Abstract: A. method is used in managing predictions in data security systems. An authentication request is received from an entity for access to a computerized resource. A predictor is determined based on context data for the authentication request and the entity. The authentication request is managed based on the predictor and the context data.

Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.

Abstract: A technique of knowledge-based authentication receives information from third parties as to a user's recent web history including purchase history at an on-line retailer or search engine queries to produce a challenge question to authenticate the user based on that recent web history.

Abstract: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.

Abstract: An improved technique involves authenticating a user based on ability of devices in the user's possession to corroborate environmental information between each other. As part of an authentication process, at least a primary device and a secondary device belonging to a user take readings of a particular set of environmental conditions, such as wireless networks that are active in a room in which they are contained. An authentication server can then verify that the primary and secondary devices are in the same room by corroborating the readings of the environmental conditions read from the primary and secondary devices, and base an authentication result on the corroboration.

Abstract: An authentication method and system to combat confirmation bias provides for an authentication system that upon matching an access request to a record for a given user in an authentication system further interrogates a set of secondary sources to determine that the individual requesting access is in fact the correct user.

Abstract: An authentication method and system provides for a user requesting authentication where the authentication request includes Personally Identifiable Information (PPI) such as geolocation data. The user's device requesting authentication alters or encrypts the PII in order to prevent the PII's unintentional discovery by third parties or to comply with jurisdictional requirements for the safeguarding of PII. The receiving party saves the altered or encrypted PII for later use. In order to use the PII and perform calculations for authentication, the receiving party requests a trusted third party with knowledge of the methodology or key used to alter or encrypt the PII to perform calculations on the original values of the PII without saving the PII. The trusted third party returns a computed value to the receiving party where it is used to determine whether the user will be authenticated.

Abstract: A processorless hardware token provides a one-time password for user authentication. The processorless hardware token contains a non-volatile memory upon which is stored a pre-produced sequence of one-time passwords. The processorless hardware token uses limited circuitry on a circuit board to read from the non-volatile memory and display a one-time password associated with a current interval. The displayed one-time password is then used for authentication by an authentication server that compares the one-time password displayed on the processorless hardware token with a one-time password retrieved from a copy of the pre-produced sequence of one-time passwords stored on the Authentication Server.

Abstract: A method of detecting a fraudulent login attempt across a network is provided. The method includes (a) receiving, at some time, a login request from a client, the login request including (1) a username associated with a user account, (2) a static password associated with the user account, and (3) a one-time password provided by a token, (b) calculating whether the time is more than a predetermined amount of time after a most-recent login to the account, (c) when the time is more than the predetermined time since the most-recent login, accepting the login request according to a first mode, and (d) when the first time is not more than the predetermined time since the most-recent login, accepting the login request according to a second mode, the second mode rejecting a greater proportion of login attempts than the first mode rejects. An apparatus and computer program product are also provided.

Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.

Abstract: A furnace for alternatively burning solid or liquid fuels is disclosed. The furnace includes an oil burner and a solid fuel burner as well as a combustion chamber for the burning fuel. The hot combustion gases can be introduced through one of two sets of chimney gas flues, depending upon the fuel being burned. A tiltable flap at the inlet of the chimney gas flues controls which set of flues the gas passes through. At the outlet of the flues, a reversing chamber reverses the direction of the gases and directs them to a flue gas pipe for removing the combustion gases from the furnace. The position of the tiltable flap is controlled by a control means responsive to the sensed temperature of the gas leaving the furnace. The chimney gas flues define a heat exchanger and may be formed from flat plates or round ducts.