Abstract: In a cloud computing environment, a user authenticates to multiple cloud services concurrently. A master service has knowledge of or tracks the cloud service(s) to which a user is authenticated. Each cloud service may enforce its own inactivity period, and the inactivity period of at least first and second cloud services may be distinct from one another. When the master service receives an indication that the authenticated user is attempting to take an action at a first cloud service despite an activity timeout there, the master service issues a status request to at least the second cloud service to determine whether the user is still active at the second cloud service (despite its different inactivity period). If the user is still active at the second cloud service, the master service provides a response, selectively overriding (re-setting) the activity timeout at the first cloud service to permit the action.

Abstract: Information and data stored by a mobile device is protected by comprising applying password-protection to the locally-stored information without persistently storing the corresponding password locally. Rather, the corresponding password is stored by a remote password server. In response to a trigger event on the mobile device, such as an unlocking action by the user, a request is sent by the mobile device to the password server to retrieve the corresponding server, and the corresponding password is returned to the mobile device. The mobile device can then use the password to access the protected information. If the user determines that the mobile device is lost, stolen, or out of the user's physical control, the user may access the password server and disable the sending of the password to the mobile device, thereby thwarting attempts to access the protected data on the mobile device.

Abstract: A computing system includes a processor; and a memory communicatively coupled to the processor. The processor is configured to: generate a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements; and provide a plurality of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image.

Abstract: An un-authenticated user attempts to access a protected resource at a Web- or cloud-based application from within a rich client. The client has an associated local HTTP server. Upon being refused access, a browser-based login dialog is opened automatically within an embedded browser panel. After receipt of the user's login credential in the panel, the browser passes the credential server application. If the user is authenticated, the browser-based dialog receives a cookie establishing that the user is authenticated for a session. The browser then automatically makes a request to the HTTP server, passing the cookie. Upon receipt of the request at the rich client HTTP server, the rich client saves the cookie in an associated data store, shuts down the login dialog, and re-issues the original request to the server, this time passing the cookie. The rich client, having provided the cookie, is then permitted to access the resource.

Abstract: A method, programmed medium and system are provided for a server-based security manager application to support a self-cleaning operation on a remote computerized device. When a computer device has been reported as being missing for example, the security manager server application will cause the device to take pro-determined actions such as un-installing predetermined applications contained on the device and removing all persisted data associated with such predetermined applications.

Abstract: A method for providing a challenge response test associated with a computer resource performed by a physical computing system includes, with the physical computing system, generating a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements, and providing a number of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image.

Abstract: An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user's password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user.

Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.

Abstract: A method, programmed medium and system are provided for a server-based security manager application to support a self-cleaning operation on a remote computerized device. When a computer device has been reported as being missing for example, the security manager server application will cause the device to take pro-determined actions such as un-installing predetermined applications contained on the device and removing all persisted data associated with such predetermined applications.

Abstract: Information and data stored by a mobile device is protected by comprising applying password-protection to the locally-stored information without persistently storing the corresponding password locally. Rather, the corresponding password is stored by a remote password server. In response to a trigger event on the mobile device, such as an unlocking action by the user, a request is sent by the mobile device to the password server to retrieve the corresponding server, and the corresponding password is returned to the mobile device. The mobile device can then use the password to access the protected information. If the user determines that the mobile device is lost, stolen, or out of the user's physical control, the user may access the password server and disable the sending of the password to the mobile device, thereby thwarting attempts to access the protected data on the mobile device.

Abstract: A password protection application is executed on a mobile device and provides an interface by which an authorized user can define and configure a “data protection profile” for the device. This profile defines at least one security event (criteria or condition) associated with the device, and at least one protection action that should occur to protect data on the device upon the triggering of the event. Once defined in a profile, the application monitors for the occurrence of the security event. Upon the occurrence of the specified event, the protection action is enforced on the device to protect the data.

Abstract: The different illustrative embodiments provide a method, computer program product, and apparatus for managing an authentication request. A determination is made whether additional authentication is to be performed responsive to receiving the authentication request to access an application from a mobile device. A phone number to call is sent to the mobile device responsive to a determination that the additional authentication is to be performed. A determination is made whether an incoming call to the phone number is from the mobile device and within a selected period of time. The authentication request to access the application from the mobile device is granted responsive to a determination that the incoming call to the phone number is from the mobile device and within the selected period of time.

Abstract: The different illustrative embodiments provide a method, computer program product, and apparatus for managing an authentication request. A determination is made whether additional authentication is to be performed responsive to receiving the authentication request to access an application from a mobile device. A phone number to call is sent to the mobile device responsive to a determination that the additional authentication is to be performed. A determination is made whether an incoming call to the phone number is from the mobile device and within a selected period of time. The authentication request to access the application from the mobile device is granted responsive to a determination that the incoming call to the phone number is from the mobile device and within the selected period of time.

Abstract: A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed.

Abstract: A technique that identifies registered or guest users in web meetings of the type wherein users must follow a supplied URL to attend the meeting. Registered and guest users are provided different forms of the meeting invite URL. Each registered user receives a common web meeting link (a URL) that he must follow to join the meeting. This link forces the registered user to authenticate to the service when used. A guest user invitee receives a unique URL for the meeting that is generated with a nonce value associated with the guess user's contact information. The nonce value does not expose the contact information. To join the meeting, each registered user must follow the common web meeting link and authenticate to the service. True identities of the web meeting participants are displayed.

Abstract: A user authenticates to a Web- or cloud-based application from a browser-based client. The browser-based client has an associated rich client. After a session is initiated from the browser-based client (and a credential obtained), the user can discover that the rich client is available and cause it to obtain the credential (or a new one) for use in authenticating the user to the application (using the rich client) automatically, i.e., without additional user input. An application interface provides the user with a display by which the user can configure the rich client authentication operation, such as specifying whether the rich client should be authenticated automatically if it detected as running, whether and what extent access to the application by the rich client is to be restricted, if and when access to the application by the rich client is to be revoked, and the like.

Abstract: A method for providing a challenge response test associated with a computer resource performed by a physical computing system includes, with the physical computing system, generating a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements, and providing a number of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image.

Abstract: A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.

Abstract: A runtime approach receives a request from a target location. Data elements are received from a data store. Privacy data type categories corresponding to retrieved data elements are identified. Data flow category is identified based on the target location. Privacy actions are performed modifying some data elements based on the identified privacy data type categories and the data flow category so that the modified data elements comply with one or more data privacy rules pertaining to the target location. A design-time approach retrieves data types included in a software application data design. Privacy categories are selected that correspond to the retrieved data types. Flow categorization data is retrieved that correspond to software application processes. Privacy categories and flow categorization data are compared to privacy rules. A user is informed if privacy rules are violated to facilitate software application modification in order to comply with the privacy rules.

Abstract: A method for providing a challenge response test associated with a computer resource performed by a physical computing system includes, with the physical computing system, generating a challenge response test image comprising a plurality of well-formed construct elements forming a well-formed construct and a plurality of random construct elements, and providing a number of masks to be placed over the image, one of the number of masks configured to reveal the well-formed construct elements when placed over the image.