Abstract: A first request and a first identifier corresponding to an identity of a first source device that initiated the first request is received. At least a second source device is queried to obtain information indicative of whether the first source device is authorized to complete the first request. The second source device is configured to periodically gather and transmit data, over one or more networks, to one or more local processing devices or one or more remote devices for data analysis. The first request is blocked or authorized to proceed based at least in part on whether at least the first source device is authorized to complete the first request.

Abstract: Techniques are disclosed relating to authenticating a client computer system to a server computer system. In some embodiments, a client computer system sends, to a server computer system, authentication information for an initial access request for one or more resources. This information may include authentication credentials and attributes that collectively identify the client computer system. In some embodiments, the client computer system receives, from the server computer system, an authentication response that indicates an initial authentication of the client computer system. In some embodiments, the authentication response includes a cryptographic key. While the initial authentication is valid, in some embodiments, the client computer system repeatedly re-authenticates for subsequent access requests. Each of the subsequent access request may include a single-use password generated using a cryptographic key and the attributes of the client computer system.

Abstract: An embodiment of a system is disclosed in which a computer system may receive a sequence of failed login attempts to access a user account, and assess a risk level associated with the sequence of failed login attempts. The risk level may be assessed based on a plurality of characteristics of the sequence of failed login attempts. Based on the assessed risk level, the computer system may select a lockout policy that includes a lockout period. The computer system may determine that a lockout threshold, corresponding to a number of failed login attempts, has been reached. In response to determining that the lockout threshold has been reached, the computer system may prevent further login attempts during the lockout period. In addition, the computer system may permit subsequent login attempts after the lockout period has ended.

Abstract: A first request and a first identifier corresponding to an identity of a first source device that initiated the first request is received. At least a second source device is queried to obtain information indicative of whether the first source device is authorized to complete the first request. The second source device is configured to periodically gather and transmit data, over one or more networks, to one or more local processing devices or one or more remote devices for data analysis. The first request is blocked or authorized to proceed based at least in part on whether at least the first source device is authorized to complete the first request.

Abstract: Techniques are disclosed relating to user authentication based on password-specific cryptographic keys. In some embodiments, a user device receives, from an authentication server, an authentication challenge that includes an item of challenge information. Further, in some embodiments, the user device receives user input indicative of a password and then performs a cryptographic function on the password to generate a password-specific cryptographic key. The computing device may access an initial seed value that was previously provided by the authentication server and generate an updated cryptographic key based on the initial seed value and the password-specific key. Further, in various embodiments, the user device generates authentication information based on the updated cryptographic key and the item of challenge information. The user device may then send an authentication response, including the authentication information, to the authentication server.

Abstract: According to an embodiment of the present disclosure, a method by an electronic message server includes determining that an electronic message for delivery to a first user comprises sensitive content. Prior to transmitting the electronic message to a client device associated with the first user, the electronic message server requests at least one device attribute from the client device associated with the first user. The at least one device attribute is received from the client device associated with the user. Based on the at least one device attribute, the electronic message server masks the sensitive content such that the masked sensitive content is unreadable within the electronic message. The electronic message that includes the masked content that is unreadable within the electronic message is transmitted to the client device associated with the first user.

Abstract: Techniques are disclosed relating to authenticating a client computer system to a server computer system. In some embodiments, a client computer system sends, to a server computer system, authentication information for an initial access request for one or more resources. This information may include authentication credentials and attributes that collectively identify the client computer system. In some embodiments, the client computer system receives, from the server computer system, an authentication response that indicates an initial authentication of the client computer system. In some embodiments, the authentication response includes a cryptographic key. While the initial authentication is valid, in some embodiments, the client computer system repeatedly re-authenticates for subsequent access requests. Each of the subsequent access request may include a single-use password generated using a cryptographic key and the attributes of the client computer system.

Abstract: Techniques are disclosed relating to generating cryptographic keys using supplemental authentication data for use in user authentication. In one embodiment, an authentication application executing on a computing device may access an initial cryptographic key that is shared with an authentication server configured to authenticate a user of the computing device to a service provided by a server system. The authentication application may execute a routine to obtain a supplemental authentication data value that is not stored by the computing device prior to executing the routine. Further, the authentication application may generate an updated cryptographic key based on the initial cryptographic key and the supplemental authentication data value. In some embodiments, the authentication application may use the updated cryptographic key to generate a one-time passcode that, when communicated to an authentication server, is usable to authenticate the user to the service.

Abstract: A computer program product that is configured to be executed by a processor is disclosed. The computer program product is configured to store environmental information for a plurality of authentication transactions attempted by a particular user and receive, via a communications network, a request to perform an authentication transaction for the particular user. The request includes a first one-time password and environmental information corresponding to the requested authentication transaction. A risk assessment is performed by comparing the stored and received environmental information and a window is sized for authenticating the user based on the risk assessment. The window may be one or both of an authentication window and a synchronization window. A post-sizing attempt to authenticate the particular user is performed by comparing the first one-time password with the first range of one-time passwords.

Abstract: A method includes receiving, from a user, a request to authenticate. The authentication request may include a user id. The method may also include verifying the user id. The method also includes generating a request for a one-time graphical pattern. The method further includes transmitting the request for the one-time graphical pattern to a server and receiving, from the server, the one-time graphical pattern. The method includes transmitting the one-time graphical pattern to the user and prompting the user to input the graphical pattern. The method may also include receiving the inputted graphical pattern from the user and determining whether the inputted graphical pattern matches the transmitted one-time graphical pattern sent to the user. If the inputted graphical pattern matches the transmitted one-time graphical pattern sent to the user, the method may include authenticating the user.

Abstract: According to an embodiment of the present disclosure, a method by an electronic message server includes determining that an electronic message for delivery to a first user comprises sensitive content. Prior to transmitting the electronic message to a client device associated with the first user, the electronic message server requests at least one device attribute from the client device associated with the first user. The at least one device attribute is received from the client device associated with the user. Based on the at least one device attribute, the electronic message server masks the sensitive content such that the masked sensitive content is unreadable within the electronic message. The electronic message that includes the masked content that is unreadable within the electronic message is transmitted to the client device associated with the first user.

Abstract: The proliferation of IOT devices has led to an increase in sensitive, cloud-stored data. To provide further protection, IOT device data may be secured by geographically based access controls as a supplement to or in place of traditional password protection. A geographically based access control restricts data accessibility to designated geographical areas. In this manner, a requesting device may not access geo-fence protected IOT device data unless the requesting device is located within a designated geographical area. Geo-fence parameters utilized for creation of a geo-fence policy may be pre-specified or generated based on operating conditions. For example, a user may provide location data, such as an address or geographical coordinate, and a radial distance from the location for which data access is permissible. Additionally, geo-fence parameters can be automatically determined based on criteria such as an IOT device type or data usage characteristics.

Abstract: Techniques are disclosed relating to verifying electronic message integrity. In some embodiments, a computer system may store metadata for a first electronic message, including a first signature generated from the first electronic message. In some embodiments, the computer system may, in response to receiving a second electronic message indicated as being related to the first electronic message, compare the first signature to one or more signatures generated from the second electronic message. In some embodiments, the computer system may, based on the comparing, determine whether the second electronic message includes a modified version of content from the first electronic message.

Abstract: The proliferation of TOT devices has led to an increase in sensitive, cloud-stored data. To provide further protection, TOT device data may be secured by geographically based access controls as a supplement to or in place of traditional password protection. A geographically based access control restricts data accessibility to designated geographical areas. In this manner, a requesting device may not access geo-fence protected TOT device data unless the requesting device is located within a designated geographical area. Geo-fence parameters utilized for creation of a geo-fence policy may be pre-specified or generated based on operating conditions. For example, a user may provide location data, such as an address or geographical coordinate, and a radial distance from the location for which data access is permissible. Additionally, geo-fence parameters can be automatically determined based on criteria such as an TOT device type or data usage characteristics.

Abstract: The proliferation of IOT devices has led to an increase in sensitive, cloud-stored data. To provide further protection, IOT device data may be secured by geographically based access controls as a supplement to or in place of traditional password protection. A geographically based access control restricts data accessibility to designated geographical areas. In this manner, a requesting device may not access geo-fence protected IOT device data unless the requesting device is located within a designated geographical area. Geo-fence parameters utilized for creation of a geo-fence policy may be pre-specified or generated based on operating conditions. For example, a user may provide location data, such as an address or geographical coordinate, and a radial distance from the location for which data access is permissible. Additionally, geo-fence parameters can be automatically determined based on criteria such as an IOT device type or data usage characteristics.

Abstract: The proliferation of IOT devices has led to an increase in sensitive, cloud-stored data. To provide further protection, IOT device data may be secured by geographically based access controls as a supplement to or in place of traditional password protection. A geographically based access control restricts data accessibility to designated geographical areas. In this manner, a requesting device may not access geo-fence protected IOT device data unless the requesting device is located within a designated geographical area. Geo-fence parameters utilized for creation of a geo-fence policy may be pre-specified or generated based on operating conditions. For example, a user may provide location data, such as an address or geographical coordinate, and a radial distance from the location for which data access is permissible. Additionally, geo-fence parameters can be automatically determined based on criteria such as an IOT device type or data usage characteristics.