Abstract: The disclosed computer-implemented method for threat and information protection through file classification may include (1) assigning a classification tag to each of an number of files on a computing device based on a set of rules, (2) storing the classification tag in the files and a corresponding file descriptor describing a sensitivity level of the files externally to the files, (3) detecting creation of a process associated with accessing the files, (4) determining whether the process is potentially suspicious, (5) identifying an operation initiated by the potentially suspicious process to access the files, and (6) performing a security action that protects the computing device from malicious activity by the operation initiated by the potentially suspicious process. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for facilitating single sign-on for multiple devices may include (1) establishing a login session for a user account, (2) in response to establishing the login session, providing, to a device associated with the user account, a session token for the user account, (3) receiving, from at least one client, a request to access resources associated with the user account, (4) determining that the associated device possesses the session token for the user account, and (5) in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A cloud service access and information gateway receives a first authentication factor for a user in a single sign-on system. The single sign-on system provides access to a plurality of cloud services. The gateway receives, from a user device, a request to access a cloud service of the plurality of cloud services. The gateway compares a context of the request to an access policy for the single sign-on system and grants conditional access to the cloud service based on the access policy.

Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: The disclosed computer-implemented method for facilitating single sign-on for multiple devices may include (1) establishing a login session for a user account, (2) in response to establishing the login session, providing, to a device associated with the user account, a session token for the user account, (3) receiving, from at least one client, a request to access resources associated with the user account, (4) determining that the associated device possesses the session token for the user account, and (5) in response to determining that the associated device possesses the session token, providing, to the client, access to the resources associated with the user account. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computing system receives an authentication request from a user device for access to a web application hosted in a cloud and determines that the authentication request is a candidate for modification based on initial user credentials in the authentication request. The computing system modifies the authentication request to include replacement user credentials that correspond to the initial user credentials and transmits the modified authentication request to the web application in the cloud. The web application determines whether the modified authentication request is valid based on the replacement user credentials.

Abstract: A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway determines a context of the request and compares the context of the request to a cloud service access policy. If the context of the request satisfies the cloud service access policy, the cloud service access and information gateway determines a type of information associated with the request and compares the type of information associated with the request to an information control policy. If the type of information satisfies the information control policy, the cloud service access and information gateway grants the user device access to the cloud service.

Abstract: A computer system receives, from a user device, a request to access a resource within a network of an organization and receives access credentials associated with an application, a user and the user device. The computer system identifies an application identifier, a user identifier and a device identifier and determines whether the combination of these identifiers satisfies an access policy. If the combination of application identifier, user identifier and device identifier satisfies the access policy, then the computer system grants the application access to the resource within the network of the organization.

Abstract: A hybrid authentication device that has a keypad, a display, an electronic communications interface and a processor and memory that can be removable, such as a Subscriber Identity Module. The device can operate in a stand-alone mode, in which a user enters a personal identification number and challenge using the keypad, and the device generates a response. The device can also function as a smartcard, and can be electronically coupled to an external device using the communications interface.

Abstract: A computing system of an authentication service provider receives a federated identity protocol request triggered by a relying party to validate a user. The federated identity protocol request includes a user identifier of an authenticated identity. The computing system searches mapping data stored in a data store that is coupled to the computing system to identify a type of virtual token associated with the user identifier and authenticates the user by requesting the identified type of virtual token from a user device and verifying a virtual token received from the user device using the mapping data. The computing system sends second-factor authentication results to the relying party via the federated identity protocol.

Abstract: A scalable system and method for authenticating entities such as consumers to entities with a diverse set of authentication requirements, such as merchants, banks, vendors, other consumers, and so on. An authentication credential such as a token can be shared among several resources as a way to authenticate the credential owner.

Abstract: A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway compares a security status of the user device to a network access control policy for the cloud service. If the security status satisfies a condition of the network access control policy, the cloud service access and information gateway grants the user device access to the cloud service. If the security status does not satisfy the condition of the network access control policy, the cloud service access and information gateway requests an update to the security status of the user device to satisfy the condition.

Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract: A computer system receives, from a user device, a request to access a resource within a network of an organization and receives access credentials associated with an application, a user and the user device. The computer system identifies an application identifier, a user identifier and a device identifier and determines whether the combination of these identifiers satisfies an access policy. If the combination of application identifier, user identifier and device identifier satisfies the access policy, then the computer system grants the application access to the resource within the network of the organization.

Abstract: A cloud service access and information gateway receives, from a user device, a request to access a cloud service. The cloud service access and information gateway determines an identity of a user making the request to access the cloud service and compares the identity of the user to a password vault control policy. The cloud service access and information gateway determines, based on the comparing, one or more sections of a split password vault to which the user has access. The split password vault comprises a first section storing a first set of log-in credentials and a second section storing a second set of log-in credentials.

Abstract: A policy manager generates a uniform cloud service and information security policy based on a plurality of access contexts. The policy manager distributes the uniform cloud service and information security policy to a plurality of security blades, the security blades located within a plurality of cloud services and configured to control access for a user device to the cloud services and the information contained therein based on the uniform cloud service and information security policy.

Abstract: A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.

Abstract: A method for calculating a One Time Password. A secret is concatenated with a count, where the secret is uniquely assigned to a token. The secret can be a private key or a shared secret symmetric key. The count is a number that increases monotonically at the token with the number of one-time Passwords generated at the token. The count is also tracked at an authentication server, where it increases monotonically with each calculation of a one-time Password at the authentication server. An OTP can be calculated by hashing a concatenated secret and count. The result can be truncated.

Abstract: The object-oriented approach used by the present invention provides the ability to develop and manage Internet transactions. Local applications can be accessed using any workstation connected to the Internet regardless of the workstation's configuration. Some or all of a Web page can be generated dynamically using input received in a returned page, generated at runtime, or retrieved from an external data source (e.g., database or electronic mail system). When the Web page definition is rendered, the information contained in template(s), declaration file(s), and object(s) are used to generate standard definitions. State information is maintained across transactions. Using state information, virtual applications, sessions, transactions, and pages can be implemented. Self-contained modules, or components, provide the ability to share implementations and create multi-content documents. Event objects can be used to assist in event handling management.

Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.