Abstract: A motion-based authentication method is operative in a mobile computing device having a display interface and that includes an accelerometer. Normally, the device software includes a locking mechanism that automatically locks the display interface after a configurable timeout. The authentication method operates to un-lock the display interface (and thus allow the user access to the device) by movement of the device in a predetermined series of physical movements and without display-based entry of a password or other access code on the display itself. In this manner, the user can un-lock the device without display-based entry of a password (on the display itself) by simply holding the device and performing the necessary movement(s) to generate the unique code.

Abstract: Hybrid, configurable business process applications can be used in conjunction with features of a content management system. For example, a first content management system installation executes a workflow instance based on a business process application whose definition is maintained in by the first content management system installation and synchronizes a workflow state of the workflow instance to a second content management system installation using a mirrored workflow state in which both content of the workflow state and metadata characterizing parameters of the workflow state are mirrored from the first content management system repository to the second content management system repository such that a content item retained in the second content management system repository is accessed for use in the workflow instance via the mirrored workflow state at the second content management system repository. Methods, systems, and articles of manufacture are described.

Abstract: Systems and methods are disclosed that enable authentication based on a physical document. Specifically, a document authentication service is disclosed that utilizes characteristics of a physical document, such as an identification card already in a user's possession, to authenticate a user. In one embodiment, the characteristics of a document may be processed based at least in part on an expected wear of the document (e.g., from use by the user). Expected wear may be identified, for example, based on historical data gathered across a number of users of the document authentication service.

Abstract: A method for implementing network security policies in a multi-tenant network environment may include receiving a request for implementation of at least one network security policy on one or more computing devices of a service provider cloud environment. The network security policy identified by the request may be retrieved. The network security policy may be encrypted using encrypting credentials of the one or more computing devices. Decrypting credentials corresponding to the encrypting credentials are stored in a Trusted Platform Module (TPM) within the one or more computing devices. The encrypted network security policy may be pushed to the one or more computing devices, for decryption and implementation at the one or more computing devices.

Abstract: A method, a system, and computer readable medium comprising instructions for message delivery security validation are provided. At least one authentication setting from an end user is received at a data collection system. A validation key is generated based on the at least one authentication setting. A message and the validation key are sent to a device of a recipient. The device of the recipient are automatically authenticated using the validation key. The message is delivered to the device of the recipient upon authentication.

Abstract: Methods, systems, and computer program products for encrypting photograph metadata are provided. An image file is received. The image file includes digital image data and a plurality of data fields. A first data field of the plurality of data fields includes a first metadata. A rule set for modifying the first metadata is received. In response to determining that at least one rule of the rule set corresponds to the first metadata, the first metadata is encrypted based to create a second metadata. The second metadata is stored in the image file.

Abstract: An apparatus comprises a storage system and a key manager incorporated in or otherwise associated with the storage system. The storage system comprises first storage of a first type and second storage of a second type with the first storage providing enhanced data protection relative to the second storage. The key manager is configured to maintain a master key hierarchy for the storage system. The master key hierarchy comprises a plurality of levels each including one or more master keys, with an uppermost level of the master key hierarchy comprising a root master key that is stored in the first storage and at least one lower level of the master key hierarchy comprising a plurality of master keys that are stored in the second storage under encryption by the root master key. Keys of a lowermost level of the master key hierarchy are associated with respective groups of data items.

Abstract: An integrated security system which seamlessly assimilates with current generation logical security systems. The integrated security system incorporates a security controller having standard network interface capabilities including IEEE 802.x and takes advantage of the convenience and security offered by smart cards and related devices for both physical and logical security purposes. The invention is based on standard remote authentication dial-in service (RADIUS) protocols or TCP/IP using SSL, TLS, PCT or IPsec and stores a shared secret required by the secure communication protocols in a secure access module coupled to the security controller. The security controller is intended to be a networked client or embedded intelligent device controlled remotely by to an authentication server. In another embodiment of the invention one or more life cycle management transactions are performed with the secure access module.

Abstract: In an approach for protecting against use of clones of electronic devices, a first sequence value is initialized on the server and an equal second sequence value is initialized on an electronic device. In response to a first login request to the server from a user operating the electronic device, the first and second sequence values are compared. If the values are equal, processing of the login process continues. Otherwise, the login request is rejected. If the login is successful, a next value is computed for the first and second sequence values, and the next first and second sequence values are stored on the server and on the electronic device, respectively.

Abstract: Methods, systems, and computer program products are included for loading a code module. A method includes providing, by a hypervisor, a virtual machine that includes a guest operating system. The code module and a signature corresponding to the code module are sent by the guest operating system to the hypervisor. One or more relocations are applied to the code module. The hypervisor verifies the signature corresponding to the code module. After verifying the signature, the hypervisor allows the guest operating system to execute the code module.

Abstract: The present disclosure relates to a computer system for querying a database residing on a server computer of the computer system, said database storing data records, the database further comprising a relation, wherein the relation comprises data items, wherein the data items are encrypted with a first encryption method in the relation, wherein the data items form a partially ordered set in the relation, the partial order being formed with respect to the data items in non-encrypted form, wherein a referential connection exists assigning each encrypted data item in the relation to a respective data record of the data records, wherein the encrypted data items are annotated with data elements of a linear order in the database, the linear order corresponding the order in which the encrypted data items are stored in the relation with respect to the partial ordered set, the computer system further comprising a client computer, the client computer being configured for sending to the server computer a request for data

Abstract: A device includes a thermal infrared sensor and a processor, operatively coupled to the thermal IR sensor. The processor is configured to determine that the device has been successfully unlocked by a user using a security procedure, obtain a thermal signature for the user using thermal sensor data from the thermal infrared sensor, monitor proximity of the user to the device using the thermal signature and maintain the device unlocked if the thermal signature is detectable and is within the detection proximity of the thermal infrared sensor.

Abstract: A device hub system includes: a control unit configured to: generate a workroom for providing access to a workroom accessible resource, including an enterprise multifunctional printer, protected by a network firewall; provide authentication for a participant device to access the workroom; receive a workroom request through the workroom; generate a workroom sharable information from the workroom request; and a communication unit, coupled to the control unit, configured to distribute the workroom sharable information within the workroom.

Abstract: An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider.

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

Abstract: The field of the invention relates to network connected authentication systems, and more particularly to systems and methods that enable authentication of one or more users of a group using network connected devices. In an embodiment, the system includes a network connected authentication server coupled to a network for access by a plurality of user devices in a group to authenticate a user of one or more third party applications. When a user of the group visits a third party application and initiates a group authentication, the network connected authentication server retrieves authentication rules and sends authentication requests to the user devices of the group based on the authentication rules.

Abstract: Systems and techniques are provided for creating sensor based rules for detecting and responding to malicious activity. Evidence corresponding to a malicious activity is received. The evidence corresponding to malicious activity is analyzed. Indicators are identified from the evidence. The indicators are extracted from the evidence. It is determined that an action to mitigate or detect a threat needs to be taken based on the indicators and evidence. A sensor to employ the prescribed action is identified. Whether a sensor based rule meets a threshold requirement is validated. A configuration file used to task the sensor based rule to the identified sensor is created. The number of sensor based rule triggers is tracked.

Abstract: A 1st domain makes a request to a 2nd domain using a URI including the name of the 2nd domain, a public path for the domains, and a cryptographically secure path generated by the 1st domain. The 2nd domain makes a request to the 1st domain using a URI including the name of the 1st domain, the pre-defined public path, and the cryptographically secure path. The 1st domain or the 2nd domain sets a cookie including a message (the cookie's path scope includes the pre-defined public path and the cryptographically secure path, the cookie's domain scope includes all sub-domains of the nearest common ancestor for the 1st and 2nd domains), and makes a request to the other domain using a URI including the name of the other domain, the pre-defined public path, and the cryptographically secure path, which causes a web browser to send the cookie to the other domain.

Abstract: According to an embodiment, an authentication system includes a physical device, a calculator, and an authenticator. The physical device includes a data source which outputs a data sequence along time series. The calculator performs, using hidden Markov model, probability calculation on an ID which is based on the data sequence obtained from the physical device. The authenticator authenticates the physical device based on calculation result of the calculator.

Abstract: In one embodiment, a method includes identifying unusual behavior with respect to a handshake between a first endpoint and a second endpoint that are included in a network, and determining whether the unusual behavior with respect to the handshake indicates presence of malicious software. The method also includes identifying at least one of the first endpoint and the second endpoint as potentially being infected by the malicious software if it is determined that the unusual behavior with respect to the handshake indicates the presence of malicious software.