Abstract: Methods and apparatus are provided for secret sharing with a verifiable reconstruction type. An exemplary method comprises receiving a plurality of shares of a secret generated using a secret splitting scheme; reconstructing the secret if the plurality of shares satisfies a predefined reconstruction threshold; and generating a proof identifying at least one of the plurality of shares used in the reconstruction. The proof is optionally verified by a verifier and the verification is optionally based on auxiliary information derived by the secret splitting scheme used to share the secret. The verifier optionally implements layered access control, for example, based on a rank of the shares used for reconstruction. The reconstructed secret is optionally provided to the verifier. A user can be granted a level of access to a protected resource based on the proof, the reconstructed secret and one or more predefined policies. One or more steps can be proactivized to maintain share freshness.

Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.

Abstract: Techniques are provided for implementing predefined access policies based on auxiliary information embedded in one-time passcode authentication tokens. An exemplary method comprises receiving an authentication passcode generated by a token of a user, wherein the received authentication passcode is derived from a secret seed and based on at least one protocode and embedded auxiliary information; processing the received authentication passcode to extract the embedded auxiliary information from the received authentication passcode, wherein the embedded auxiliary information comprises (i) a silent alarm signal indicating a potential compromise of the token, and (ii) a drifting key signal indicating a current drifting key state of the token, wherein the drifting key signal is processed to detect a cloning of the token; and implementing a predefined access policy (e.g., replace or disable the token of one or more users) based on respective values of the silent alarm signal and the drifting key signal.

Abstract: Methods and apparatus are provided for private set membership using aggregation for reduced communications. A determination is made as to whether at least one data element of a client is in a data set of a server by: obtaining a transformation of the at least one data element; receiving a response from the server based on the transformation of the at least one data element, wherein the transformation comprises one or more of a Bloom filter-based transformation that employs a Bloom filter comprising a plurality of hash functions and an encryption-based transformation; and determining whether the at least one data element is in the data set based on the response, wherein one or more of the response and the determining is based on a result of at least one aggregation of a plurality of values that depend on the at least one data element and one or more items in the data set.

Abstract: Methods and apparatus are provided for authenticated pattern matching and authenticated exact path queries on outsourced data by a third party server. A source of the outsourced data computes verification information for node and suffix accumulators and sends the data, accumulation values and suffix tree or label trie information to the server; and publishes its public key and the verification digests. The verification may comprise an accumulation tree (AT) or any other public key authentication scheme, such as digital signatures, Merkle Trees and publishing the accumulation values. The server receives the query from a client and the server computes an answer ? to the query and a verification proof that are provided to the client. The client then verifies the answer.

Abstract: Techniques are provided for implementing predefined access policies based on auxiliary information embedded in one-time passcode authentication tokens. An exemplary method comprises receiving an authentication passcode generated by a token of a user, wherein the received authentication passcode is derived from a secret seed and based on at least one protocode and embedded auxiliary information; processing the received authentication passcode to extract the embedded auxiliary information from the received authentication passcode, wherein the embedded auxiliary information comprises (i) a silent alarm signal indicating a potential compromise of the token, and (ii) a drifting key signal indicating a current drifting key state of the token, wherein the drifting key signal is processed to detect a cloning of the token; and implementing a predefined access policy (e.g., replace or disable the token of one or more users) based on respective values of the silent alarm signal and the drifting key signal.

Abstract: Methods, apparatus and articles of manufacture for authenticating by labeling are provided herein. A method includes identifying each of one or more graphical-based input elements to be associated with a computing device in response to user activity in connection with the computing device; identifying each of one or more graphical-based labels to be assigned to the one or more graphical-based input elements; displaying (i) the one or more graphical-based input elements and (ii) the one or more graphical-based labels via an interface of the computing device; generating a prompt via the computing device interface; and processing input cryptographic information entered via the computing device interface in response to the prompt against (i) the one or more graphical-based input elements and (ii) the one or more graphical-based labels.

Abstract: Methods, apparatus and articles of manufacture for authenticating by labeling are provided herein. A method includes establishing a set of cryptographic information, wherein said set of cryptographic information comprises (i) a set of one or more graphical-based input elements and (ii) one or more graphical-based labels assigned to the set of one or more input elements in accordance with a given arrangement; generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against the set of cryptographic information; and resolving the authentication request based on said processing.

Abstract: Methods and apparatus are provided for randomizing state transitions for one-time authentication tokens. A user authentication passcode is generated by determining a generation time within an epoch for initiating computation of the user authentication passcode; initiating computation of the user authentication passcode at the determined generation time; and presenting the user authentication passcode at a presentation time that is de-coupled from the generation time. The generation time occurs, for example, at a random offset from a start of the epoch. A time difference between the presentation time and a completion of the computation of the user authentication passcode comprises, e.g., a uniformly distributed random variable over a range of values having a finite mean value. The epoch optionally comprises pre-computation epochs and a variable number of user authentication passcodes are optionally computed during a given pre-computation epoch.

Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server; storing the authenticated alert message in a buffer; transmitting the buffer to the server; and detecting a truncation attack based on generating different cryptographic keys for protection of inserted messages and transmitted buffers, wherein the cryptographic keys for protection of inserted messages are generated in a forward-secure manner in a same order that the messages are inserted in the buffer and wherein the cryptographic keys for protection of transmitted buffers are generated in a forward-secure manner in a same order that the buffers are transmitted over a network.

Abstract: A security alerting system is provided with a network blockage policy based on alert transmission activity. Alert messages from a Security Alerting System executing on a host indicating a potential compromise of a protected resource are processed by determining if a number of buffer contents received from the host within a predefined time interval satisfies a predefined criteria, the buffer content comprising one or more of the alert messages from the Security Alerting System; and blocking a network connection of the host if the number of buffer contents received from the host within the predefined time interval does not satisfy the predefined criteria. The blocked network connection of the host can optionally be restored when a valid buffer content is received from the host. The predefined criteria is based on the alerting activity of the host.

Abstract: Techniques are provided for controlling user access to a protected resource based on an outcome of a one-time passcode authentication token and one or more predefined access policies. An exemplary method comprises the steps of: providing an authentication passcode generated by a token associated with a user to at least one authentication processing device, wherein the user is attempting to access a protected resource; receiving an authentication outcome from the at least one authentication processing device, the authentication outcome comprising an acceptance outcome of the received authentication passcode and at least one of an acceptance outcome with respect to one or more different signals, such as a silent alarm and an acceptance outcome with respect to a drifting key; and providing access of the user to the protected resource based on the authentication outcome and a predefined access policy. Predefined access policies that are specific to silent alarm alerts and drifting key alerts are also provided.

Abstract: Methods and apparatus are provided for proactivized threshold password-based secret sharing with key rotation. An exemplary method comprises determining a difference between updated and prior values of a share, wherein the updated value comprises a fixed share of a plurality of shares of a secret; setting at least one polynomial coefficient of a correction polynomial employed by a polynomial-based secret sharing scheme to a value that depends on the difference; applying the polynomial-based secret sharing scheme to obtain share correction values that comprise a share correction value for the fixed share derived from the at least one polynomial coefficient; and providing the share correction values to at least one party that generates the fixed share from the provided share correction value for the fixed share and the prior value of the share. The secret can optionally be updated. A key rotation scheduler optionally performs a new sharing of the secret based on a refreshing schedule and/or a refreshing policy.

Abstract: Techniques are provided for security-aware single-server passcode verification for one-time authentication tokens. An exemplary method comprises the steps of: receiving an authentication passcode generated by a token associated with a user, wherein the received authentication passcode is based on at least one protocode and embedded auxiliary information; and processing the received authentication passcode using a single processing device to extract the embedded auxiliary information from the received authentication passcode, wherein the embedded auxiliary information comprises one or more of two different signals, such as a silent alarm signal and a drifting key signal. The single processing device optionally implements software modules of first and second authentication servers. The single processing device optionally comprises one or more sources of pseudorandom information for at least two of an auxiliary channel, a silent alarm and a drifting key.

Abstract: A Security Alerting System is provided with dynamic buffer size adaptation. An alert message from a Security Alerting System indicating a potential compromise of a protected resource is transmitted by obtaining the alert message from the Security Alerting System; authenticating the alert message using a secret key known by a server, wherein the secret key evolves in a forward-secure manner; storing the authenticated alert message in a buffer, wherein a size of the buffer is based on a connection history of the Security Alerting System; and transmitting the buffer to the server. The alert message can optionally be encrypted. The buffer can be increased in proportion to a duration of a disruption of a connection. The size of the buffer can be increased by adding buffer slots at a location of a current write pointer index. Techniques are also disclosed for detecting truncation attacks and alert message gaps. The alert messages can have a variable size by writing alert message into consecutive buffer slots.

Abstract: Generalized password-based secret sharing schemes are provided. A secret sharing method comprises obtaining a secret; obtaining fixed values from one or more parties; setting an element of a column vector of a password-based linear secret sharing scheme based on the secret; randomly selecting values from a field for additional elements of the column vector; setting remaining elements of the column vector to values that ensure that a product of a matrix and the column vector, for each fixed-share party, is equal to the corresponding fixed value; and distributing non-fixed shares to additional parties using a labeling function. In another method, a defining matrix corresponds to the secret and a field of both the secret and a plurality of shares of the secret. A given share for each party in the set is set to the corresponding obtained fixed value.

Abstract: Forward-secure one-time authentication tokens are provided with embedded time hints. A token generates a passcode for presentation to an authentication server by determining a current state of the token; generating a user authentication passcode based on the current state, wherein the generated user authentication passcode comprises an embedded time hint; and communicating the generated user authentication passcode to the authentication server. The passcode may be generated with the embedded time hint, for example, each time a user authentication passcode is generated or upon demand when a user authentication passcode is generated. A server processes a user authentication passcode by receiving the user authentication passcode, wherein the received user authentication passcode comprises an embedded time hint; and determining a time interval to search for another user authentication passcode based on the embedded time hint.

Abstract: Static and dynamic embodiments are presented for generating chaff passwords for use in a password-hardening system. Chaff passwords are generated by obtaining a source set of passwords comprising at least one valid password for each of a plurality of users; and generating a chaff set of passwords for a given user, wherein the chaff set comprises at least one valid password for the given user and a plurality of chaff passwords for the given user, wherein the plurality of chaff passwords for the given user are obtained from the source set of passwords. Chaff passwords can also be generated by modifying portions of base passwords based on a distribution with which particular strings of digits and symbols appear in user passwords. Location oblivious chaff passwords are generated from a chaff set of passwords obtained from a chaff generation method by applying a random permutation over the elements of the obtained chaff set of passwords.

Abstract: A processing device comprises a processor coupled to a memory and is configured to predict or otherwise determine that a user will utilize a target application on a user device in involvement with a particular set of smart objects, to request cryptographic material for activating the smart objects of the set, to receive the cryptographic material responsive to the request, and to utilize the cryptographic material to activate the smart objects. Each of the activated smart objects provides a verifier with a proof of involvement with the user device. The verifier controls user access to the target application based at least in part on the proofs provided by the activated smart objects. The determining, requesting, receiving and utilizing operations in some embodiments are performed by a learning agent running on the processing device. The learning agent illustratively includes functionality for learning target application access behavior of the user over time.

Abstract: Methods and apparatus are provided for password-based secret sharing. An exemplary method comprises obtaining a secret; obtaining a fixed value from at least one party; setting at least one polynomial coefficient of a polynomial employed by a polynomial-based secret sharing scheme to a value that depends on the fixed value and the secret; and applying the polynomial-based secret sharing scheme to the secret to obtain a plurality of secret shares, wherein the plurality of secret shares comprises at least one fixed share derived from the at least one polynomial coefficient.