Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract: Methods and apparatus are disclosed for authenticating a user based on the geo-location history of a geo-location-enabled wireless device (e.g., a GPS-enabled wireless telecommunications terminal, a smart card, an RFID tag, etc.). In a first illustrative embodiment, a user of a geo-location-enabled wireless telecommunications terminal (e.g., a GPS-enabled cell phone, a GPS-enabled notebook computer, etc.) who attempts to access a restricted resource is challenged with one or more questions that are generated from the terminal's geo-location history. In a second illustrative embodiment, a user of a data-processing system who attempts to access a restricted resource is asked to provide a username Z. The user is then challenged with one or more questions that are generated from the geo-location history of a wireless device that is associated with username Z (e.g., a cell phone that belongs to the user whose username is Z, etc.).

Abstract: A method for authenticating video content includes: receiving a digital signature, an unsecured video fingerprint, and an unsecured video content from a transmitting node at a receiving node in a communication network; determining if the digital signature is consistent with the unsecured video fingerprint at the receiving node to verify the unsecured video fingerprint; and determining if the unsecured video fingerprint is consistent with the unsecured video content at the receiving node to verify the unsecured video content in a manner that tolerates a predetermined measure of loss in the unsecured video content. If the unsecured video fingerprint and the unsecured video content are verified, the unsecured video content is authenticated for subsequent use at the receiving node. A receiving node associated with the method includes an input module, a fingerprint verification module, a content verification module, and a controller module.

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

Abstract: A method is presented that uses steganographic codeword(s) carried in a speech payload in such a way that (i) the steganographic codeword(s) survive compression and/or transcoding as the payload travels from a transmitter to a receiver across at least one diverse network, and (ii) the embedded steganographic codeword(s) do not degrade the perceived voice quality of the received signal below an acceptable level. The steganographic codewords are combined with a speech payload by summing the amplitude of a steganographic codeword to the amplitude of the speech payload at a relatively low steganographic-to-speech bit rate. Advantageously, the illustrative embodiment of the present invention enables (i) steganographic codewords to be decoded by a compliant receiver and applied accordingly, and (ii) legacy or non-compliant receivers to play the received speech payload with resultant voice quality that is acceptable to listeners even though the steganographic codeword(s) remain in the received speech payload.

Abstract: An apparatus and methods are disclosed for authenticating users of wireless telecommunications terminals. In particular, the present invention enables the timing and type of authentication challenges to vary based on one or more of: the user's current geo-location, the current day and time, the presence or absence of other nearby users, and the identity of any nearby users. In accordance with the illustrative embodiment, the re-authentication time period (i.e., the length of time between authenticating and re-authenticating a user) and the authentication challenge type (e.g., username/password, fingerprint recognition, etc.) can be determined based on these factors. The present invention is advantageous in that it enables the shortening of the re-authentication time and the selection of a more secure type of authentication challenge when it is more likely that a user's wireless telecommunications terminal might be accidentally left behind or stolen.

Abstract: A method and apparatus are provided for extracting information from a user's memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.

Abstract: A method for authenticating video content includes: receiving a digital signature, an unsecured video fingerprint, and an unsecured video content from a transmitting node at a receiving node in a communication network; determining if the digital signature is consistent with the unsecured video fingerprint at the receiving node to verify the unsecured video fingerprint; and determining if the unsecured video fingerprint is consistent with the unsecured video content at the receiving node to verify the unsecured video content in a manner that tolerates a predetermined measure of loss in the unsecured video content. If the unsecured video fingerprint and the unsecured video content are verified, the unsecured video content is authenticated for subsequent use at the receiving node. A receiving node associated with the method includes an input module, a fingerprint verification module, a content verification module, and a controller module.

Abstract: The present invention relates to a method and apparatus for providing picture privacy in video. The method includes separating, by the processor, pixels of a first type from pixels of a second type in a current gray-scale frame based on a decision threshold, where each of the pixels of the first and second types includes an image pixel value, and applying, by the processor, a privacy filter to the pixels of the first type. The privacy filter is configured to randomly swap the image pixel values within a pixel area to occur at different locations in the pixel area. The method further includes combining, by the processor, the filter pixels of the first type with the pixels of the second type.

Abstract: A method is disclosed that enables the handling of audio streams for segments in the audio that might contain private information, in a way that is more straightforward than in some techniques in the prior art. The data-processing system of the illustrative embodiment receives a media stream that comprises an audio stream, possibly in addition to other types of media such as video. The audio stream comprises audio content, some of which can be private in nature. Once it receives the data, the data-processing system then analyzes the audio stream for private audio content by using one or more techniques that involve looking for private information as well as non-private information. As a result of the analysis, the data-processing system omits the private audio content from the resulting stream that contains the processed audio.

Abstract: A method of receiving a call from a first caller that is requesting for assistance with a product. Once the call center receives the call, a call-processing switch routes the first caller to a first agent. Once the caller is routed to the first agent, a first message is transmitted to both the first caller's terminal and the first agent's terminal. After the first message is presented to the first caller and the first agent, the call-processing switch will monitor the communications stream for distress. During monitoring of the communications stream, the call-processing switch will estimate whether a level of distress is present in the communications stream. If it is estimated by the call-processing switch that there is distress present in the communications stream, the call-processing switch will transmit a second message to the first caller's terminal and the first agent's terminal.

Abstract: The present invention relates to a method and apparatus for providing picture privacy in video. The method includes separating, by the processor, pixels of a first type from pixels of a second type in a current gray-scale frame based on a decision threshold, where each of the pixels of the first and second types includes an image pixel value, and applying, by the processor, a privacy filter to the pixels of the first type. The privacy filter is configured to randomly swap the image pixel values within a pixel area to occur at different locations in the pixel area. The method further includes combining, by the processor, the filter pixels of the first type with the pixels of the second type.

Abstract: A method is presented that uses steganographic codeword(s) carried in a speech payload in such a way that (i) the steganographic codeword(s) survive compression and/or transcoding as the payload travels from a transmitter to a receiver across at least one diverse network, and (ii) the embedded steganographic codeword(s) do not degrade the perceived voice quality of the received signal below an acceptable level. The steganographic codewords are combined with a speech payload by summing the amplitude of a steganographic codeword to the amplitude of the speech payload at a relatively low steganographic-to-speech bit rate. Advantageously, the illustrative embodiment of the present invention enables (i) steganographic codewords to be decoded by a compliant receiver and applied accordingly, and (ii) legacy or non-compliant receivers to play the received speech payload with resultant voice quality that is acceptable to listeners even though the steganographic codeword(s) remain in the received speech payload.

Abstract: A method and apparatus are provided for generating passwords that may be memorized by a user, yet not easily guessed by an attacker. A user is presented with one or more textual, audio or visual hints. A password is automatically generated based on the selected hint (and possibly further input from the user). The presented hints may include poems, songs, jokes, pictures or words. The generated password and selected hint can be presented to the user during enrollment for further reinforcement and stored in a user database for subsequent reinforcement and verification. The enrollment process may schedule the sending of one or more reminder messages to the user containing the hint to reinforce the password in the user's memory.

Abstract: A method of receiving a call from a first caller that is requesting for assistance with a product. Once the call center receives the call, a call-processing switch routes the first caller to a first agent. Once the caller is routed to the first agent, a first message is transmitted to both the first caller's terminal and the first agent's terminal. After the first message is presented to the first caller and the first agent, the call-processing switch will monitor the communications stream for distress. During monitoring of the communications stream, the call-processing switch will estimate whether a level of distress is present in the communications stream. If it is estimated by the call-processing switch that there is distress present in the communications stream, the call-processing switch will transmit a second message to the first caller's terminal and the first agent's terminal.

Abstract: An apparatus and methods are disclosed for authenticating users of wireless telecommunications terminals. A user is authenticated by instructing the user to travel to a geo-location, where the geo-location is referred to by an identifier that the user has previously associated with the geo-location. When the user chooses identifiers that are meaningful to the user, but that do not indicate the associated geo-locations to other people, the user can be securely authenticated via the following procedure: (i) select one of the identifiers that the user has defined, (ii) instruct the user to “go to <identifier>,” and (iii) declare the user authenticated if and only if the user visits the geo-location associated with <identifier> before a timeout expires.

Abstract: Method and apparatus for securing the transmission of DTMF signals by a telephone over a telephone line. If the telephone is operating in a mode wherein another party may hear any DTMF tone generated by the telephone, such as over the loudspeaker of a speakerphone or as part of a conference call, the telephone prevents generation of an audible signal which predictably corresponds to the actual DTMF value of any button pushed by the user.

Abstract: A method and an apparatus are disclosed that enable an enhanced, interactive voice response (IVR) system to securely authenticate a user at a telecommunications terminal, without some of the disadvantages in the prior art. In particular, after the user at the telecommunications terminal requests access to a resource, the controlling IVR system of the illustrative embodiment issues a random challenge sequence to the user, along with interspersed “camouflage elements” and one or more directions as to how to respond. The user is then free to speak a returned sequence that answers the combined challenge sequence and interspersed camouflage elements; as a result, an eavesdropper overhearing the user hears what sounds like a random number or string. In short, the technique of the illustrative embodiment uses a challenge-response exchange of a substitution cipher interspersed with camouflage elements.

Abstract: A method is disclosed that enables the handling of audio streams for segments in the audio that might contain private information, in a way that is more straightforward than in some techniques in the prior art. The data-processing system of the illustrative embodiment receives a media stream that comprises an audio stream, possibly in addition to other types of media such as video. The audio stream comprises audio content, some of which can be private in nature. Once it receives the data, the data-processing system then analyzes the audio stream for private audio content by using one or more techniques that involve looking for private information as well as non-private information. As a result of the analysis, the data-processing system omits the private audio content from the resulting stream that contains the processed audio.