Abstract: A system and methods for time and/or location authentication are presented. A hash value is received from a client device and a hash value receiving time of the received hash value is stored. A data block is received after receiving the hash value is received, the received data block comprising alleged transmission signal data. A computed hash value of the received data block is computed, and an estimated transmission signal client receiving time by the client is calculated based on the alleged transmission signal data. A timely possession of the received data block by the client device is authenticated based on a comparison of the computed hash value to the received hash value and a comparison of the hash value receiving time to the estimated transmission signal client receiving time.

Abstract: Digital Cameras configured to verify authenticity of digital photos taken with the digital camera and related methods and computer program products are provided. GPS information associated with a photograph taken with the digital camera is obtained. A checksum of pixels that make up the photograph and the obtained GPS information is generated. The generated checksum is encrypted using a private key associated with the digital camera so as to allow verification that the photograph has not been modified.

Abstract: An IP Multimedia Subsystem (IMS) architecture for IP multimedia services is provided with a given user equipment (UE); a gateway support node (GGSN) configured to handle packet transmission to/from the given UE; and a proxy call session control function (P-CSCF) configured to serve as a first contact point of the UE and provide session management services, including establishing a packet data protocol (PDP) context for IMS related signaling, registration, and other procedures for IMS sessions. The P-CSCF is also configured to perform the following: storing identification information from the given UE during registration in memory; receiving a SIP (Session Initiation Protocol) message from the given UE; comparing identity in the SIP message with the identification information stored with a link to a Policy Decision Function (PDF); and using the same PDF for all operations of the given UE, when the identity in the SIP messages matches the identification information stored in memory.

Abstract: Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message.

Abstract: A more secure CAPTCHA makes use of a distorted alphanumeric character string or strings that include one or more glyphs, pictures or symbols foreign to a target audience. Adding at least one of a glyph, picture or symbol makes recognition of the distorted string trivial since humans who would know which of the character set to expect, but a very difficult decision for a computer already struggling to decide where a character begins and ends, let alone identifying the character as being valid.

Abstract: Third-party applications for platforms are linked to identified individuals that guarantee the security of the applications. The linkage is achieved by acquiring one or more biometric records of the individual guarantor, storing those records as a signature in a database, assigning a unique identifier to the signature, and embedding that unique identifier in the executable file of the application. The signature of the guarantor can be compared to other stored signatures of other guarantors to check for individuals posing under multiple aliases. The signature of a guarantor linked to a malicious application can be flagged so that a subsequent application guaranteed by the same individual can be disapproved.

Abstract: An authentication method for a network connection for a network device is provided. An embedded system is installed in the network connection, and the network device is free from a web browser. First, the network device connects to an authentication server, and an internet access request is sent to the authentication server. An authentication page is retrieved from the authentication server. User authentication data is obtained by an input unit of the network device, and then the user authentication data is filled in corresponding fields of the authentication page. The authentication page is transferred to the authentication server. After, when authentication of the authentication page is successful, the network device connects to the Internet via the authentication server.

Abstract: A secure, networked portable storage device includes: a secure data storage section; a program storage section including a security program operatively connected to the secure data storage section, wherein the security program is operable to selectively enable and disable access to the secure data storage section; a device antenna operable at a low radio frequency not exceeding one megahertz; a transceiver operatively connected to the device antenna, the transceiver operable to receive radio signals at the low radio frequency and generate data signals at the said low radio frequency, in response thereto; a programmable microprocessor operatively coupled with the transceiver and the program storage section, the microprocessor configured for controlling operation of the program storage section and to cause the transceiver to emit an identification signal; and a connector for enabling an electrical connection between the portable storage device and another device, wherein the connector and the secure data storag

Abstract: Methods and apparatus, including computer program products, are provided for authorization management. In one aspect, there is provided a computer-implemented method. The method may include receiving a request to authorize at least one user to at least one module of a system; mapping the received request to a semantic tag; processing, based on the semantic tag, the request to authorize the at least one user to determine whether to grant the at least one user access to the at least one module; and sending a response to the request to authorize the at least one user, wherein the response is in accordance with the result of the processing. Related apparatus, systems, methods, and articles are also described.

Abstract: A system may be provided that comprises one or more servers to: receive information regarding known epitypes of malness, where the information includes malness scores and behaviors for the known epitypes of malness; store the information regarding the known epitypes of malness; generate rules for a model based on the information regarding the known epitypes of malness; input application data from an application on a device into the model; output a malness score from the model based on the application data; and allow the application and/or the device access to a network when the malness scores for the application is below a first threshold level, or block the application and/or the device access to the network when the malness score the application is above a second threshold level, where the first threshold level is less than the second threshold level.

Abstract: Systems and methods for authenticating electronic messages using client-generated encryption keys provide for a sender transmitting an original message to a recipient device that includes a digital signature of the original message content and the key used to generate the digital signature. The sender may store an association between the digital signature, the key, and the recipient's address. The recipient may verify the integrity of the original message using the received digital signature and may further verify the authenticity of the message by transmitting a confirmation request message back to the sender that includes the original digital signature and a second digital signature of the confirmation request message using the received key. The sender may either confirm or deny that it sent the original message by determining whether a record exists that associates the digital signature and the key received from the recipient as well as the recipient's address.

Abstract: Embodiments of the present invention provide a method and an apparatus for inputting data. The present invention relates to the communications field and aims to improve security of input information. The method includes: acquiring, by a virtual machine manager, input data; performing, by the virtual machine manager, encryption processing on the input data according to an encryption rule of a security connection to obtain encrypted data, where the security connection refers to a connection that is established between an application interface and a server and used for data transmission; and sending, by the virtual machine manager, the encrypted data to the server. The present invention is applicable to a data input scenario.

Abstract: Original data to be a source for an encryption key is read from a memory cell array and stored in a buffer region. An encryption key generation unit generates a plurality of encryption keys by variously modifying the original data read from the buffer region based on a predetermined generation rule. The encryption unit generates an encrypted command by encrypting commands individually with an encryption key different for each command, out of the plurality of encryption keys generated by the encryption key generation unit.

Abstract: Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.

Abstract: Disclosed is a method for address privacy protection for a first wireless device sharing a privacy key with a second wireless device. In the method, a first resolution tag is generated at the first wireless device using a pseudo-random function with the seed value and the privacy key as input arguments. The privacy key is only known to the first and second wireless devices. A privacy address is generated for the first wireless device based on the seed value and the first resolution tag. A packet is transmitted from the first wireless device to the second wireless device. The packet includes the privacy address and the first resolution tag.

Abstract: A biometric authentication device includes a processor to execute an operation including: obtaining biometric information from a user; creating verification characteristic data from the biometric information; verifying registered characteristic data registered in a storage device with the verification characteristic data and determining whether the user is a true user; permitting execution of re-authentications up to a predetermined number of times when the user is determined to not be the true user; managing the verification characteristic data by storing the verification characteristic data in an existing group or by creating a new group and storing the verification characteristic data therein, when the user is determined to not be the true user; determining whether the user is a false user based on the number of groups; and limiting the execution of re-authentications by the user when the user is determined to be the false user.

Abstract: A method and authentication server provide a mobile key. According to the method, upon receipt of an authentication message (access authentication) that is transmitted when a subscriber logs on to the network, the authentication server extracts a subscriber identification contained in said message and generates a corresponding mobile key, which is stored together with the respective extracted subscriber identification. Upon subsequent receipt of a key request message (key request) that is transmitted when a subscriber registers, the authentication server extracts a mobile identification of the subscriber contained in said message and searches for an identical mobile identification, which can be derived in accordance with a configurable derivation function from a subscriber identification that is stored in the authentication server.

Abstract: A system is disclosed that logs access system events. When an access system event occurs, a log entry is created for the access system event. Information from an identity profile is stored in the log entry. The identity profile pertains to a first user. The first user is the entity who caused or was involved with the access system event. In one embodiment, the access system includes identity management and access management functionality.

Abstract: Malware beaconing activity detection is disclosed, including: monitoring a plurality of conversations between an internal device and one or more external destinations; extracting feature sets based at least in part on the plurality of conversations; and determining that a conversation of the plurality of conversations is anomalous based at least in part on the extracted feature sets.

Abstract: A breathalyzer system for use with a computer consisting of a breathalyzer, computer software and hardware, an interface and method for delaying posts by persons who cannot prove sobriety upon initial posting. The breathalyzer registers the level of sobriety, and the result is sent through an interface to the software. If the alcohol level is below an acceptable threshold, unencumbered access to the social media is granted. If the alcohol level is above an acceptable threshold, access to websites, posting on social media websites, uploading videos, online gambling, or making large purchases is restricted.