Abstract: A security and protection device (1) for protection of the data and executable codes of any fixed or portable computer system and that has a memory medium to be protected. The security and protection device (1) is located physically between the computer system (2) and the memory medium (MP) to be protected, in order to allow the computer system (2) access to the data and codes to be protected after execution of the protection functions independently of the machine code executed by the computer system (2) and requires no interaction with the processor of the system for the execution of these functions.

Abstract: An information processing apparatus according to the present invention includes a biometric authentication unit that authenticates one piece of biometric information based on registered biometric information, wherein the one piece of biometric information is image information unique to a living body, and a plurality of pieces of user information are associated with the one piece of biometric information, and the registered biometric information is biometric information registered in advance, and a login processing unit that selects, based on user specification information for specifying user information used for login processing, one of the plurality of pieces of user information associated with the biometric information successfully authenticated by the biometric authentication unit so that the login processing unit uses the selected one of the plurality of pieces of user information to perform the login processing.

Abstract: A sandbox tool can cooperate with components of a secure operating system to create an isolated execution environment for accessing untrusted content without exposing other processes and resources of the computing system to the untrusted content. The sandbox tool can allocate resources (storage space, memory, etc) of the computing system, which are necessary to access the untrusted content, to the isolated execution environment, and apply security polices of the operating system to the isolated execution environment such that untrusted content running in the isolated execution environment can only access the resources allocated to the isolated execution environment.

Abstract: Embodiments for providing differentiated access based on authentication input attributes are disclosed. In accordance with one embodiment, a method includes receiving an authentication input at an authentication authority using an authentication protocol. The authentication input being associated with a client. The method also includes providing one or more representations for the authentication input, wherein each of the representations represents an attribute of the authentication input.

Abstract: Systems, methods, and computer readable media for encapsulating multiple Windows® based credential providers (CPs) within a single wrapping CP are described. In general, CP credentials and fields from two or more encapsulated or wrapped CPs may be enumerated and aggregated in such a way that the order of fields from each CP is preserved, fields that may be used only once are identified and appear only once, and fields are given a new unique field identifier. The union of all such fields (minus duplicates of any one-use-only fields) may be used to generate a mapping so that the wrapping CP and CP credential may “pass-through” calls from the operating system's logon interface to the correct wrapped CP and CP credential. The disclosed techniques may be used, for example, to provide single sign-on functionality where a plurality of sign-on credentials may be used (e.g., user name/password and smart card PIN).

Abstract: An information processing apparatus includes an accepting unit, a memory, a controller, and a switch unit. The accepting unit accepts an identifier and a storage site information item representing a storage site for storing a usage amount information item representing a usage amount. The memory stores one or more identifiers and plural storage site information items in association with each other. The controller performs, if the accepted identifier matches one of the stored identifiers and if the accepted storage site information item matches one of the stored storage site information items, control so that the usage amount information item is stored in the storage site represented by the storage site information item. The switch unit switches, if a different storage site information item is accepted when the storage site is a target, the storage site as the target to the storage site represented by the different storage site information item.

Abstract: Methods and systems for providing access to a secure computing device are disclosed. A security device is used to generate a one-time password, a sequence of symbologies, and location information. The security device transmits the password, sequence and location information to the secure computing device for storage and displays the password and sequence to a user. A user device provides a password to the secure computing device in order to obtain access. The secure computing device compares the password with the stored one-time password to verify the user of the user device and sends the sequence to the user device in response. The user or user device verifies the sequence of symbologies to confirm the secure access. The location information may be used to detect fraudulent accesses to the user account.

Abstract: A pattern password trajectory configuration system used in an electronic device with a graphics input interface and a method using the same are provided. The disclosed pattern password trajectory configuration system includes a central processing module, a pattern defining module electronically connected the central processing module for defining the graphics input interface into a central block and multiple blocks neighboring the central block and assigning different data codes to the different blocks neighboring the central block, a sliding direction defining module electronically connected to the central processing module for assigning different prime numbers to define different sliding directions moving along the blocks neighboring the central block, and a touch sequence defining module electronically connected to the central processing module for counting and recording touch sequences of sliding among the blocks neighboring the central block.

Abstract: Methods for secure communications are provided. The methods include creating a safe user account on a secure access system, wherein creating an account includes provision of at least one strong authenticator to be associated with a user of the secure access system; providing a unique login and the at least one strong authenticator associated with the user to the secure access system to gain access to information associated with a referring organization, the referring organization being registered with the secure access system; and accessing the information associated with the referring organization based on the unique login and the at least one strong authenticator provided to the secure access system. Related systems and computer program products are also provided.

Abstract: This invention relates to a method and a system for generating user passcodes for each of a plurality of transaction providers from a mobile user device. A method and system for activating a plurality of passcode generators on a user device configured with a passcode application installed on the user device is provided. Each of the passcode generators may correspond to a different user account or transaction provider, such that each passcode generator provides a user passcode configured for the corresponding account or transaction provider. One or more of the passcode generators may include a passcode generating algorithm and a passcode key. Access to one or more of the passcode generators may require providing a PIN or a challenge.

Abstract: A processor stores a current password in a current password storage area, which results in committing the current password as a valid password. In turn, the processor initiates a password change interval that indicates a required point at which to change the current password. The processor also stores a future password in a future password storage area, which activates the future password. Activating the future password allows a user to login using the future password, but is independent of the password change interval (e.g., does not reset the password change interval). The processor subsequently receives a login request from a user that includes a login password, and determines that the login password matches the future password. As a result, the processor authorizes the user in response to determining that the login password matches the future password.

Abstract: Methods and apparatus to control privileges of mobile device applications are disclosed. A disclosed example method includes assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, determining via a digital certificate that the application is authorized to be executed on the mobile device and that the application is authorized to access a network interface of the mobile device, configuring a mandatory access control module of the mobile device to enforce access of the network interface by providing the process identifier to the mandatory access control module, and enabling the application to access the network interface.

Abstract: A biometric authentication device performs authentication of a user based on biometric information. In the biometric authentication device, a registry information storage stores pre-registered biometric information as registry information. An acceptance value determiner determines a verification acceptance value used for authentication, based on quality of the registry information with regard to reliability of characterizing an individual. An authentication information acquirer obtains biometric information of a user as authentication information. A similarity calculator compares the authentication information of the user with the registry information and calculates similarity between the authentication information and the registry information. An authenticator identifies whether the user is a registrant corresponding to the registry information, based on the similarity and the verification acceptance value.

Abstract: A system that enables a cloud-based data repository to function as a secure ‘drop-box’ for data that corresponds to a user is provided. The ‘drop box’ can be facilitated through the use of cryptographic keying technologies. For instance, data that is ‘dropped’ by or on behalf of a particular user can be encrypted using a public key that corresponds to a user-specific private key. Thus, although the data resides within the large pool of ‘cloud-based’ data, it is protected since it can only be decrypted by using the private key, which is kept secret. The innovation can further facilitate user-centric secure storage by partitioning the cloud-based repository into multiple partitions, each of which corresponds to specific indexing criteria.

Abstract: A method is disclosed for provisioning of a peripheral portable desktop device. The peripheral portable desktop device is coupled with a workstation. A data file relating to an image for being stored within the peripheral portable desktop device is provided. The image includes secured data that is other than accessible absent user authorization data of a virtual user. Within the peripheral portable desktop device is stored data reflective of the image. A first user is then authorized to the peripheral portable desktop device by providing first user authorization data. For the first user is created a user account secured based on the first user authorization data. The account of the virtual user is accessed via the user account and the user account is configured to access the account of the virtual user upon access to the user account.

Abstract: A simplified messaging system is provided. In various embodiments, the simplified messaging system receives a selection of an image representing an identification for a user that the user previously provided, receives a selection of multiple images representing a password for the user that the user previously selected, and logs the user into an electronic messaging system based on the selected images. In various embodiments, the simplified messaging system comprises a mail transport server that receives and forwards electronic messages, a mail registration server comprising an images component that stores images associated with user identifications and user passwords, and a mail client that receives a selection of an image identifying a user and multiple images associated with a password of the user, and logs the user into an electronic messaging system when the images are selected.

Abstract: A computerized method manages passwords to unlock an electronic device from a standby mode by taking changed GPS coordinates of a location of the electronic device and utilizing the changed coordinates in preset formulas to establish and require a new password in substitution for a current password, to allow unlocking of the electronic device.

Abstract: A security processing element stores authentication data corresponding to a plurality of possible authentication modes. At a time of activation, the security processing element randomly selects one of the authentication modes for presentation to the user. The user must successfully enter data corresponding to the randomly selected authentication mode. In an alternative embodiment, the security processing element can randomly select a plurality of authentication modes that are sequentially presented to the user. The user must successfully respond to each of the plurality of requested authentication modes. In another embodiment, for high security communications, the security processing element may select from a subset of authentication modes that are considered to be more robust. Conversely, the security processing element may select from a subset of randomly presented authentication modes that are considered less robust when used in a low security setting.

Abstract: Auditing a communication is disclosed. Credentials are received from a client. It is determined whether the client is authorized to communicate with a remote resource. If it is determined that the communication with the remote resource is allowed, a communication is forwarded from the local resource to the remote resource.

Abstract: An avatar in a virtual world is provided with credentials for access to various parts of the virtual world by embedding information derived from avatar identification and authorized credential information in the form of a graphic image associated with the avatar. The embedded information is preferably encrypted.

Abstract: A computer system includes multiple computer modules each including at least a calculator and a storing unit. A first computer module of the computer modules includes: a storing unit that stores authentication information for connection with a second computer module of the computer modules; an authenticator that authenticates an information processing device accessing the first computer module, and allows the information processing device to access thereto based on an authentication result; and a relay connector that connects the information processing device allowed to access the first computer module to the second computer module based on the authentication information.

Abstract: Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values.

Abstract: A method and system of controlling access to a hardware or software feature provided by a host is disclosed. An application seeking authorization to access a feature transmits a credential and an index to a host agent within the host. The index is associated with the requested feature. The host agent reads credential validation data from a storage location corresponding to the index in a non-volatile storage device in communication with the host. The validity of the credential is determined based on the credential validation data, and an authorization is transmitted if the credential is valid. A third party can control the outcome of the validity determination by sending an instruction to the host to replace the credential validation data with invalid data that causes the validity test to fail. The third party can also control the non-volatile storage device data used by the application to calculate the credential.

Abstract: A method of securing a telecommunication terminal that is connected to a module used to identify a user of the terminal is described. The method includes a step including executing a procedure in which the terminal is matched to the identification module, consisting in: securely loading a first software program including a data matching key onto the identification module; securely loading a second software program which can operate in conjunction with the first software program onto the telecommunication terminal; transmitting a data matching key that corresponds to that of the first software program to the second software program; storing the transmitted data matching key in the secured storage zone of the telecommunication terminal; and conditionally submitting every response from the first software program to a request from the second software program upon verification at the true value of the valid possession of the data matching key by the second program.

Abstract: A multifunction peripheral that can set appropriate criteria of security levels for another device, and improves usability while lowering a risk of data alteration, information leakage and the like by including a holding part 11 holding therein security criteria set for the image processing functions in one-to-one correspondence; a receiver 12 that receives, from an external terminal, a request for an access that is necessary for executing at least one of the image processing functions; an acquisition part 13 that acquires, from the external terminal, security information that is a security indicator regarding the access from the external terminal; a judgment part 15 that judges whether or not one of the security criteria set for the at least one of the image processing functions is met, based on the acquired security information; an access controller 16 that permits the access if the judgment part 15 judges affirmatively, and prohibits the access or permit the access with a limitation if the judgment part 15

Abstract: A method receives a user login from a user. The method grants, to the user, access to a user account of the user maintained by a computerized document management system based on the user login. The computerized document management system is accessible to a plurality of users. The method receives a request from the user to provide a requested document and the method determines whether the requested document should be password protected. If the requested document should be password protected, the method generates a unique password for the requested document. The unique password is unique to the user and is based upon information contained within the user account by the computerized document management system. Again, if the requested document should be password protected, the method adds the unique password to the requested document to generate a password-protected document and sends the password-protected document to the first user.

Abstract: A method for password verification comprises a first verification step for verifying a password that is input at least one time with a first preset password; and a second verification step for verifying the password that is input in another round with a second preset password when the password input in the first verification step is determined to be incorrect. The number of digits of the second preset password is larger than that of the first preset password.

Abstract: Computer security processes include displaying information elements on a computer display screen. Some of the information elements are mapped to corresponding parameters. The computer security processes also include receiving a selected information element from the information elements displayed on the computer display screen, and determining a value of a parameter associated with the selected information element based on a condition. The value of the parameter is changeable according to changes in the condition. The computer security processes further include comparing the selected information element with the value of the parameter, and upon determining the value of the parameter matches the selected information element, providing a user with access to a system resource.

Abstract: According to one embodiment, an information processing apparatus includes an input to input a password, a biological authentication device including a storage unit for storing biological information and identification information, and an authentication controller. The authentication controller sets and holds identification information to be stored in the storage unit of the biological authentication device, and permits a password input using the input to be substituted by authentication using the biological authentication device when the identification information held by itself and the identification information stored in the storage unit of the biological authentication device match.

Abstract: Apparatus, methods and/or computer program products are provided that facilitate entering secure passwords into a user device. A user requested image is displayed via a display or monitor of a user device. The image is zoomable to one or more higher resolution levels beyond an initial display resolution, and the image is displayed at higher resolution levels in response to a user activating a zoom function via the user device. The coordinates of a user selected feature within a displayed higher resolution level image are obtained and translated into a password. The password is then entered into the requesting application.

Abstract: A method of verifying a password and methods of encryption and decryption using a key generated from a one-time pad. In one embodiment, the method of verifying includes: (1) receiving a password attempt, (2) retrieving a pointer from memory, (3) searching a one-time pad based on the pointer to retrieve a password, (4) comparing the password attempt with the password and (5) generating a new pointer if the password attempt matches the password.

Abstract: A method and apparatus for creating and implementing a security protocol. The security protocol preferably includes a dichotomous, or two-part, code. The first part includes a digital component such as an alphanumeric sequence while the second part includes an analog component such as that encountered in any physical attribute. The analog component may also be modeled as a number of different information prototypes, such as a span of time or a musical tone. The resultant combination may be embodied, for example, by a dichotomous password that is used to gain clearance to secure assets and features the ability to “profile” the user requesting secure access in real-time. The password may include a string of characters in which part of the password constitutes entry of each character over varied intervals of time.

Abstract: This disclosure describes a method of and system for provisioning of shared account credentials to provide authorized access to shared or delegated accounts. Preferably, an enterprise single sign-on (E-SSO) system is used to manage the shared account or control delegation of account access, and preferably the shared or delegated account credential is not exposed to the end user. The described technique enables temporary delegation of account privileges to a member of a shared role. Using the described approach, an information technology (IT) account may be shared so that a user who needs to perform a shared duty can do so in the context of a shared role and without having control over the account itself. The approach facilitates delegating the use of a single account to one of a member of the shared role.

Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

Abstract: A mobile information terminal is provided that can obstruct operations by a third party without obstructing operations by an authorized user when shaking or tilting occurs.

Abstract: According to one embodiment, an apparatus may intercept a request to access a resource represented by a resource token. The apparatus may receive a hard token representing identification information of a device. The apparatus may determine, based at least in part upon the hard token and the resource token, at least one token-based rule specifying compliance criteria required to consume the resource. The apparatus may receive at least one token representing compliance information of the device in response to a request for compliance information of the device. The apparatus may then compare the compliance information against the compliance criteria to determine that the device is capable of consuming the resource. The apparatus may then generate a compliance token representing the determination that the device is capable of consuming the resource, and communicate the compliance token to facilitate the provisioning of a container to the device.

Abstract: Implementing security access includes mapping input elements of an input device to a coordinate system. Each of the input elements is assigned to a point on the coordinate system that is defined by respective coordinate values. The security access also includes receiving a number of inputs via corresponding input elements. An input element assigned to a first input of the number of inputs is denoted as a starting point for a sequence. Beginning with an input in the sequence that immediately follows the first input in the sequence, the security access further includes identifying a directional orientation of each of the input elements as compared to an input element immediately preceding the input element in the sequence, creating a directional pattern sequence from the directional orientation identified for each of the input elements, and providing access to an information source using the directional pattern sequence as an authentication mechanism.

Abstract: An embodiment includes an automatic policy managed password management system. One embodiment manages changing the password (with little to no user interaction) every set number of days. Also, password changes can be made within a set amount of time from the password being viewed by a user. Further, an embodiment includes a web service that contains an “insert record” method to insert a password management record into a managed machine and/or database with no “pre-work” required to use the web service. For example, no record needs to be created on a database and/or managed machines in advance of deploying passwords via the web service. The web service can be pushed to various machines and when the web service starts up, it may insert its own record into a database or managed client. This allows for scalability. Other embodiments are described herein.

Abstract: An information processing device includes: a local memory unit for storing data including an encrypted content; a memory for storing data including key information used to reproduce the encrypted content; and a data processing unit performing a process of writing data to the local memory unit and the memory, and a process of reproducing the encrypted content, wherein the data processing unit performs a process of writing encrypted content downloaded from a server or encrypted content copied from a medium to the local memory unit, and performs a process of decoding the encrypted content or a validity authenticating process using the data stored in the local memory unit and the data stored in the memory when reproducing the encrypted content written to the local memory unit.

Abstract: According to one embodiment, when sending a transmission target main data 21, an authentication-tag generator unit 13 generates an authentication tag 23 by using a main data 21 and a key data 22 stored in a key-data storage unit 12. A transmitter/receiver unit 14 adds the authentication tag 23 to the main data 32 sends as a transmission data. When receiving the received data 24a, the transmitter/receiver unit 14 divides the received data into a main data 21a and an authentication tag 23a. The authentication-tag generator unit 13 generates an authentication tag 23b for comparison. A received-data authentication unit 15 determines whether or not those the received authentication tag 23a and the authentication tag for comparison 23b match with each other. A different key data is used every time upon the authentication-tag generation and use time of each key data during a set period is restricted.

Abstract: An electronic device that can automatically unlock an external storage device with a password without adding a function to the external storage device is provided. An electronic device 100B has memory card connection means 108 for connecting a memory card 200 that can be locked with a password, password holding means 101 for holding card unique ID and a password, card unique ID acquisition means 104 for acquiring connection identification information indicating the card unique ID of the memory card 20 connected to the memory card connection means 108, and password deletion means 109 for deleting connection identification information and the password corresponding to the connection identification information stored in the password holding means 101 if the connection identification information is contained in the password holding means 101.

Abstract: The invention relates to methods and apparatuses for acquiring a physical measurement, and for creating a cryptographic certification of that measurement, such that its value and time can be verified by a party that was not necessarily present at the measurement. The certified measurement may also include corroborative information for associating the actual physical measurement process with the certified measurement. Such corroborative information may reflect the internal or external state of the measurement certification device, as well as witness identifiers of any persons that may have been present at the measurement acquisition and certification. The certification may include a signal receiver to receive timing signals from a satellite or other external source. The external timing signals may be used to generate the time included in the certified measurement, or could be used to determine the location of the measurement certification device for inclusion in the certified measurement.

Abstract: Systems and methods for credential character selection are provided. The system includes one or more sensors configured to detect a character selection and generate a character selection signal, and detect a character selection completion and generate a character selection completion signal. The system also includes one or more processors coupled to the one or more sensors, the one or more processors configured to receive the character selection signal and the character selection completion signal, and generate an output signal based on the received character selection signal that includes components of a credential. The system also includes a network interface component configured to transmit the output signal. The credential characters may be components of a PIN or password. Moreover, the credential character selections may be made on one device, but displayed on a separate coupled device. The character selections may be a selection of a character or a modification of character.

Abstract: An image forming apparatus includes: a forming unit that includes an image forming function for forming an image; a restricting unit that restricts usage of the image forming function based on presence or absence of usage authorization for the image forming function of the forming unit; an adjusting unit that executes an image quality adjusting process to improve a quality of the image formed by the forming unit; and a control unit that inhibits the adjusting unit from executing the image quality adjusting process in accordance with presence or absence of restriction of the usage of the image forming function by the restricting unit.

Abstract: An information recording system includes a recording medium capable of limiting a function by password and an information recording device for controlling the recording medium. The recording medium stores an input password, counts updating event (s) of a password, stores the update count of the password, outputs information stored in the password related information storage according to a READ request issued from the information recording device, compares a input password with a password stored in the password register, limits a predetermined function of the recording medium according to the comparison result from the password comparator. The information recording device stores a password and a password identification ID which is associated with the update count of the password, selects a password with reference to the update count of the password and the password identification ID and outputs the selected password into the recording medium to compare the passwords.

Abstract: A mechanism is provided for automatically logging into a cloud based system that does not accept token log-on credentials generated by a single sign-on service. In an embodiment, a one-time password is automatically generated and persisted. The generated password is used to log in automatically to a cloud based system that does not accept tokens generated by the web-ID providers and for connecting to other services. Examples of such systems may include Windows, Linux, and iOS.

Abstract: A method for accessing content stored on a memory device is provided. In this method, a request to access the content is transmitted and a session ticket is received. The session ticket includes a parameter used to decrypt the content and the session ticket is generated based on a variable that is configured to change at a session. The content may be accessed based on the session ticket.

Abstract: A distributed networked physical security access control system for controlling a plurality of security access devices includes access server appliances in communication with a primary network. At least one access server appliance includes an appliance management module accessible through a web browser in communication with the primary network. The appliance management module configures the access server appliances to a user specified security configuration. The access server appliances are in peer-to-peer communication on the primary network to bridge the access server appliances for providing consistency in each of the access server appliances.

Abstract: An image processing apparatus capable of managing easily secret information even with detachably attaching an external memorizing device, includes an ID (plug and play ID) retrieving unit for retrieving ID from the connected memory, a user information storing unit for storing user information, an active memory information storing unit for storing the retrieved ID with corresponding to the respective users, a memory use judging unit for judging as to whether the memory is usable based on the ID retrieved from the connected memory and on the ID stored in the active memory information storing unit, and a data writing controlling unit for writing data to the memory judged as usable.

Abstract: The invention relates to a method of securing a changing scene composed of at least one element and intended to be played back on a terminal. According to the invention, such a method comprises the following steps: creation (10) of at least one security rule, defining at least one authorization to modify said scene and/or at least one element of said scene and/or an authorization to execute at least one command in a context of playing back said scene on said terminal; allocation (10) of a security policy, comprising at least one of said security rules, to said scene and/or to at least one of said elements of said scene.