Abstract: Disclosed herein are techniques for authenticating a user via gestures, QR codes, and passphrases generated to incorporate typing habits of the user. A passphrase system generates a one-time use passphrase, which incorporates hallmarks and/or quirks of the user's typing, and presents the generated passphrase as an authentication challenge to authenticate as the user. If metrics collected during the authentication challenge are statistically similar to metrics of the user's typing, the authentication succeeds; otherwise, the authentication fails. A user's gesture habits during input of an authentication drawing may be used as a target for future authentication attempts. A user's input motions (typing and/or gestures) may be converted into a secure QR code; a different host device may use the secure QR code to obtain the target metrics for future authentication attempts of the user.

Abstract: A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users.

Abstract: Secure bulk messaging mechanism in which, roughly described, a sender first encrypts a message once. The message can be decrypted with a message decryption key. These can be symmetric or asymmetric keys. For each recipient, the sender then encrypts the message decryption key with the recipient's public key. The sender then sends the encrypted message and the encrypted message decryption keys to a store-and-forward server. Subsequently, one or more recipients connect to the server and retrieve the encrypted message and the message encryption key that has been encrypted with the recipient's public key. Alternatively, the server can forward these items to each individual recipient. The recipient then decrypts the encrypted message decryption key with the recipient's private key, resulting in an un-encrypted message decryption key. The recipient then decrypts the message using the un-encrypted message decryption key.

Abstract: Circuitry to facilitate verification of the integrity of a target instance of a computing platform is described. Specifically, a processor can include circuitry to measure execution parameter values during an execution of a portion of a software image, wherein the execution parameter values represent a sequence of execution states that the target instance of the computing platform passes through while executing the portion of the software image. During operation, a software image can be generated that, when executed at the target instance of the computing platform, verifies integrity of the computing platform. Next, the software image can be sent to the target instance of the computing platform. The processor at the target instance of the computing platform can execute the software image, thereby enabling the verification of the integrity of the target instance of the computing platform.

Abstract: Disclosed is a system whereby it is possible to verify the safety of a person even if the person is not aware that the person is being searched for as a missing person. In this system, each verification requesting person who is searching for another person registers, in a database of a portal server (4), a set comprising a feature value of the face of the searched-for person and personal information (e.g., telephone number) about the searched-for person or the verification requesting person. A field server (2) constantly compares feature values of captured face images with the database, and if a close match is found between the feature value of a captured face image and the stored feature value of the face of a person, the field server (2) presents the registered personal information associated with that person to the person from which the captured face image was derived and requests verification from the latter person.

Abstract: A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

Abstract: Systems and methods for secure, policy-based, access control and management of mobile computing devices, including policy decision enforcement mechanisms, device and private network presence testing, aspects of file system controls, policy set sanity checking algorithms, performance optimizations.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: Systems and methods for detecting potential steganography use to hide content in computer files transmitted via electronic communications are provided. An electronic communication associated with a computer file may be identified. The communication and the computer file may be analyzed to determine whether the computer file potentially includes hidden content. To determine whether the computer file potentially includes hidden content, a set of steganographic criteria may be analyzed. If at least a portion of the steganographic criteria are satisfied, then it may be determined that the computer file potentially includes hidden content. If at least a portion of the steganographic criteria are not satisfied, then it may be determined that the computer file does not potentially include hidden content. If the computer file is determined to potentially include hidden content, an individual may be notified of the communication associated with the computer file.

Abstract: Systems and methods are disclosed for providing an unregistered user with access to a network in a secure and efficient manner. A random, on-demand password is generated and the password is associated with an account that permits the user to access the network for a single session only. The account is also associated with a specific IP address. Entry of the password permits access to the network on the IP address associated with the account. At the conclusion of the single session, the password is disposed of such that it will no longer enable access to the network. An access point associated with the network can also be configured to collect marketing information by pairing the IP address with a virtual IP address, in which a user's demographic information is embedded. Such configuration can be used to aggregate data concerning the network activities of users with similar demographic characteristics.

Abstract: A method and system for influencing a virtual environment establishes a machine application interface which utilizes an application interaction layer to allow multitasking of applications within a single virtual environment, the method and system also allow for the use of two-dimensional legacy applications within the virtual environment. The method and system receives requests from outside applications and mediates control of spaces within the virtual environment depending on the user's security preferences.

Abstract: A data processing apparatus comprises a processing element having associated memory storage and one or more registers, the processing element being configured to perform processing activities in two or more security modes so as to inhibit a processing activity performed in one of the security modes from accessing at least some information associated with a processing activity performed in another of the security modes; in which the processing element is configured, in response to a function call causing a branch from a processing activity in a first security mode to a processing activity in a second security mode, to store the contents of one or more of the registers in the memory storage and, in response to a branch return to the first security mode, to retrieve the register contents from the memory storage; and trace apparatus configured to generate items of trace data indicative of processing activities of the processing element; in which the trace apparatus is configured to detect a branch return operatio

Abstract: A communicating apparatus, method, and system that capture an image, authenticate a person in the image that has been captured, determine a direction of the person based on a result of authenticating the person, and control transmission of a radio wave in the determined direction to connect a terminal device to a network, and communicate with the terminal device connected to the network by using access information included in the transmitted radio wave.

Abstract: A method, computer system, and a computer program product for timing secured content is provided. The present invention may include receiving a connection request from a user device. The present invention may also include generating a pass-phrase and a key based on the received connection request. The present invention may then include encrypting a data packet based on the generated pass-phrase and the generated key. The present invention may further include sending the encrypted data packet to the user device. The present invention may also include receiving a pass-phrase request from the user device. The present invention may then include sending the generated pass-phrase in response to receiving the pass-phrase request. The present invention may further include receiving a message to start a timer associated with the sent data packet. The present invention may also include starting the timer based on the received message to start the timer.

Abstract: Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session.

Abstract: A proxy server mitigates security risks of user credentials sent across a network in clear text. The proxy server encrypts user credentials within a client application request destined for an application server. The proxy server forwards the client application request to the application server. The application server sends the encrypted user credentials to the proxy server where the proxy server decrypts the user credentials and authenticates the user credentials with an authentication server.

Abstract: The invention enables a client device that does not support IEEE 802.1X authentication to access at least some resources provided through a switch that supports 802.1X authentication by using dynamic authentication with different protocols. When the client device attempts to join a network, the switch monitors for an 802.1X authentication message from the client device. In one embodiment, if the client fails to send an 802.1X authentication message, respond to an 802.1X request from the switch, or a predefined failure condition is detected the client may be deemed incapable of supporting 802.1X authentication. In one embodiment, the client may be initially placed on a quarantine VLAN after determination that the client fails to perform an 802.1X authentication within a backoff time limit. However, the client may still gain access to resources based on various non-802.1X authentication mechanisms, including name/passwords, digital certificates, or the like.

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract: Systems and methods for payload encoding and decoding are disclosed. An example method to decode audio data includes receiving audio data having protected information embedded in the audio data; receiving a license file containing a first portion of a set of information required to access the protected information embedded in the audio data; processing the license file to obtain at least one of decoding information, message codes, a decoding algorithm or diagnostic information; producing a stream of symbol values for each code symbol included in the received audio signal; accumulating the stream of symbol values in a storage device; detecting the presence of an encoded message; outputting the detected message.

Abstract: In a computing device, when a user requests to carry out an operation, the device determines the type of operation requested and the time period since the user was last authenticated. The operation is enabled only if the determined time period does not exceed a threshold for the requested operation.