Abstract: An approach for authentication is provided. The approach performs identifying, by one or more computer processors, an account attempting to access content. The approach performs identifying, by one or more computer processors, a file including at least authentication information. The approach performs identifying, by one or more computer processors, a location of the authentication information within the identified file. The approach performs identifying, by one or more computer processors, a length of the authentication information. The approach performs identifying, by one or more computer processors, the authentication information in the identified file based at least on the identified location and the identified length of the authentication information.

Abstract: A method for selectively blocking content on a transparent electronic display is provided. Unstructured information is analyzed using natural language processing techniques. A portion of the unstructured information is classified as protected content. An emissive layer displays the protected content over a substantially opaque portion of the selectively transparent layer. A user is provided with a prompt that identifies the protected content. The substantially opaque portion of the selectively transparent layer become substantially transparent in response to receiving an interaction with the prompt from the user.

Abstract: A computer-implemented method for dynamically adjusting server settings is described. In one embodiment, at least one parameter of a status of a server that diverges from a corresponding baseline setting of a policy maintained by the server may be identified. An adjustment to the baseline setting of the policy may be calculated based at least in part on the divergent parameter. The baseline setting of the policy may be adjusted according to the calculated adjustment. A command may be issued to send data representative of the adjusted baseline setting of the policy from the server to a client to update a user profile.

Abstract: Applications usually require users to present passwords as a form of identification in order to access user accounts. To improve the security and convenience for accessing such accounts, tokenized passwords may be used in place of or in addition to traditional passwords. Client devices retrieve password rules from an application associated with the user account, and retrieve token tables based on the password rules. The client device receives information from the user for use as a password seed. Using the password seed as an input to the token tables, the client device generates a tokenized password. The tokenized password is transmitted to the application for association with the user account. The tokenized password is not saved at the client device but is re-generated each time the user accesses the account, improving the security of the token-driven password generation system.

Abstract: A method for distributed trust authentication of one or more users attempting to access one or more service providers operating on a network includes performing primary authentication of a user using a first authentication factor, generating a first partial digital signature for a first authentication response to the primary authentication, performing secondary authentication of the user using a second authentication factor, generating a second partial digital signature for the second authentication response to the secondary authentication, combining the first and second partial digital signatures to form a composite digital signature, and validating the composite digital signature.

Abstract: Systems and techniques are provided for gesture-based password entry to unlock an encrypted device. A gesture input from a user to a gesture interface may be received. The gesture input may be converted to gesture data which may be hashed using a hashing algorithm to obtain a table key. A table including a master key may be encrypted using the table key. The master key may include a key for decrypting a primary storage that is at least partially encrypted. A second gesture input may be receive. The second gesture input may be an input from a user to the gesture interface. The second gesture input may be converted to second gesture data which may be hashed using the hashing algorithm to obtain a key equivalent to the table key. The table including the master key may be decrypted using the key equivalent to the table key.

Abstract: With the help of a key management protocol, the transmitted key information is authenticated by at least one certificate signed by the terminals, and at least one fingerprint of the public keys or certificate, which were used for authenticating the key information, is added to the useful part of an SIP message. The identity information present in the header of an SIP message is additionally copied into a region of the header or the useful part, and a signature is produced by way of the fingerprint, the datum information presented in the header of an SIP message, the copied identity information, and optionally the certificate reference information, and is inserted into a further region of the header of the SIP message. The additional signature that is produced and inserted can remain uninfluenced during a transmission across several networks of different network operators.

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract: A system, method and apparatus are provided for secure e-mail message attachment optimization. Content attached to e-mail messages may not be suited to the resource constraints of the destination wireless device. In secure e-mail messages, the message may be signed and/or encrypted. A wireless server can determine resource parameters associated with a destination wireless device, such as display resolution, memory capacity, processor speed, and wireless interface constraints and re-scale the attached content to be optimized for delivery and presentation on the wireless device.

Abstract: Methods and systems for delivering a segmented content item from a server to a first and second device are provided. A first key is used to encrypt the segmented content item into a first plurality of encrypted segments and a second key is used to encrypt the segmented content item into a second plurality of encrypted segments. The first and second keys are different. The first plurality of encrypted segments is delivered to the first device, and the second plurality of encrypted segments is delivered to the second device.

Abstract: A flexible content sharing system may comprise a network based application built on a client device using information from dissociated user experience component (UXC), application logic and execution layer (ALEL), and content distribution system (CDS) payloads. An ALEL engine may communicate a request from the network based application to a CDS module. The CDS module may interface the ALEL engine and a CDS server. The ALEL engine can act as a gate keeper and securely communicates requests from client devices to the CDS server. The CDS server is configured to manage and alert the ALEL of any enterprise policies that may be applicable to the client devices connected to the ALEL engine which, in turn, notifies the client devices to comply with the enterprise policies. The CDS server may synchronize any change made to the content by any of the client devices running network based applications.

Abstract: Systems and methods for securing data are disclosed. An administrative system may create a secure configuration. The secure configuration may disable functionality of a managed node that compromises sensitive data. However, the secure configuration may not prevent all user access to the managed node. The administrative system may deploy the secure configuration to at least one managed node. The administrative system may cause the secure configuration to be applied to the at least one managed node.

Abstract: The present invention is a method and system for accessing digital content stored on a computing device. An agreement between a subscriber and a content provider allows the subscriber to lease the digital content from the content provider, and download the digital content from a content server operated by the content provider. The method retrieves a service ticket for the computing device, and retrieves content rights for the digital content. The service ticket includes authorization data, and a session key, where the authorization data include authorized subscription services for the computing device. The content rights include required subscription services for the digital content and are delivered authenticated with the session key. The method allows access to the digital content when the authorized subscription services included with the authorization data match the required subscription services included with the content rights.

Abstract: Methods and apparatus for displaying visual content on a display such that the content is comprehensible only to an authorized user for a visual display system such as a computer, a television, a video player, a public display system (including but not limited to a movie theater), a mobile phone, an automated teller machine (ATM), voting booths, kiosks, security screening workstations, tactical displays and other systems where information is displayed for viewing.

Abstract: According to an embodiment, an encryption key generating apparatus includes a converting unit to convert input data using a physically unclonable function and outputs output data; a memory to store a plurality of pattern data, each of which is a partial data in the output data indicated by one of a plurality of index data; a generating unit to generates an encryption key on the basis of the plural of index data; and a comparing unit to compare the output data with the plural of pattern data to detect plural of locations in the output data at which partial data similar to the plural of pattern data is present. The generating unit reproduces, as the plural of index data, the plural of locations detected by the comparing unit and reproduces the encryption key on the basis of the plural of index data that have been reproduced.

Abstract: Embodiments are directed towards generating a unified user account trustworthiness system through user account trustworthiness scores. A trusted group of user accounts may be identified for a given action by grouping a plurality of user accounts into tiers based on a trustworthiness score of each user account for the given action. The tiers and/or trustworthiness scores may be employed to classify an item, such as a message as spam or non-spam, based on input from the user accounts. The trustworthiness scores may also be employed to determine if a user account is a robot account or a human account. The trusted group for a given action may dynamically evolve over time by regrouping the user accounts based on modified trustworthiness scores. A trustworthiness score of an individual user account may be modified based on input received from the individual user account and input from other user accounts.

Abstract: Systems and techniques relating to securely managing electronic resources are described. A described technique includes receiving a request to add to a mobile device an account setting for a server resource account. Detecting a trigger event for a new perimeter based on the account setting. In response to a parameter or a pattern associated with the account setting, retrieving a security policy from a resource server for the server resource account, and generating, by the mobile device, a new perimeter including the server resource account based on the security policy. The new perimeter is configured to prevent transferring data associated with the server resource account being transferred to mobile-device resources external to the new perimeter.

Abstract: In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack.

Abstract: A data processing method pertains to a step (E308) including in verifying a criterion indicative of the normal running of the method and a step (E320) including in processing performed in case of negative verification. The processing step (E230) is separated from the verifying step (E308) by an intermediate step (E312, E314) of non-null duration. The intermediate step (E312, E314) and/or the processing step (E320) includes at least one action (E314) performed in case of positive verification. The invention also concerns a corresponding device.

Abstract: Embodiments provide IP address partitioning features that can be used to source outbound email communications, but the embodiments are not so limited. In an embodiment, a computer-based method operates to identify and/or isolate one or more customers that may be misusing one or more IP addresses of a partition. A system of an embodiment is configured in part to divide a partition that includes one or more potentially misused IP addresses into one or more levels of sub-partitions as part of identifying offending or potentially offending customers. Other embodiments are included.