Abstract: A technique performs authentication before delivering a token to a client device. The technique involves receiving a first message from a first application on the client device, the first message including a token request and a first set of authentication factors. The technique further involves receiving a second message from a second application on the client device, the second message including an authentication request and a second set of authentication factors. The technique further involves generating a result message which (i) provides access to a token for use by the client device when the first set of authentication factors is consistent with the second set of authentication factors, and (ii) rejects the token request when the first set of authentication factors is inconsistent with the second set of authentication factors. The client device may be a mobile device, and the first and second messages may be received via wireless communications.

Abstract: Improved techniques are directed to a method performed by a computing device of authenticating a mobile client device to a resource using location services. The method includes (a) receiving authentication requests from the mobile client device, the authentication requests each including a location freshness value indicating a respective amount of time that has passed since the mobile client device last determined its location, (b) testing the location freshness value received in each authentication request against a location freshness policy to generate a freshness result indicating whether the location freshness value complies with the location freshness policy, (c) generating an authentication response for each authentication request based at least in part on the location freshness result for that authentication request, and (d) directing the authentication response to be sent to the resource.

Abstract: There is disclosed a user authentication device for generating time-varying authentication information for authenticating a user in an authentication system. The device comprising at least one sensor for sensing at least one of a biometric measurement of the user and a characteristic of the environmental surroundings of the device. There is also disclosed an authentication system and a method for authenticating a user in an authentication system.

Abstract: Embodiments relate to the generation of alerts in an event management system based upon risk. When an event device associated with the event management system, presents a logon page to a client device, the event device includes a beacon as part of the page to monitor and collect web device profile characteristics related to the client device. In response to a logon attempt by the client device, an event management device receives a notification regarding logon attempt and a risk assessment associated with the web device profile characteristics of the client device. Based upon a correlation of the notification and the corresponding risk assessment, the event management device can generate an alert, such as a SIEM alert, and can include an indication of priority, whether relatively low or high, and/or a confidence factor, whether or not the alert can be suppressed as part of the alert.

Abstract: An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user.

Abstract: A method performed by a client access device includes (1) receiving, at the client access device, a signal from a client authorizing device, the signal including an environmental detection instruction, the environmental detection instruction instructing the client access device to detect an aspect of a local environment, (2) detecting, at the client access device, the aspect of the environment indicated by the environmental detection instruction to yield a first environmental detection result, (3) sending the first environmental detection result from the client access device to a remote server, and (4) in response to sending the environmental detection result to the remote server, receiving a proximity signal from the remote server indicating whether or not proximity between the client access device and the client authorizing device has been established by comparing the first environmental detection result to a second environmental detection result sent from the client authorizing device to the server.

Abstract: An improved technique involves adjusting the operation of a KBA system based on facts that may contain information known to an adversary. Along these lines, the KBA system may receive an alert concerning an adversary that may know the answers to some of the KBA questions used by the KBA system in authenticating users. In response to alert, the KBA system may alter operations in order to account for the adversary. Subsequently, when a user requests authentication, the KBA system selects KBA questions based on adjustments made to the KBA system in order to avoid presenting the adversary with KBA questions derived from facts (s)he knows.

Abstract: A technique manages access to a limited number of computerized sessions. The technique involves receiving, from a waiting user, a session request for a computerized session, and queuing the session request in a wait queue in response to all of the limited number of computerized sessions being currently assigned to other users. The technique further involves, while the session request is queued in the wait queue, providing permission to the waiting user to un-assign a computerized session which is currently assigned to another user. With such a technique, the user has the option of simply waiting until a computerized session has been relinquished (i.e., if the user is willing to be patient) or un-assigning a computerized session currently assigned to another user (e.g., in order to speed up access to a computerized session).

Abstract: A method, electronic apparatus and computer program product for performing authentication operation is disclosed. An authentication request is received from user of computerized resource. The request comprises user identifier identifying user. The authenticity of user is verified based on user identifier. An access session is established in which user can access resource in response to successfully verifying user. An electronic input signal is received from electronic input device during session. The device is configured to take a biometric measurement from the user. Biometric data is derived from signal. A comparison is performed between biometric data and expected biometric data. An authentication result is generated based on comparison between biometric data and expected biometric data, wherein result can be used for further authentication of user during session.

Abstract: A. method is used in managing predictions in data security systems. An authentication request is received from an entity for access to a computerized resource. A predictor is determined based on context data for the authentication request and the entity. The authentication request is managed based on the predictor and the context data.

Abstract: A method is performed by a computer in communication with a hardware security module (HSM). The method includes (a) running a process virtual machine (PVM) on the computer, the PVM being configured to execute portable bytecode instructions within a PVM environment and (b) executing, within the PVM environment, instructions for (1) reading encrypted instruction code from data storage of the computer, (2) sending the encrypted instruction code to the HSM, (3) in response, receiving decrypted instruction code from the HSM, and (4) injecting the decrypted instruction code within an application running in the PVM environment for execution by the PVM. Embodiments are also directed to analogous computer program products and apparatuses.

Abstract: A technique of knowledge-based authentication receives information from third parties as to a user's recent web history including purchase history at an on-line retailer or search engine queries to produce a challenge question to authenticate the user based on that recent web history.

Abstract: Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The authentication optionally comprises an event-based authentication. The mobile device does not have to contain token generating material.

Abstract: A technique controls access to a protected resource residing on a protected resource server. The technique involves conveying, in response to a user request to access the protected resource residing on the protected resource server, a challenge from a resource accessing device to an access control device. The technique further involves transmitting an answer to the challenge from the access control device to the resource accessing device. The technique further involves completing an authentication operation based on the answer to the challenge. The resource accessing device obtains electronic access to the protected resource residing on the protected resource server when the authentication operation results in successful authentication. The resource accessing device does not obtain electronic access to the protected resource residing on the protected resource server when the authentication operation results in unsuccessful authentication.

Abstract: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.

Abstract: An improved technique involves authenticating a user based on ability of devices in the user's possession to corroborate environmental information between each other. As part of an authentication process, at least a primary device and a secondary device belonging to a user take readings of a particular set of environmental conditions, such as wireless networks that are active in a room in which they are contained. An authentication server can then verify that the primary and secondary devices are in the same room by corroborating the readings of the environmental conditions read from the primary and secondary devices, and base an authentication result on the corroboration.

Abstract: A token apparatus is described, including (a) a controller, the controller being configured to generate an OTP in synchronization with a remote authentication server, (b) a display, the display being constructed and arranged to display the OTP, and (c) an input apparatus, the input apparatus being constructed and arranged to receive a user-input alteration code, the user-input alteration code being used to alter the OTP in a standardized manner. A method of operating a token device which displays an OTP in synchronization with a remote authentication server is described, including (a) receiving an alteration code, (b) entering the alteration code onto the token device, and (c) causing an altered OTP to be entered into an application that seeks to authenticate a user, the altered OTP having been generated from the OTP in a standardized manner based on the alteration code. An authentication system is also described.

Abstract: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.

Abstract: An authentication method and system to combat confirmation bias provides for an authentication system that upon matching an access request to a record for a given user in an authentication system further interrogates a set of secondary sources to determine that the individual requesting access is in fact the correct user.

Abstract: An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information.