Abstract: Techniques are provided for selecting attributes to cluster users for a user application entitlement evaluation.

Abstract: Techniques are provided for determining anomaly scores for transactions based on adaptive clustering of the location of a given user over multiple transactions.

Abstract: Techniques are provided for implementing predefined access policies based on auxiliary information embedded in one-time passcode authentication tokens. An exemplary method comprises receiving an authentication passcode generated by a token of a user, wherein the received authentication passcode is derived from a secret seed and based on at least one protocode and embedded auxiliary information; processing the received authentication passcode to extract the embedded auxiliary information from the received authentication passcode, wherein the embedded auxiliary information comprises (i) a silent alarm signal indicating a potential compromise of the token, and (ii) a drifting key signal indicating a current drifting key state of the token, wherein the drifting key signal is processed to detect a cloning of the token; and implementing a predefined access policy (e.g., replace or disable the token of one or more users) based on respective values of the silent alarm signal and the drifting key signal.

Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by obtaining a source set of passwords comprising at least one valid password for each of a plurality of users; and generating a chaff set of passwords for a given user, wherein the chaff set comprises at least one valid password for the given user and a plurality of chaff passwords for the given user, wherein the plurality of chaff passwords for the given user are obtained from the source set of passwords. Chaff passwords can also be generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.

Abstract: An indicia reading terminal is disclosed that eliminates unwanted flickering effects in an illuminated screen reading mode, among other advantageous features. The indicia reading terminal, in response to a screen reading signal, is operative to activate a screen reading cycle. In the screen reading cycle, an imaging subsystem is activated at least once at the same time that an illumination subsystem is activated for one of a plurality of active illumination periods, for a first illuminated exposure period. The imaging subsystem is activated at least once while the illumination subsystem is not activated, for a first unilluminated exposure period, which is longer than the first illuminated exposure period. An aimer subsystem is activated for a plurality of active aimer periods when neither the imaging subsystem nor the illumination subsystem is activated, wherein intervals of time between the active aimer periods are equal, within nominal tolerances.

Abstract: An indicia reading terminal is disclosed that eliminates unwanted flickering effects in an illuminated screen reading mode, among other advantageous features. The indicia reading terminal, in response to a screen reading signal, is operative to activate a screen reading cycle. In the screen reading cycle, an imaging subsystem is activated at least once at the same time that an illumination subsystem is activated for one of a plurality of active illumination periods, for a first illuminated exposure period. The imaging subsystem is activated at least once while the illumination subsystem is not activated, for a first unilluminated exposure period, which is longer than the first illuminated exposure period. An aimer subsystem is activated for a plurality of active aimer periods when neither the imaging subsystem nor the illumination subsystem is activated, wherein intervals of time between the active aimer periods are equal, within nominal tolerances.

Abstract: An indicia reading terminal is disclosed that eliminates unwanted flickering effects in an illuminated screen reading mode, among other advantageous features. The indicia reading terminal, in response to a screen reading signal, is operative to activate a screen reading cycle. In the screen reading cycle, an imaging subsystem is activated at least once at the same time that an illumination subsystem is activated for one of a plurality of active illumination periods, for a first illuminated exposure period. The imaging subsystem is activated at least once while the illumination subsystem is not activated, for a first unilluminated exposure period, which is longer than the first illuminated exposure period. An aimer subsystem is activated for a plurality of active aimer periods when neither the imaging subsystem or the illumination subsystem is activated, wherein intervals of time between the active aimer periods are equal, within nominal tolerances.

Abstract: Server methods and apparatus are provided for processing passcodes generated by configurable one-time authentication tokens. An authentication server is configured to process an original passcode generated by a configurable one-time authentication token by configuring the authentication server to have a server configuration that is compatible with a selected configuration of the configurable one-time authentication token; receiving a candidate passcode based on the original passcode generated by the configurable one-time authentication token; and processing the Is candidate passcode based on the server configuration. The selected configuration of the configurable one-time authentication token must always enable a forward-secure pseudorandom number generation feature for the one-time authentication token and at least one additional selected token feature.

Abstract: Configurable one-time authentication tokens are provided with improved resilience to attacks. A one-time authentication token is configured by providing a plurality of token features that may be selectively incorporated into the configurable one-time authentication token, wherein the plurality of token features comprise at least two of the features; obtaining a selection of at least a plurality of the token features: and configuring the one-time authentication token based on the selected token features, wherein the configuration must always enable forward security for the one-time authentication token and at least one additional selected token feature. A configurable one-time authentication token is provided that comprises a plurality of selectable token features that may be selectively incorporated into the configurable one-time authentication token, wherein the configurable one-time authentication token is always configured with the forward security and at least one additional token feature.

Abstract: Methods and apparatus are provided for secure transmission of alert messages over a message locking channel. An alert message is transmitted from a Security Alerting System indicating a potential compromise of a protected resource by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer; and transmitting the buffer to the server. The alert message is authenticated by digitally signing the alert message or applying a message authentication code and is possibly encrypted using a secret key known by a server, wherein the secret key evolves in a forward-secure manner. The authenticated alert message can be maintained in the buffer after the transmitting step. The buffer optionally has a fixed-size and alert messages can be stored in a round-robin manner, for example, from a random position.

Abstract: Methods and apparatus are provided for generation of forward secure pseudorandom numbers. A forward secure pseudorandom number is generated by obtaining a first state si corresponding to a current leaf node vi in a hierarchical tree, wherein the current leaf vi produces a first pseudorandom number ri?t and wherein the hierarchical tree comprises at least one chain comprised of a plurality of nodes on a given level of the hierarchical tree; updating the first state si to a second state si+t corresponding to a second leaf node vi+t; and computing a second pseudorandom number ri+t?1 corresponding to the second leaf node vi+t. The variable t may be an integer greater than one. Updating the state does not require generation of all pseudorandom numbers produced by leaf nodes between the current leaf node vi and the second leaf node vi+t.

Abstract: Methods and apparatus are provided for authenticating a user based on implicit user memory. Access to a protected resource is controlled by presenting a user with a plurality of stimuli during a priming phase; presenting the user with a plurality of degraded versions of the primed stimuli and with a plurality of degraded versions of non-primed stimuli during an authentication phase; receiving an identification from the user of the degraded versions of the primed stimuli and the degraded versions of the non-primed stimuli; and authenticating the user based upon a number of correct identifications of the degraded versions of the primed stimuli. The stimuli can comprise, for example, images and/or sounds. An authentication score can be based, for example, on a number of correctly labeled primed stimuli plus a number of incorrectly labeled non-primed stimuli.

Abstract: An indicia reading terminal is disclosed that eliminates unwanted flickering effects in an illuminated screen reading mode, among other advantageous features. The indicia reading terminal, in response to a screen reading signal, is operative to activate a screen reading cycle. In the screen reading cycle, an imaging subsystem is activated at least once at the same time that an illumination subsystem is activated for one of a plurality of active illumination periods, for a first illuminated exposure period. The imaging subsystem is activated at least once while the illumination subsystem is not activated, for a first unilluminated exposure period, which is longer than the first illuminated exposure period. An aimer subsystem is activated for a plurality of active aimer periods when neither the imaging subsystem or the illumination subsystem is activated, wherein intervals of time between the active aimer periods are equal, within nominal tolerances.

Abstract: An improved constraint approach reduces the energy drift rate to acceptable levels. In an embodiment of this approach, massively parallel constrained velocity Verlet NVE (constant particle number, constant volume, constant energy) MD simulations can be run using single precision arithmetic with very low energy drift (e.g., ˜1 Kelvin per microsecond simulated time) using large timesteps (e.g., 2.5 fs) for typical systems and MD force fields.

Abstract: A method for dynamics simulation involves maintaining quantities according to a floating point binary format quantized to a first precision lower than the precision supported by the floating point format. For example, although an IEEE floating point number can represent numbers with a precision of one part in 2ˆ24, the quantities are quantized to a lower precision, such as one part in 2ˆ22. Operations are applied to sets of the quantities by quantizing the intermediate results of the operations to the lower precision than the precision supported by the floating point format.

Abstract: A check valve is provided that includes a valve housing that has a side wall and a flow path therethrough, the side wall defining the flow path. The flow path includes an inlet, an outlet, and a centerline extending between the inlet and the outlet. At least one control member is positioned in the flow path and movable between a first position, wherein fluid flow through the valve housing is substantially prohibited and a second position wherein fluid flow is permitted. The side wall includes a stop configured to limit movement of the at least one control member at a pre-determined stop angle relative to the flow path centerline.