Abstract: A method, computer system, and a computer program product for timing secured content is provided. The present invention may include receiving a connection request and generating a pass-phrase and a key. The present invention may include encrypting a data packet, wherein the encrypted data packet consists of non-persistent data, and wherein the encryption method is symmetric encryption. The present invention may include sending the encrypted data packet to the user device. The present invention may include receiving a pass-phrase request. The present invention may include sending the generated pass-phrase, wherein the user device decrypts the encrypted data packet based on the received generated pass-phrase and key. The present invention may include receiving a message to start a timer and then invalidate access to the data packet when the timer runs out.

Abstract: Systems and methods for a secure soft token solution applicable to multiple platforms and usage scenarios are provided. According to one embodiment, a user of a mobile device is prompted to input an activation code previously provided to the user by an authentication server, which authenticates credentials provided by users of a secure network resource that is accessible via an IP-based network. A unique device ID of the mobile device is obtained via an API of an operating system of the mobile device. A seed is requested from a provisioning server. The seed is received in encrypted form based on a combination of a secret key, the unique device ID and a hardcoded-pre-shared key. The seed is bound to the mobile device by encrypting the seed based on the unique device ID. When a token is requested by the user it is generated based on the bound seed.

Abstract: Techniques for facilitating discovery and usage of digital content and services include accessing a stored rights profile of a user and determining access privileges of the user to content items or services provided by various sources. Based on the access privileges of the user, multiple access options are determined to a content item or to a service available to the user. The multiple access options include access options for accessing the content item or the service from different sources. The access options are presented to a user and a selection of an access option is received from the user. Stored business rules for the source are accessed, which identify a consumption mode specified by the source for enabling users to consume content items or services provided by the source. The user is enabled to perceive the content item or receive the service in accordance with the consumption mode.

Abstract: A method, non-transitory computer readable medium and apparatus for securing user input and/or output on a mobile endpoint device. For example, the method receives an input on the mobile endpoint device, encrypts and authenticates the input in a trusted domain of the mobile endpoint device executing an application and sends the input that is encrypted and authenticated to an untrusted domain of the mobile endpoint device over a secure channel.

Abstract: A method is provided. The method includes providing an authentication code onto a reference article associated with a person, determining a signature associated with the authentication code, imaging a candidate article to determine an image signature, and comparing the associated signature with the image signature to determine whether the candidate article is the reference article. A related system and imaging device are also provided.

Abstract: Techniques described herein relate to generating and managing digital credentials using a digital credential platform in communication with various digital credential template owners and digital credential issuers. In some embodiments, a digital credential platform server may receive and coordinate requests and responses between the digital credential template owners and a set of digital credential issuers, to determine which digital credential issuers are authorized to issue digital credential based on which digital credential templates. The digital credential platform server may provide the authorized issuers with access to particular digital credential templates and the functionality to issue digital credentials to users based on any of the particular digital credential templates. Additional techniques described herein relate to tracking, analyzing, and reporting data metrics for issued digital credentials.

Abstract: Techniques are described for performing an offline domain join and login on behalf of a computing device in order to enable the device to access corporate resources without local access to the domain controller. A slave service is described that can start a virtual machine on a local network of the enterprise, perform an offline domain join of the virtual machine, perform a first login to the virtual machine using credentials of a remote user and then capture the changes made on the virtual machine and deliver those changes to the remote user's device. These changes can then be applied on the user's device to add the credentials and configuration changes necessary for the user to access the private enterprise resources remotely.

Abstract: A method and system for providing security against phishing attacks. The method can include receiving a login ID from a client, and providing an encrypted commitment to the client. The method can also include receiving a one-time password (OTP) from the client, and validating the OTP. The method can also include sending a commitment key, to be authenticated by the client, receiving a static password from the client and authenticating the client. Embodiments of the invention are directed to a system for providing security against phishing attacks. The system can include one or more servers configured to receive a login ID from a client, and provide an encrypted commitment to the client. The processors can be configured to receive a one-time password (OTP) from the client, validate the OTP, send a commitment key, to be authenticated by the client, receive a static password from the client and authenticate the client.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

Abstract: A communication apparatus has an auto-complete function using an LDAP protocol. The apparatus inputs character information, and verifies a certificate of an LDAP server. The apparatus obtains, by the LDAP protocol, address information including the character information input by the input unit after verifying the certificate of the LDAP server.

Abstract: A method comprises obtaining at least a first software module not classified as benign or potentially malicious, extracting a set of features associated with the first software module including static, behavior and context features, computing distance metrics between the extracted feature set and feature sets of a plurality of clusters including one or more clusters of software modules previously classified as benign and exhibiting a first threshold level of similarity relative to one another and one or more clusters of software modules previously classified as potentially malicious and exhibiting a second threshold level of similarity relative to one another, classifying the first software module as belonging to a given cluster based at least in part on the computed distance metrics, and modifying access by a given client device to the first software module responsive to the given cluster being a cluster of software modules previously classified as potentially malicious.

Abstract: A computer-implemented method for accessing a hosted service on client devices is described. The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services. The method can be used in conjunction with existing VPN and proxy solutions, but provides distinct additional functionality, particularly suited to corporate needs. Policies allow entities to centralize enforcement of service-specific restrictions across networks and communication channels, e.g. only certain users can download client records from a service—irrespective of the network used to access the service.

Abstract: Systems and methods are provided for authorizing a user to access an access-controlled environment. The system includes a system server platform that communicates with fixed PC's, servers and mobile devices (e.g., smartphones) operated by users. The systems and methods described herein enable a series of operations whereby a user attempting to access an access-controlled environment is prompted to biometrically authenticate using the user's preregistered mobile device. Biometric authentication can include capturing images of the user's biometric features, encoding the features as a biometric identifier, comparing the biometric identifier to a previously generated biometric identifier and determining liveness. In addition, the authentication system can further authorize the user and electronically grant access to the access-controlled environment.

Abstract: An anti-passback algorithm for an access control system is described. The anti-passback algorithm prevents the use of valid credentials to gain access to an access-controlled area by more than one person within a given period of time. The algorithm is capable of distinguishing between credentials intentionally presented to the access control system and credentials that are unintentionally read by the access control system. Certain variables may be set by the access control system manufacturer or a trusted individual to adapt the algorithm for applications.

Abstract: A data store provides access to portions of secured data. Each portion is associated with a client-defined access control and is encrypted with attribute-based encryption. This encryption associates each portion with an encryption attribute, and enables the portion to be provided, based on a request, in accordance its client-defined access control and when the request's search attribute is relevant its encryption attribute. First and second portions are provided in response to first and second requests. Each request includes the same search attribute, and the first and second portions are associated with the same encryption attribute. The first portion is provided based on a first access control granting access to a first identity access and the search attribute being relevant to the encryption attribute. The second portion is provided based on a second access control granting access to a second identity and the search attribute being relevant to the encryption attribute.

Abstract: Embodiments of the present invention provide a reverse proxy mechanism for securely exposing, displaying and interacting with electronic content associated with a local network though a redundant service bus to the internet over secure socket layer (SSL).

Abstract: A computer-implemented method, according to one embodiment, includes receiving a request for a hypervisor to run a virtual machine; determining, using a processor, whether the virtual machine is authorized to run using a data structure having metadata about properties of the virtual machine; determining, using the processor, whether the hypervisor is authorized to run the virtual machine using a digital signature of the data structure; and running the virtual machine on a computer system using the hypervisor in response to determining that the virtual machine is authorized to be run and that the hypervisor is authorized to run the virtual machine. Other systems, methods, and computer program products are described in additional embodiments.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by one or more portable credentials using data and algorithms stored on or received by two or more credentials. Since access decisions are made by the portable credential or credentials, non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database, thereby reducing the cost of building and maintaining the secure access network.

Abstract: A method for detection and use of device identifiers to enhance the security of data transfers between electronic devices. A first electronic device can transmit access data to a second electronic device. The access data can be associated with a first access code that can be generated based at least in part on data representing a device identifier of the first electronic device. A device identifier can uniquely identify the first electronic device from a plurality of electronic devices. Transferring the access data can involve transforming the first access code into a second access code that can include data representing a device identifier associated with the second electronic device. Transforming the first access code into the second access code can facilitate access to a resource associated with the access data for a second user, but not for a first user.

Abstract: A system includes an access controller including a short range wireless communication controller to couple to a mobile device, and an access point including a long range wireless communication controller. The access point is coupled to the access controller via a secure link, and the access controller authenticates a user of the mobile device and provides access information from the mobile device to the access point via the secure link in response to authenticating the user. The access point couples to the mobile device using the access information to via the long range wireless communication controller and receives unique identification information associated with the mobile device from the mobile device. The system generates a digital certificate associated with the unique identification information and provides the digital certificate to the mobile device.