Abstract: A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client.

Abstract: A technique processes an email message. The technique involves receiving the email message from a network, and performing an authenticity analysis operation to determine authenticity of the email message. The technique further involves forwarding a copy of the email message to an external central hub through the network when a result of the authenticity analysis operation indicates that the email message is not authentic, and refraining from sending the copy of the email message to the external central hub through the network when the result of the authenticity analysis operation indicates that the email message is authentic. Such an embodiment is well suited for identifying spear phishing attacks within email messages routinely handled by an email server.

Abstract: A technique controls launching of a client application on an electronic device. The technique involves, after the client application is installed on the electronic device, providing input from the electronic device to an adaptive authentication service of a remote authentication server. The technique further involves receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the electronic device. The technique further involves invoking the client application with the credential on the electronic device to establish a trusted session between the client application and an application server. Such a technique is well suited for use by multi environment clients such as general purpose computers, tablets and smart phones.

Abstract: A modular virtualization platform is provided for secured communications between a user device and an application server. A client-side computing device performs secured communications during a virtual session with an application server across a network. The client-side computing device loads a virtual machine client; and selects a remote module to serve as a virtualization server for the virtual session based on one or more performance factors. The virtual session is established with the selected module, and secured communications can occur between the client-side computing device and the application server via the virtual session of the selected module. The performance factors can be collected from a plurality of modules using a peer-to-peer gossip-based state notification process. A route list preferably stores the performance factors for a plurality of modules. The route list can contain pointers to a plurality of remote modules in a plurality of virtualization platforms, to increase reliability.

Abstract: A method of operating a VM server (VMS) is described, including (a) executing a VM instance (VMI) at the VMS, the VMI having a remote display within a terminal program of a client computer, the terminal program being configured to send commands received by the client from a user to the VMS to affect operation of the VMI, (b) running a browser within the VMI, the browser having a connection to a secure web application running on a web application server, the commands sent from the terminal program to the VMS allowing the user to interact with the web application via the terminal program and the browser running on the VMI, (c) at the VMS, asynchronously collecting information in connection with the commands sent from the user to the VMS, and (d) at the VMS, asynchronously sending the collected information to an analysis server to be analyzed for anomalous behavior.

Abstract: An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The user-specific authentication information is processed to form a PIN, and authentication of the user proceeds based on the PIN and any other authentication factors provided. Since the disclosed techniques compute PINs automatically based on information exchanged between a client machine and a server, the user is relieved of any burden associated with registering and remembering a PIN.

Abstract: A method is used in identity assurance. A process is executed that is used to verify a user identity. A description of the executed process is stored and is used to determine a level of trust.

Abstract: A technique supports authentication of a server device (e.g., a web site). The technique involves supplying a user device (e.g., a client browser) with a user mechanism (e.g., a browser plug-in) which is constructed and arranged to dynamically generate user representations. The technique further involves receiving, at the server device, a request from the user device. The technique further involves providing a server representation to the user device from the server device in response to the request. The user device successfully authenticates the server device when a user representation dynamically generated by the user mechanism matches the server representation provided to the user device. However, the user device unsuccessfully authenticates the server device when the user representation dynamically generated by the user mechanism does not match the server representation provided to the user device.

Abstract: A system for detecting and preventing replay attacks includes a plurality of interconnected authentication servers, and one or more tokens for generating a one-time passcode and providing the one-time passcode to one of the authentication servers for authentication. The system includes an adjudicator function associated with each authentication server. The adjudicator evaluates a high water mark value associated with a token seeking authentication, allows authentication to proceed for the token if the high water mark evaluation indicates that the one-time passcode was not used in a previous authentication, and prevents authentication if the high water mark evaluation indicates that the one-time passcode was used in a previous authentication. The token is associated with a home authentication server that maintains a current high water mark of the token. The home authentication server validates the current high water mark on behalf of the adjudicator function evaluating the token for authentication.