Abstract: A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.

Abstract: A processor-based system, including systems without keyboards, may receive user inputs prior to booting. This may done using the graphics controller to generate a window which allows the user to input information. The system firmware may then compare any user inputs, such as passwords, and may determine whether or not to actually initiate system booting.

Abstract: A customer initiated password reset system resets user passwords on a variety of network entities, such as internal systems, allowing simultaneous reset with a minimum number of user specified passwords that nonetheless satisfy the password specifications of these internal systems. Thereby, the user avoids the tedium of logging into each of these systems, changing their password, logging out, etc., for each system with the likelihood of creating unique passwords for each system that have to be remembered. By further incorporating a score metric based upon how many character sets are touched, a required degree of complexity can be measured and enforced against the password specifications. Advantageously, a table-based approach to enforcing password reset against the multiple password specifications facilitates making and fielding updates.

Abstract: A system and method for automatically selecting a procedure for resetting an authentication data, such as a password, a PIN, a secret key, or a private key, according to the value of the user data protected by the authentication data and/or the likelihood for the user to forget or otherwise lose the authentication data. The user's preference is also considered in selecting the procedure for resetting the authentication data.

Abstract: A system and method for validation and enforcement of application security, wherein the user credentials and the integrity of a target application are verified before the target application is permitted to execute.

Abstract: A user can make a symbol with their hand, or other such gesture, at a distance from a computing device that can be captured by at least one imaging element of the device. The captured information can be analyzed to attempt to determine the location of distinguishing features of the symbol in the image information. The image information is then compared to hand gesture information stored in, for example, a library of hand gestures for the user. Upon identifying a match, an input to an application executing on the computing device is provided when the image information contains information matching at least one hand gesture with at least a minimum level of certainty. The hand gesture could include a single “static” gesture, such as a specific letter in sign language, for example, or include two or more “static” gestures. The gesture could also include motion, such as hand movement.

Abstract: Techniques for distributed license management are provided. Three or more services or servers cooperate and negotiate with one another to establish primary, secondary, and tertiary licensing services. Initially, the primary is designated as a master licensing service and manages a license for a plurality of users over a network. If the primary fails to respond within a configurable period of time to both the secondary and tertiary licensing services, then the secondary dynamically assumes a master licensing service role for purposes of managing the license.

Abstract: A computing system such as a game console maintains and updates a biometric profile of a user. In one aspect, biometric data of the user is continuously obtained from a sensor such as an infrared and visible light camera, and used to update the biometric profile using a machine learning process. In another aspect, a user is prompted to confirm his or her identify when multiple users are detected at the same time and/or when the user is detected with a confidence level which is below a threshold. A real-time image of the user being identified can be displayed on a user interface with user images associated with one or more accounts. In another aspect, the biometric profile is managed by a shell on the computing system, where the shell makes the biometric profile available to any of a number of applications on the computing system.

Abstract: A method and system for protection of and secure access to a computer system or computer network. The method includes the steps of receiving a first login account identifier, such as a user name from a user in communication with the computer system or network. A determination is made if the user is recognized and enrolled from the first login account from the first login account identifier. If the user is recognized, a grid of randomly generated visual images is displayed including one visual image from an image category which has been preselected by the user upon enrollment. An image category identifier is randomly assigned to each visual image in the grid. An image category identifier, second login account identifier, such as a password, is entered and received. If the login account identifier and the image category is validated, access is permitted to the computer system or network.

Abstract: A method for generating a changing authentication input or password for a user is provided for accessing a computing device such as a smartphone or computer. Using objects displayed in sequential positions on a graphic display, and input strings of text or alphanumeric characters the user has related to each object, a password can be generated by placing the input strings in an order the same as the sequence. The password can be varied easily for each access attempt by changing the objects displayed and/or the sequence.

Abstract: In one embodiment, a biometric device includes a first portion having a processor and a second portion releasably coupled to the first portion. The processor is configured to determine whether the second portion is coupled to the first portion. The processor is configured to operate in an enrollment mode while the first portion is coupled to the second portion and operate in an authentication mode while the first portion is decoupled from the second portion. In one embodiment, a method of biometric authentication includes, first, coupling two portions of a biometric device to put it into an enrollment mode, collecting a biometric sample, and generating and storing a corresponding enrollment code; and second, decoupling the two portions of the biometric device, collecting a biometric sample, generating a corresponding access code, and granting or denying access to an asset based on comparison of the enrollment code and the access code.

Abstract: A method, comprising: acquiring candidate data in association with a request for accessing a resource, the candidate data comprising first data and second data; processing the first data with a first key in an attempt to effect decryption of the first data, thereby to obtain first processed data; processing the second data with a second key in an attempt to effect decryption of the second data, thereby to obtain second processed data; and granting the request if a pre-determined portion of the first processed data is derivable from the second processed data. The method may further comprise extracting from the first processed data a group identifier and the pre-determined portion of the first processed data, and effecting a comparison of the group identifier to a reference group identifier in order to conclude whether the first data has been successfully decrypted based on an outcome of the comparison.

Abstract: A policy manager generates a uniform cloud service and information security policy based on a plurality of access contexts. The policy manager distributes the uniform cloud service and information security policy to a plurality of security blades, the security blades located within a plurality of cloud services and configured to control access for a user device to the cloud services and the information contained therein based on the uniform cloud service and information security policy.

Abstract: An image forming apparatus communicates with an authenticating server which stores user information for identifying a user and authentication information included in a storing medium. An authentication requesting unit transmits the user information input to the image forming apparatus to the authenticating server to authenticate the user. An authentication result obtaining unit obtains the user authentication result from the authenticating server. A display unit displays a registering mode for registering the authentication information corresponding to the input user information and a deleting mode for deleting the authentication information corresponding to the input user information so that the modes can be selected according to the obtained authentication result.

Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.

Abstract: A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

Abstract: The present invention relates to using authorization information provided by an asserting agent to control insight-related interactions between a receiving agent and an insight agent. The insight may be information that relates to an entity with whom or a device with which the asserting agent is associated. Such insight is generally referred to as insight of the asserting agent. An insight source maintains the insight of the asserting agent, and the insight agent provides controlled access to the insight by the receiving agent through the insight-related interactions. For others to gain access to at least certain of the asserting agent's insight, the asserting agent must authorize the insight agent to provide the asserting agent's insight to the receiving agent. Upon obtaining the proper authorization, the insight agent will interact with the receiving agent and distribute the asserting agent's insight to the receiving agent.

Abstract: A method for injecting a security token into an authentication protocol response is disclosed. An authentication protocol response from a node requesting access to a network is intercepted. It is determined if the node complies with a health policy of the network. A security token is inserted into the authentication protocol response based on the compliance node.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information.

Abstract: A microprocessor includes a model specific register (MSR) having an address, fuses manufactured with a first predetermined value, and a control register. The microprocessor initially loads the first predetermined value from fuses into the control register. The microprocessor also receives a second predetermined value into the control register from system software of a computer system comprising the microprocessor subsequent to initially loading the first predetermined value into the control register. The microprocessor prohibits access to the MSR by an instruction that provides a first password generated by encrypting a function of the first predetermined value and the MSR address with a secret key manufactured into the first instance of the microprocessor and enables access to the MSR by an instruction that provides a second password generated by encrypting the function of the second predetermined value and the MSR address with the secret key.

Abstract: A method and system for server-side key generation for non-token clients is described.

Abstract: The invention discloses an authenticating method and a system thereof, which relates to information security field and solves the problem that the user information is not safe in transaction process.

Abstract: Protecting the security of an entity by using passcodes is disclosed. A user's passcode device generates a passcode. In an embodiment, the passcode is generated in response to receipt of user information. The passcode is received by another system, which authenticates the passcode by at least generating a passcode from a passcode generator, and comparing the generated passcode with the received passcode. The passcode is temporary. At a later use a different passcode is generated from a different passcode generator. In these embodiments, there are asymmetric secrets stored on the passcode device and by the administrator. This adds more security so that if the backend servers are breached, the adversary cannot generate valid passcodes. In some embodiments, the passcode depends on the rounded time.

Abstract: Method and apparatus for securing confidential data related to a user in a computer is described. In one example, rules are obtained that provide a representation of the confidential data. A storage system in the computer is searched using the rules to detect a file having at least a portion of the confidential data. The file is encrypted the in-place within the storage system using symmetric encryption based on a secret associated with the user.

Abstract: Techniques for distributed license management are provided. Three or more services or servers cooperate and negotiate with one another to establish primary, secondary, and tertiary licensing services. Initially, the primary is designated as a master licensing service and manages a license for a plurality of users over a network. If the primary fails to respond within a configurable period of time to both the secondary and tertiary licensing services, then the secondary dynamically assumes a master licensing service role for purposes of managing the license.

Abstract: An authentication server transmits authentication information used to authenticate the transmission origin of an authentication request, to a sub-authentication server, when receiving the authentication request. The authentication server transmits identification information to identify the sub-authentication server to which the authentication information is transmitted, to a terminal. The terminal includes a transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request and transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit. The terminal updates the identification information using the identification information, when receiving the identification information.

Abstract: Disclosed are various embodiments for an authentication manager. A security credential is generated based at least in part on a security credential specification associated with a network site. The security credential and a domain name associated with the network site are stored. The security credential is provided to the network site when a domain name associated with a trusted certificate provided by the network site matches the stored domain name.

Abstract: In one or more implementations, a computing device receives an indication that a device is attempting to pair with the computing device. If a user is not currently authenticated with respect to the computing device, inputs received by the device are restricted from being used by the computing device for uses other than authenticating the user.

Abstract: This disclosure is directed to content protection key management. In general, devices may include secure processing resources configured to derive content keys (e.g., for use in decrypting secure content) using key ladders. In one embodiment, a device may comprise, for example, at least a secure processing module to derive content keys for use in decrypting secure content. The secure processing module may include, for example, a key ladder storage module and a secure key storage module. The key ladder storage module may be to store at least one key ladder for use in deriving at least one content key. The secure key storage module may be to store the at least one content key derived using the key ladder.

Abstract: A method is provided, including (a) upon a standard small form-factor pluggable (SFP) module being inserted into an SFP jack on a network host device, determining if the SFP module is a legacy device or a smart device, (b) upon determining that the SFP module is a legacy device, receiving a magic code from the SFP module and determining if the magic code is a valid magic code, and (c) upon determining that the SFP module is a smart device, performing a smart authentication process with the SFP module. Associated apparatuses and additional methods are also provided.

Abstract: Methods, systems, and media for measuring gesture-based password quality are provided, the methods comprising: receiving a first image; receiving a proposed password; identifying points of interest in the image each associated with an attribute; receiving a gesture selection function sequence, with a plurality of gesture selection functions each associated with a gesture type and a point of interest attribute; determining that a subset of points of interest in the image have attributes corresponding to attributes associated of a gesture selection function sequence; generating a possible password based on the gesture selection function sequence; determining and presenting a relative strength of the proposed password based on whether the proposed password matches the possible password.

Abstract: There is provided a method and apparatus for communications using short range communications such as Near Field Communications (NFC). A mobile device comprising an NFC subsystem provides a dynamic credential for use to login to a network requiring two factor authentication. A terminal used for logging in to the network is associated with an NFC reader, and bringing the NFC device in proximity to the NFC reader provides the terminal with the dynamic credential required for two factor authentication.

Abstract: Devices, systems and methods that route a communication link to a proper destination are disclosed. The method may include connecting the communication link to a first destination; requesting a response from the first destination; validating the response from the first destination; and disconnecting the communication link to the first destination if the response from the first destination is not valid. The method may also include connecting the communication link to a second destination; requesting a response from the second destination; and disconnecting the communication link to the second destination if the response from the second destination is not valid. The devices, systems and methods may provide hunt group, call center and conference call features as discussed later herein.

Abstract: A computer-implemented method for managing authentication may include identifying authentication-capabilities information of an online service. The computer-implemented method may also include identifying, within the authentication-capabilities information, a specification indicating how a remote computing agent may interact with the online service to perform an authentication function supported by the online service. The computer-implemented method may further include using the specification to interact with the online service to perform the authentication function. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of systems and methods for power-on user authentication are disclosed. A method for power-on user authentication may comprise receiving an authentication input with a security controller of a computing device prior to supplying power to a primary processor of the computing device, comparing the authentication input to an authentication code using the security controller, and supplying power to the primary processor in response to the authentication input matching the authentication code.

Abstract: In some embodiments, computer systems, storage mediums, and methods are provided for controlling a connecting device's access to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for authentication, authorization, and accounting of connecting devices connecting to a plurality of computer networks. In other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of authentication routing data and authorization policies among a plurality of computer networks. In yet other embodiments, the provided computer systems, storage mediums, and methods may provide for the distribution of accounting among a plurality of computer networks.

Abstract: A computational device having a user interface is disclosed, the user interface enables a user to securely enter data into the computational device. In particular, the user interface may include a user input portion and a user output portion. The user input portion may be partitioned into a number of input zones, each having a data value associated therewith that when engaged by a user causes the data value associated with the engaged input zone to be provided as input to the computational device.

Abstract: The present invention prevents illegitimate access to a user computing machine. A method in accordance with an embodiment includes: setting an authentication routine in the user computing machine; generating a virtual keyboard on the user computing machine; entering a user identification through the virtual keyboard, the user identification being entered according to a virtual keyboard form factor; comparing the entered user identification with a secure user identification previously stored in the user computing machine; and validating the user access to the user computing machine if a match occurs, otherwise denying access.

Abstract: An electronic device, system and method for automatically managing wireless connections with a plurality of other devices are provided. The electronic device may be a security token access device and may be adapted to wirelessly pair and optionally securely pair with other devices. Connection information, which may comprise security information, is maintained at the electronic device for each connected device. When a connected device becomes stale, the electronic device implements one or more steps to manage the stale device's connection.

Abstract: A device for secure access to digital media contents, the device comprising an access means for accessing digital media contents from a data source and a reader for authenticating a user, the authentication being performed by checking some authentication data. An internal communication path between the access means and the reader is not directly accessible from outside the device.

Abstract: A pressure key includes a pressure sensor, a microprocessor chip, a storage device, a port, a record button and an enter button. When the pressure key is connected to a computing device and the record button is pressed, the pressure sensor is triggered to record a pressure signal input by a user. The microprocessor chip converts the pressure signal into a password, stores the password into the storage device, and sends the password to the computing device to lock the computing device. When the pressure key is connected to the computing device again and the enter button is pressed, the microprocessor chip retrieves the password from the storage device and sends the password to the computing device. The computing device is unlocked if the received password matches the password stored in the computing device.

Abstract: A voice key includes a voice sensor, a microprocessor chip, a storage device, a port, a record button, and an enter button. When the voice key is connected to a computing device and the record button is pressed, the voice sensor is triggered to record a voice signal input by a user. The microprocessor chip converts the voice signal into a password, stores the password in the storage device, and sends the password to the computing device to lock the computing device. When the voice key is connected to the computing device again and the enter button is pressed, the microprocessor chip retrieves the password from the storage device and sends the password to the computing device. The computing device is unlocked in response to determining that the received password matches the password stored in the computing device.

Abstract: A temperature key includes a temperature sensor, a microprocessor chip, a storage device, a port, a record button and an enter button. When the temperature key is connected to a computing device and the record button is pressed, the temperature sensor is triggered to record a temperature signal input by a user. The microprocessor chip converts the temperature signal into a password, stores the password in the storage device, and sends the password to the computing device to lock the computing device. When the temperature key is connected to the computing device again and the enter button is pressed, the microprocessor chip retrieves the password from the storage device and sends the password to the computing device. The computing device is unlocked in response to determining that the received password matches the password stored in the computing device.

Abstract: A computer-implemented method for replacing a security-relevant unencrypted data string from a data record by a token in a tokenisation device. The method is structured in such a way that it works more efficiently than a replacement table with randomly generated tokens and is more secure than the generation of tokens by exclusive application of a mathematical function to the unencrypted data string.

Abstract: A method for protecting a service account includes: configuring association information for a service account of a user in a Personal Communication Profile (PCP) of the user at a network side; authenticating the association information when the user logs on an application server with the service account through User Equipment (UE); allowing the user to log on the application server if the authentication succeeds. Embodiments of the present invention also disclose systems, PCP storage apparatuses and application servers for protecting the service account. In embodiments of the present invention, besides protecting the service account by a static password, the user can implement an enhanced protection for the service account without receiving the dynamic password through a short message, which dramatically reduces the time delay for the user to log-on the application server. Further, the user needs not purchase the password card additionally. Therefore, the competitiveness of the application server is improved.

Abstract: A method for imputing different usernames and passwords using an input device with a display to use different protected assets that requires the inputting of a preselected username into a username enter box and the inputting of a preselected password into a password entry box immediately prior to use. The method includes the steps of designating two or more username keys on said input device, each said username key being assigned with a unique letter or number located on said input device and to a unique username made of a plurality of alpha-number characters, designating two or more password keys on the input device each being assigned with a letter or number located on said input device and to a unique password made of a plurality of alpha-number characters. Next the protected asset is then accessed and the username key and keyword key assigned to the asset is imputed.

Abstract: A device and a method for graphical passwords. A device displays an initial image comprising a plurality of graphical elements, each graphical element having at least two variants; receives user input to select a variant of a number of the graphical elements, thereby generating a modified image; and generates the secret value from at least the selected variants of the graphical elements. The graphical elements are advantageously seamlessly integrated in the images, thereby making the system resistant to shoulder surfing attacks.

Abstract: A network memory system is disclosed. The network memory system comprises a first appliance configured to encrypt first data, store the encrypted first data in a first memory device. The first appliance also determines whether the encrypted first data exists in a second appliance and transmits a store instruction comprising the encrypted first data based on the determination that the encrypted first data does not exist in the second appliance. The second appliance is configured to receive the store instruction from the first appliance and store the encrypted first data in a second memory device. The second appliance is further configured to receive a retrieve instruction comprising a location indicator indicating where the encrypted first data is stored, process the retrieve instruction to obtain encrypted response data, and decrypt the encrypted response data.

Abstract: In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.