Abstract: Techniques and tools are described which provide control access mechanisms for contents made available by a service provider to a user. The user, after a registration process, uses a mobile application on a mobile device to generate a one-time content key. The content key is input into a set-top box which validates the key and provides access to the protected content. The mobile application allows for password protection for the user, as well as a recharging ability when its one-time content keys are exhausted.

Abstract: The present invention provides a method and system for automated test for human presence at a client device capable of receiving touch sensitive response. At a server, the method includes receiving and storing user profile information. Receiving request from client device to access a resource on a server. Generating a query based on the user profile information and the query requiring user to generate a touch sensitive response. Receiving the user generated response and authenticating the user if the touch sensitive response matches a predefined response for the query stored on the server.

Abstract: The present invention provides a method and system for calculating a security index of an application hosted in a cloud environment. The application is mapped to a cloud service provider of the cloud environment, and a set of security controls and a set of security metrics applicable for the application are identified. The set of security controls and the set of security metrics are encapsulated into a security profile object by a security control module. A set of values of the set of security metrics are retrieved from the cloud service provider, by a cloud probe module, and the security index of the application is calculated.

Abstract: A method, non-transitory computer readable medium, and access manager device includes providing an initial challenge to a client computing device requesting access to a service. The initial challenge includes one or more of one or more objects, one or more indicative answers, and one or more questions based on the one or more objects. At least one challenge response to the initial challenge is received from the client computing device. A determination is when there is a match between the at least one challenge response to the initial challenge and corresponding response data associated with the initial challenge. One or more actions with respect to the request to access the service are performed based on the determination.

Abstract: A method, non-transitory computer readable medium, and apparatus that authenticates a user without personal information includes obtaining at a secure authentication computing apparatus a context identifier, a registration identifier of one of a plurality of string generator modules assigned to a client computing device requesting access, and a client string generated by the client computing device requesting access from an agent computing device associated with the client computing device requesting access. An authentication string is generated with the secure authentication computing apparatus based on the obtained context identifier and a corresponding one of the plurality of string generator modules provided to the client computing device requesting access based on the registration identifier. The requested access by the client computing device is granted with the secure authentication computing apparatus when the client string matches the authentication string.

Abstract: Embodiments of a system and method to perform a secure deletion of a set of data from a remote cloud computing system are described. As described, in some embodiments, a user of a cloud computing service that provides data storage may securely delete his stored set of data by acquiring elevated access privileges to the stored set of data, designating at least one most significant bit in at least one data block therein as a sentinel and recording its value and position, updating the value of the sentinels and thereby rendering the data unusable, and verifying the success of the operation by checking the new value of the sentinels against the original value. In some embodiments, the verification process may be repeated in order to ensure that the data has been rendered useless across all nodes of the remote cloud platform.

Abstract: Methods, systems, products and devices are implemented for editing video image frames. According to one such method, image content is embedded into video. A selection input is received for a candidate location in a video frame of the video. The candidate location is traced in subsequent video frames of the video by approximating three-dimensional camera motion between two frames using a model that compensates for camera rotations, camera translations and zooming, and by optimizing the approximation using statistical modeling of three-dimensional camera motion between video frames. Image content is embedded in the candidate location in the subsequent video frames of the video based upon the tracking thereof.

Abstract: Three-dimensional image data is generated. According to an example embodiment, three-dimensional depth information is estimated from a still image. A set of monocular images and their corresponding ground-truth depth maps are used to determine a relationship between monocular image features and the depth of image points. For different points in a particular image, the determined relationship is used together with local and global image features including monocular cues to determine relative depths of the points.

Abstract: A method and system is provided to authorize a user to access in a service of higher trust level. The method includes the steps of defining first password, assigning a second password to a user, generating a value for each constituent of second password on operating an exclusivity relationship, calculating the score for the second password on summing the generating value, combining trust levels of multiple users to attain a higher trust level in aggregate, and obtaining access in a service if the aggregated trust level of users are equal to or more than the predetermined trust level of the service. The present technique provides flexibility of authenticating and authorizing a user to access in a service to perform desirable functions thereon. The present technique eliminates the requirement of tokens, pins, dongles etc. while attaining a higher trust level to perform a task which belongs to a higher trust level.

Abstract: Methods and systems for providing a voice-based digital signature service are disclosed. The method includes a first user sending a document to a second user for signature, and the first user also sending a PIN to the second user and to a voice verification authority. The second user sending, to the voice verification authority, a voice recording comprising the PIN along with consent of the second user to the PIN. The voice verification authority comparing the voice recording with a predefined voice sample of the second user, and the PIN received from the first user with the PIN received from the second user. The voice verification authority then sending a notification to a signing entity based on the comparison. The signing entity signing the PIN of the document with a private key associated with the second user and sends an acknowledgement to the first user and the second user.

Abstract: A method, non-transitory computer readable medium, and apparatus that authenticates a user without personal information includes obtaining at a secure authentication computing apparatus a context identifier, a registration identifier of one of a plurality of string generator modules assigned to a client computing device requesting access, and a client string generated by the client computing device requesting access from an agent computing device associated with the client computing device requesting access. An authentication string is generated with the secure authentication computing apparatus based on the obtained context identifier and a corresponding one of the plurality of string generator modules provided to the client computing device requesting access based on the registration identifier. The requested access by the client computing device is granted with the secure authentication computing apparatus when the client string matches the authentication string.

Abstract: Embodiments of a system and method to perform a secure deletion of a set of data from a remote cloud computing system are described. As described, in some embodiments, a user of a cloud computing service that provides data storage may securely delete his stored set of data by acquiring elevated access privileges to the stored set of data, designating at least one most significant bit in at least one data block therein as a sentinel and recording its value and position, updating the value of the sentinels and thereby rendering the data unusable, and verifying the success of the operation by checking the new value of the sentinels against the original value. In some embodiments, the verification process may be repeated in order to ensure that the data has been rendered useless across all nodes of the remote cloud platform.

Abstract: A method for adaptive data masking of a database is provided. The method comprises extracting data from a first database and providing one or more predefined rules for masking the extracted data. The method further comprises masking a first portion of extracted data using a trained Artificial Neural Network (ANN), where the ANN is trained for masking at least one database having properties similar to the first database. The masked and unmasked data is aggregated to arrive at an output structurally similar to the extracted data. The method furthermore comprises determining a deviation value between the arrived output and expected output of the extracted data, and adapting the trained ANN automatically according to data masking requirements of the first database, if the deviation value is more than a predefined value.

Abstract: Various technologies related to one-time credit card numbers are presented. One-time credit card numbers can originate from a customer device and be independently generated by the customer device without online communication with an issuer. Signed transaction details can also be sent, providing non-repudiation of the purchase transaction. Merchant infrastructure need not be changed to accommodate the one-time credit card numbers. The technologies can be particularly resilient to replay, forgery, man-in-the-middle, and guessing attacks for credit card number generation or other usage by an attacker.

Abstract: The present invention provides a method and system for automated test for human presence at a client device capable of receiving touch sensitive response. At a server, the method includes receiving and storing user profile information. Receiving request from client device to access a resource on a server. Generating a query based on the user profile information and the query requiring user to generate a touch sensitive response. Receiving the user generated response and authenticating the user if the touch sensitive response matches a predefined response for the query stored on the server.

Abstract: The invention provides a method, a system, and a computer program product checking for human interaction dynamically to enable access to a resource in a computing environment. The method comprises collecting a plurality of objects. For each object, a plurality of properties is defined. A set of objects is selected from the plurality of collected objects. Thereafter, queries are generated based on the properties of the selected objects. Queries which have a non-unique or ambiguous response are removed. One of the remaining queries is randomly selected. The answer to the query, based on properties of the selected objects, is stored. The selected set of objects and the selected query are presented to the user who is trying to gain access to the resource. The user is enabled access to the resource if the response received from the user is validated against the stored answer of the selected query.

Abstract: Disclosed are methods and computer program product for securing data corresponding to one or more data fields of a form by providing data integrity, confidentiality and non-repudiation. The present invention includes providing one or more controls for enabling selection of at least one security type for each of the data fields corresponding to the form. Further, at least one security routine is implemented for the data fields to produce corresponding secured data. The at least one security routine corresponds to the selected at least one security type. Further, a system for securing the data is also disclosed.

Abstract: A method and system for adaptive vulnerability scanning (AVS) of an application is provided. The adaptive vulnerability scanning of an application assists in identifying new vulnerabilities dynamically. The endpoints of an application are scanned using a predefined set of rules. Subsequently, one or more possible vulnerabilities are presented. The vulnerabilities are analyzed and predefined rules are modified. The steps of scanning the application and modification of rules are iteratively repeated till the adaptive vulnerability scanning capability is achieved. A neural network is used for training the adaptive vulnerability scanner. This neural network is made to learn some rules based on predefined set of rules while undergoing the training phase. At least one weight in neural networks is altered while imparting the self learning capability.

Abstract: A system and method for presenting on-demand masking of data as a software service in a distributed environment is provided. An application hosted on a computing device receives request for access to application data from a user. Credentials of the user are first validated in order to determine whether the user is authorized to access the requested application data. For an authorized user, a category of the user is determined to ascertain whether the user is privileged to obtain full access. In case the user is a privileged user, unmasked application data is fetched from a database utility and provided to the user. In case the user is not a privileged user, application data access request is transferred to a data masking service. Application data is fetched from database utility, masked based on pre-defined masking rules and provided to the user.

Abstract: A communication system and method are disclosed for establishing a secure communication channel including: a server for generating and storing a first instance of a unique personalized client application associated with a first-time user on the server, a client terminal for the user to communicate with the server over a communication channel and a standalone computing device having a second instance of the unique personalized application. The user authenticates the server based on a first dynamic identifier (DI-1) generated by the first instance of the unique personalized client application and the server authenticates the user based on a second dynamic identifier (DI-2) generated by the second instance of the unique personalized client application.