Abstract: A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server.

Abstract: Generally, this disclosure describes technologies for restoring and/or synchronizing templates such as biometric templates to/among one or more client devices. In some embodiments one or more client devices may register with a synchronization server and provide encrypted copies of their reference templates to the server. In a restoration operation, the synchronization server may provide an encrypted copy of a client's reference template(s) to the client, which may decrypt them in a protected environment. In a synchronization operation, the synchronization server may provide encrypted copy of a first client's template(s) to a plurality of second clients. The second clients may then decrypt the encrypted template(s) within a protected environment using an appropriate decryption key.

Abstract: Apparatus and method for detecting unauthorized tampering with a data storage device having a housing and a memory. A first identifier value is stored on an external surface of the housing and a second identifier value is stored within the memory. The first and second identifier values are combined in a predetermined order to form a combined identifier value for which a digital signature is generated using a private key, and the digital signature is stored on the storage device. The digital signature, the first and second identifier values, and one or more dummy identification values are retrieved from the storage device and stored in a memory of a verification device, which combines the retrieved first and second identifier values in the predetermined order to generate a retrieved combined identifier value. The storage device is authenticated using the retrieved combined identifier value, the digital signature and a public key.

Abstract: A system and method for dynamic and secure communication and synchronization of personal data records through a distributed network. More specifically, a system that receives, stores and secures personal data records for users and then transmits and synchronizes personal data records between users in a distributed network based on rule-based security controls.

Abstract: An automatic electronic certification trading system, comprising: a trading device, a wireless mobile device, an electronic certification import device, an electronic certification server; wherein, the electronic certification server stores a multigroup electronic certification collection, and the electronic certification collection is imported to the trading device through the electronic certification import device or to the trading device by the electronic certification server through wireless network. Next, it is detected if the distance between the wireless mobile device and the trading device entering a set distance or not.

Abstract: A system and method for unlocking devices associated with a carrying bag are provided. In example embodiments, biometric information of a user from a biometric reader is received by an authentication system. The biometric reader is located on a pull mechanism of a sliding fastening device for a carrying bag. The user is authenticated by verifying the validity of the biometric information. The authenticated user is associated with the carrying bag. Based on a set of pre-defined permissions, one or more devices associated with the carrying bag are unlocked.

Abstract: In one embodiment, a method is provided that may include one or more operations. One of these operations may include, in response, at least in part, to a request to store input data in storage, encrypting, based least in part upon one or more keys, the input data to generate output data to store in the storage. The one or more keys may be authorized by a remote authority. Alternatively or additionally, another of these operations may include, in response, at least in part, to a request to retrieve the input data from the storage, decrypting, based at least in part upon the at least one key, the output data. Many modifications, variations, and alternatives are possible without departing from this embodiment.

Abstract: A technique allows a client computer with a web browser to receive a web page having active content in response to transmitting a request for content. The active content includes a signature and a set of attributes associated with a web domain. The web browser can interpret the signature and the set of attributes as formatted in the active content. Validation of the signature and the set of attributes can be in a secure mode through a secure enclave module.

Abstract: Securing a credential is disclosed. A reference to the credential that will provide access to a service is stored in a credential store. The credential from the credential store is provided to an application execution platform having access to the credential store. The application execution platform includes an interface to access the service using the credential. Application code that references the credential stored in the credential store is stored in a code repository.

Abstract: A communication device employs a contactless secure communication interface to transmit and receive data with a computing device using close proximity extremely high frequency (EHF) communication. The communication device and the computing device periodically initiate a discovery operation mode, whereby the devices periodically transmit identifying information about the respective devices and listen for identifying information from the other device. Upon completion of the discovery mode operation, the devices enter a link-training operation mode and exchange capability information about the respective devices. During transport mode operation the communication device employs methods to manage access to data stored on the communication device by encrypting the data using one or a combination of training information or capability information as a basis for generating an encryption key.

Abstract: Provided is a network system which improves a security and prevents illegal use when providing services such as Internet banking services. A random graphic table (RMT) is issued to a user, and having text characters which a user inputs and figures which corresponds to the text characters, respectively, and which is unrelated to the text characters such as a photograph. A banking organization server (30) manages random graphic table data corresponding to the random graphic table (RMT), distributes data for input including a portion of the random graphic table data to a communication terminal device (10) when information is inputted, and executing a specification of information to be specified while comparing the data for input with the random graphic table (RMT).

Abstract: Ongoing analytics streams are received over time from mobile computing devices. An analytics stream comprises data corresponding to monitored activity that occurred on the originating mobile computing device. Dynamic, personalized knowledge based authentication questions are generated from analytics stream data. In response to an authentication request from a user, the user is prompted to answer a given number of current dynamic, personalized knowledge based authentication questions.

Abstract: Provided is an information processing device including a data processing unit that executes reproduction processing of content recorded in an information recording medium. The content includes an individual segment region formed of a plurality of variation data in which identification information different from each other is embedded and each of which can be decrypted by a different key, and a common segment region formed of single data. The variation data is formed of a 6144 byte aligned unit. The data processing unit calculates a reproduction path by applying a device key held in a memory, and selects an aligned unit corresponding to one variation data that corresponds to the calculated reproduction path from a plurality of aligned units configuring the plurality of variation data in the individual segment region included in the data read from the information recording medium, and then, executes the decryption and reproduction processing.

Abstract: The disclosure relates to a digital identity system including an enrolment module executing on a processor configured to receive a data item from an enrolling device and to create in persistent electronic storage a digital profile comprising the data item. The system also includes a credential creation module executing on a processor configured to generate a credential from a random sequence, to associate the credential with the digital profile in a database, and to transmit the credential to the enrolling device. The system further includes a publication module executing on a processor configured, in response to later presentation of the credential to the digital identity system, to publish the digital profile by storing a version of the digital profile in a memory location accessible to a device presenting the credential.

Abstract: A static analysis for identification of permission-requirements on stack-inspection authorization systems is provided. The analysis employs functional modularity for improved scalability. To enhance precision, the analysis utilizes program slicing to detect the origin of each parameter passed to a security-sensitive function. Furthermore, since strings are essential when defining permissions, the analysis integrates a sophisticated string analysis that models string computations.

Abstract: Concepts and technologies are disclosed herein for a peer applications trust center. A trust client can execute on a client computer and a trust service can execute on a server computer to provide the peer applications trust center. The trust client or trust server can register applications. During registration, the trust server or the trust client can generate a public key or other identifier for identifying the registered application. If another application requests access to the registered application, the trust server or the trust client can determine if the request specifies a registered application by name. If the requestor is granted access to the application, the requestor can be issued a token. Tokens can be revoked, updated, replaced, or renewed for various purposes.

Abstract: The disclosure relates to a digital identity system for creating a computer stored digital identity. The system includes a network interface configured to send and receive electronic messages, persistent electronic storage, a profile management module executing on a processor configured to receive from an entity an electronic message comprising a data item, extract the data item from the electronic message and store the data item in a digital profile in the persistent electronic storage. The system also includes a credential creation module executing on a processor, a publication module executing on a processor, and a receipt generation module executing on a processor.

Abstract: A system and associated methods for validating and managing user identities are disclosed. In at least one embodiment, a central computing system is configured for receiving and processing data related to an at least one user and associated identity. A user account is established and associated with each user, the account containing at least one of a unique account identifier, an identity score representing a quality rating of the user based on the at least one identity, and an identity table containing details related to the at least one identity. In at least one embodiment, the computing system is capable of selectively validating the at least one identity, dynamically calculating the identity score associated with the at least one user, and even leveraging select unique identifying data to create a persistent multi-factor authentication process in conjunction with a mobile device associated with the at least one user.

Abstract: Disclosed are systems and methods that facilitate encryption of email messages that are transported between mail servers. In some cases, email messages may be relayed through relay mail servers as well. An email message can be encrypted using a public key that corresponds to an organization associated with the recipient rather than a public key associated with the particular recipient. The email message can then be decrypted by the recipient mail server and deposited into a mailbox of the recipient.

Abstract: Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a directive to implement an appropriate firewall policy for one or more network traffic items based on interaction with one or more action objects by the administrator, the firewall then automatically defines and establishes an appropriate firewall policy.