Abstract: Identity documents are produced to confirm the identity of an individual and often their rights, such as driver's license, health card, age, and residence. False and counterfeit documents however can be used to commit fraud, gain unauthorized access to services and steal an individual's identity. Embodiments of the invention address verification and authentication of an identity document by correlating the information extracted from the identity document at the time of its presentation as evidence of an individual's identity with the original data relating to the identity document when it was issued to an individual or subsequently verified by an issuing authority of the identity document.

Abstract: A modular encryption device includes a chassis configured to mount in a rack with a networking device and sets of ports mounted on the chassis. Encryption cards are mounted in the chassis of the modular encryption device between ports of the sets of ports such that network traffic flowing through a set of ports flows through one of the encryption cards. The encryption cards of the modular encryption device are configured to encrypt and decrypt network traffic flowing between the networking device and a remote device. In some embodiments, a modular encryption device may encrypt and decrypt network traffic flowing between multiple networking devices and multiple remote devices. Also, in some embodiments, components of a modular encryption device are removable and replaceable such that the modular encryption device can be reconfigured by exchanging the components.

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

Abstract: To provide a path control system, a control device and a path control method that can achieve reduction of the load on a gateway device, there are included a communication device, a communication device, a security device that provides a security feature to data transmitted and received between the communication device and the communication device, and a path control device that selects one of a first path through the security device and a second path not through the security device as a communication path of the data based on a path information table where an attribute of the data and a communication path between the communication device and the communication device are associated.

Abstract: Methods, apparatus, systems are provided for use in detecting unauthorized changes to websites of web operators. Authorized content policy sets for each of a multiplicity of websites from web operators are collected and stored. In addition, content information obtained in respect web content downloaded from said websites by a multiplicity of client devices, client proxy devices, and/or client gateway devices is used to identify websites that do not conform to respective policy sets. Alerts are sent to the web operator of any non-conforming website. Optionally, alerts may be sent to client devices, client gateway devices, and/or client proxy devices for use in scanning or blocking the web content from non-conforming websites.

Abstract: A method enabling a telecommunications terminal to access a database hosted by a service platform that can be accessed via a telecommunications network. The method includes: transmitting, to a second terminal associated with a mobile identifier of a second telecommunications network, information representing a request for the first terminal to access the database; in the second terminal, sending a response to the access request to an authentication server of the platform; in the authentication server, when a response to the access request is received, verifying the mobile identifier of the second network, and optionally validating the access of the first terminal to the database depending on the outcome of the verification.

Abstract: The real-time cyber threat indicator verification mechanism technology (hereinafter “TIVM”) instantiates one or more virtual client emulators to access a source of a threat, in response to a received threat indicator, so as to evaluate validity and/or severity of the potential threat. In one embodiment, the TIVM may receive a cyber threat indicator having identifying information of a cyber threat source; instantiate, in response to the cyber threat indicator, a virtual client emulator; send a control message to cause the virtual client emulator to interact with the cyber threat source based on the identifying information; obtain a confidence indicator relating to the cyber threat indicator based on interaction between the virtual client emulator and the cyber threat source; and generate a cyber threat indicator confirmation report including the confidence indicator.

Abstract: Systems and methods are directed towards network data leakage prevention (DLP). More specifically, the systems and methods are directed towards using TCP (Transmission Control Protocol) data packets in conjunction with the DLP monitor. The network DLP utilizes TCP data packets to carry source user identity. With the source user identity, the DLP monitor can determine if sensitive data can be transmitted based on the provided user information and corresponding DLP policies for each user. Furthermore, the DLP monitor can determine if sensitive data can also be transmitted for particular users in situations where multiple users share the same IP address.

Abstract: Disclosed aspects relate to data management for a mass storage device. The mass storage device may be structured to include an encrypted file system to store a set of data and a token analyzer to manage access to the encrypted file system. A connection between the mass storage device and a computing device may be sensed. In response to sensing the connection, a token corresponding with the computing device may be detected. Based on the token, the token analyzer may determine to provide the computing device a set of selected permissions to the encrypted file system. The set of selected permissions to the encrypted file system may be provided by the mass storage device to the computing device.

Abstract: A system and method for real world biometric analytics through the use of a multimodal analytic wallet. The system includes a biometric wallet comprising a pervasive repository for storing biometric data, the pervasive repository including at least one of a biometric layer, a genomic layer, a health layer, a privacy layer, and a processing layer. The biometric wallet further comprises a biometric analytic interface configured to communicate the biometric data to one or more devices.

Abstract: Technologies for authenticating a user of a computing device based on an authentication context state includes generating context state outputs indicative of various context states of a mobile computing device based on sensor data generated by sensors of the mobile computing device. An authentication manager of the computing device implements an authentication state machine to authenticate a user of the computing device. The authentication state machine includes a number of authentication states, and each authentication state includes one or more transitions to another authentication state. Each of the transitions is dependent upon a context state output. The computing device may also include a device security manager, which implements a security state machine that includes a number of security states. Transition between security states is dependent upon the present authentication state of the user. The device security manager may implement a different security function in each security state.

Abstract: Methods, apparatus, and articles of manufacture to encode auxiliary data into relational database keys and methods, apparatus, and articles of manufacture to obtain encoded data from relational database keys are disclosed. An example method to encode auxiliary data into relational data includes generating a code comprising a plurality of groups and representative of auxiliary data, determining incremental values for the plurality of groups, generating a first key based on the code, and generating a subsequent key by modifying the first key based on the value of the first key and the incremental values.

Abstract: Apparatus and methods for licensing include executing a base application on a device, initiating a transaction with an application store to obtain access to a subordinate licensable item that is usable by the base application, receiving a transaction receipt corresponding to the transaction for the subordinate licensable item, and obtaining, from a license server, a subordinate license that corresponds to the subordinate licensable item. Additionally, the apparatus and methods may include storing a base license for a base application on a device, acquiring a subordinate license for a subordinate licensable item usable by the base application, receiving a request to execute the base application, enforcing, by a license agent service on the device, the base license with respect to executing the base application, and enforcing, by the base application, the subordinate license during execution of the base application.

Abstract: A method of unlocking a locked device includes receiving a device identifier over a wireless communication protocol, determining if the device identifier is associated with a list of trusted devices, transmitting a request to generate an acoustic signal over the wireless communication protocol based on the determination, receiving the acoustic signal as an audio sound generated external to the locked device, estimating a distance between a source of the audio sound and the locked device, and unlocking the locked device based on the estimation.

Abstract: Concepts and technologies are disclosed herein for scored factor-based authentication. A verification service can receive an authentication request from a requestor, wherein the authentication request identifies a transaction. The verification service can determine a risk associated with the transaction, an authentication score based upon the risk, and a number of groups of authentication factors, each of which can satisfy the authentication score. The verification service can provide factor group data identifying the number of groups of authentication factors to the requestor.

Abstract: Various embodiments of the present invention generally relate to identity authentication and/or recognition. Some embodiments provide a method for determining when a user may engage in a restricted activity, including engaging in an initial contact with a user via a medium for exchange, receiving a request to engage in an activity, determining an activity trust threshold required for the activity, determining an initial identity trust score for the user, and comparing the initial identity trust score with the activity trust threshold. Based on the comparison, the user is either allowed to engage in the activity, rejected from engaging in the activity, or additional identifying information is collected.

Abstract: Systems, methods, computer-readable storage mediums including computer-readable instructions and/or circuitry for generating deceptive indicia profiles may implement operations including, but not limited to: detecting one or more indicia of deception associated with one or more signals associated with communication content provided by a participant in a first communications interaction; detecting one or more indicia of deception associated with one or more signals associated with communications content provided by the participant in a second communications interaction; generating a deceptive indicia profile for the participant according to indicia of deception detected in the communications content provided by the participant in the first communications interaction and indicia of deception detected in the communications content provided by the participant in the second communications interaction; and providing a notification associated with the deceptive indicia profile for the participant to a second partici

Abstract: A system and method for providing security key exchange and management prior to the operating system of the server and also provides for executing various security functions to prevent a virus or malicious software from propagating through the server and the network. The system and method utilize the BIOS firmware and baseboard management controller (BMC), which are more secure since they do not rely on open source code for software plug-ins from the user layer. As a result, a secure code can be created for key management with a globally unique identifier (GUID). The system and method provides for a network manager to easily and flexibly manage multiple security keys for a rack server system.

Abstract: Method to detect cloned software being used on a client user unit. An initialization phase comprises: defining a tag value as being equal to an initial random value, opening a new record storing the tag value and introducing the tag value into the client user unit. An operating phase comprises: preparing a client message comprising the request and a value depending on the tag value; sending the client message to the server; and checking if the tag value of the client message is correct with respect to the stored tag value. If they do not match, the requested service is denied. If they do match, the method sends a server message to the user unit; updates the tag value with a new tag value; and stores the new tag value on the server and user unit.

Abstract: Utilizing an image on a computing device to serve as a template for locking/unlocking the computing device. The image includes a plurality of portions that are defined and thereafter identified and presented to a user via a touch screen. A user selects portions/zones that are defined within the image in a specified sequence and this sequence is stored as a lock/unlock code for unlocking the computing device. In an embodiment, in addition to the specified sequence of selections, a movement or sequence of movements may be also be stored as part of the lock/unlock code.