customize the appearance and functionality of the decoy application.

Abstract: Disclosed herein is a method for generating a high entropy password using a low entropy password and low-entropy login data comprising supplying the low entropy password to a system comprising a generating client and/or a recovery client; and at least n servers; submitting request data derived, at least in part, from the user's low entropy password, where the request data includes authentication data; engaging in a distributed protocol with at least t servers to generate high-entropy values based on stored cryptographic information and a set of authentication information stored on the at least n servers which is checked against the authentication data provided by the user and/or the generating client and/or a recovery client; and generating the high entropy password.

Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.

Abstract: Methods and systems for managing directory information, such as onboarding a LDAP server, employing a processor coupled to memory and other computer hardware and software components for receiving a request related to one or more applications from a requestor in pre-determined business logic, acknowledging the request by an approver function without requiring the requestor to negotiate, for example, with an LDAP administrator to justify the request, and provisioning the request into the enterprise LDAP server in the pre-determined business logic.

Abstract: A method and apparatus for obtaining a password hint is disclosed. In some embodiments, the method includes: receiving a spatial pattern from a user; obtaining a password comprising a plurality of characters; obtaining a password hint comprising an arrangement of characters, wherein the arrangement of characters includes the plurality of characters of the password and additional characters, and the plurality of characters of the password are located within the arrangement of characters according to the received spatial pattern. The method may also include storing the password hint or providing the password hint to the user.

Abstract: The invention relates to a method for enabling the authentication or identification of a person (1) using a first electronic device (2) comprising an image-capturing unit and a data-transmission unit, the method including a step of registering said person in a verification system (3). The registration step includes the steps of: capturing, using the image-capturing unit of said electronic device, a first image (h) of at least one object (O) of any kind that is secretly selected by the person; and transmitting said first image to the verification system by means of said data transmission device of said first electronic device.

Abstract: A system and method is provided for visual authentication and authorization of a user for mobile devices, the system having: a login display on a mobile selection device displaying a visual pattern, a data collection engine whereby selection features are obtained from a plurality of user selection events to the mobile selection device with reference to the visual pattern, the selection attributes comprise measured selection attributes and derived selection attributes calculated from the measured selection attributes; an authentication engine whereby the selection attributes are compared to projected user selection attributes derived from user selection attribute values obtained during prior successful logins.

Abstract: Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.

Abstract: A method is provided for reducing a number of keys that a user is required to depress on a device having a keyboard with a limited number of keys when the user enters a password. The method comprising the following steps. A subset of characters used to define the password is determined. A filter to apply to the keyboard is determined in accordance with the determined subset of characters. The filter is applied when the user depresses the keys. Devices and computer readable medium for implementing the method are also provided.

Abstract: A security device and controlling method thereof are provided. The security device includes: a storage configured to store a plurality of passwords, wherein a complexity of the passwords increases according to a security level; an inputter configured to receive a password input by a user; a detector configured to detect a security level of the received password by comparing the received password and the plurality of passwords stored in the storage; and a controller configured to provide an authority to access an element of an electronic device connected with the security device according to the detected security level.

Abstract: A system for managing one or more certificates on granular object level in one or more datacenters is provided. The system includes a discover module, an inventory module, a work order module, and a policy module. The discover module is configured to discover the one or more certificates. The inventory module is configured to provide details of the one or more certificates. The work order module is configured to store details of (i) a work order id of the one or more certificates, (ii) device information of the one or more certificates, (iii) a time stamp of implementation of the one or more certificates, and (iv) a status the one or more certificates. The policy module is configured to create a policy that specifies (i) usage of the one or more certificates, and (ii) practices that a certificate authority (CA) employs to manage the one or more certificates.

Abstract: Embodiments of the present invention provide a method and user equipment for unlocking a screen saver, which can implement personalized operations of screen saver unlocking. The method includes: detecting a position of a first input on a screen; detecting a duration of the first input when the position of the first input falls into a user-preset track; and unlocking the screen saver when the duration exceeds a time threshold. The corresponding user equipment includes a position detecting module, a time detecting module, and a screen. The above technical solutions may implement personalized operations of screen saver unlocking and increase fun by detecting whether the position of a user input falls into a user-preset track and detecting the duration of the user input.

Abstract: The preferred embodiments of the present invention include providing automated passcode recovery in an interactive voice response system by providing to a caller an automated passcode recovery question and processing a caller answer to the automated passcode recovery question to authenticate the caller.

Abstract: A gaming system employs a device security firewall having a plurality of rules and an inclusion list of a plurality of devices allowed to operate on a gaming device for determining acceptable data traffic on the gaming device.

Abstract: At the time of input of authentication information, even when the hand and the input screen are seen from the third person, guess of authentication information is made difficult. A plurality of keys serving as input means are divided into a first region and a second region. Then, the first region and the second region are caused to transit between a first state and a second state distinguished from each other depending on the displayed contents. When a region where a key to be inputted for the input of authentication information is arranged is in the second state, input to the above-mentioned plurality of keys is recognized as dummy.

Abstract: Utilizing an image on a computing device to serve as a template for locking/unlocking the computing device. The image includes a plurality of portions that are defined and thereafter identified and presented to a user via a touch screen. A user selects portions/zones that are defined within the image in a specified sequence and this sequence is stored as a lock/unlock code for unlocking the computing device. In an embodiment, in addition to the specified sequence of selections, a movement or sequence of movements may be also be stored as part of the lock/unlock code.

Abstract: A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user's input reflects the fact that the user knows the PIN, then the user is authenticated.

Abstract: A method for user authentication in a device comprising a touch screen is provided. In operation, the device stores a user authentication code corresponding to a user. When a trigger for user authentication is detected, the device randomly selects one or more character positions in the sequence of characters. The device further requests the user to enter a character corresponding to each of the selected one or more character positions in the sequence of characters. When the device detects a user entry made using a keypad on the touch screen, the device determines whether the user entry matches a character corresponding to each of the selected one or more character positions. When the user entry matches a character corresponding to each of the selected one or more character positions in the sequence of characters, then the user is successfully authenticated to the device.

Abstract: Methods and systems are provided for authenticating a user for access to restricted content. An exemplary method involves providing a plurality of selectable regions on a display, authenticating the user based at least in part on a user input that corresponds to a selectable region that includes a portion of authentication information, and providing the restricted content to the display after authenticating the user. Each selectable input region of the plurality of selectable regions includes a plurality of characters. In exemplary embodiments, the characters of one or more selectable input regions are randomized.

Abstract: Data security management system and methods are provided. First, a first system having a management authority is provided. The first system displays an input interface on an input device. A switch switches the management authority from the first system to a second system, wherein the second system operates with a secure mechanism. When the management authority is switched to the second system, the first system transmits layout information of the input interface and an input device characteristic of the input device to the second system. The second system receives input data via the input device, and decodes the input data according to the layout information and the input device characteristic.

Abstract: A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password.

Abstract: The invention relates to a system and method for generating and authenticating one time dynamic password based on the context information related to a user. It involves retrieving user context information and generating a dynamic value based on that. The first one time dynamic password is generated at the user device using the first dynamic value and the user PIN. The first dynamic value along with the user identifier is sent to the authentication server. The authentication server sends the user identifier to the context management server. The context management server has access the context information used to generate the first dynamic value and based on that they generate a second dynamic value. The authentication server receives this value and generates the second one time dynamic password and if it matches with the first one time dynamic password then the authentication server authenticates the first one time dynamic password.

Abstract: In certain embodiments, a system having a memory and a processor. The memory is operable to store a credential verifier associated with a user account and a counter. The processor is coupled to the memory and the memory includes executable instructions that cause the system to receive a first authentication attempt and increment the counter if validation of the first authentication attempt against the credential verifier fails. The instructions also cause the system to receive a second authentication attempt and increment the counter only if validation of the second authentication attempt against the credential verifier fails and the second authentication attempt is distinct from the first authentication attempt.

Abstract: A codebook, comprising a number of groups of symbols in a predetermined pattern printed on a card or the like is issued to a user. The user is attributed or selects an extraction pattern representing an order of progression through the symbols in each group of symbols. When the user wishes to make an authentication action an authentication party challenges the user to submit the symbols found at selected positions in the extraction pattern. The user applies the extraction pattern to the codebook and retrieves the symbols found at the selected positions, and submits these to the authenticating party. The authenticating party applies the same extraction pattern to the same codebook, and determines whether the results match those submitted by the user, and in a case where the two sets of symbols match, authenticates the user.

Abstract: A computing device receives data access records and determines a user data access behavior pattern for a user based on the data access records. The computing device receives new data access records and identifies any deviation from the user data access behavior pattern based on the new data access records. Upon identifying deviation from the user data access behavior pattern, the computing device generates an alert indicating that the user has deviated from the user data access behavior pattern.

Abstract: The present invention relates to an application that is configured to provide secure access to confidential information. To protect the confidential information, the application may include functions that utilize a decoy application to disguise the functionality of the application. A unique sequence of inputs received through an interface associated with the decoy application may permit a user to access the confidential information. An authorized user that has been provided access to the confidential information may access configuration interfaces that permit the user to define the inputs that will serve as login credentials and to customize the appearance and functionality of the decoy application.

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

Abstract: A method for providing a public key/secret key pair for encrypting and decrypting data, wherein the public key of the public key/secret key pair and a master secret key are generated based on predefined policy information, and wherein the secret key of the public key/secret key pair is generated based on the generated master secret key and predefined attribute information. A method for accessing a system in an untrusted environment and a system for providing a public key/secret key pair for encrypting and decrypting data as well as a use for access control are also described.

Abstract: Image based login procedures for computer systems include: (a) displaying a first image on a computer screen; (b) receiving user input indicating a portion of the first image; (c) determining if the user input corresponds to a first acceptable user input for user authentication; and (d) proceeding with the authentication procedure when this user input corresponds to the first acceptable user input for user authentication. Additionally or optionally, when proceeding with this authentication procedure, the systems and methods further may include: displaying a second image on the screen; receiving new user input indicating a portion of the second image; and determining if this new input corresponds to a second acceptable user input for user authentication.