Abstract: A method includes (a) receiving, from an application server, a login message for a user, the login message including a user credential for a credential-based authentication (CBA), (b) forwarding the user credential to a CBA server for the CBA, (c) in response, receiving, an authentication decision message from the CBA server, (d) sending decision information from the authentication decision message received from the CBA server to a risk-based authentication (RBA) server, the RBA server being distinct from the CBA server, the decision information to be used by the RBA server in performing RBA authentication decisions, (e) if the authentication decision message is positive, then sending a challenge message to the application server to initiate RBA to be performed by the RBA server supplementary to the CBA, and (f) if the authentication decision message is negative, then sending a rejection message to the application server.

Abstract: A technique of authenticating a person involves obtaining, during a current authentication session to authenticate the person, a first authentication factor from the person and a second authentication factor from the person, at least one of the first and second authentication factors being a biometric input. The technique further involves performing an authentication operation which cross references the first authentication factor with the second authentication factor. The technique further involves outputting, as a result of the authentication operation, an authentication result signal indicating whether the authentication operation has determined the person in the current authentication session likely to be legitimate or an imposter. Such authentication, which cross references authentication factors to leverage off of their interdependency, provides stronger authentication than conventional naïve authentication.

Abstract: An improved technique involves authenticating a user based on ability of devices in the user's possession to corroborate environmental information between each other. As part of an authentication process, at least a primary device and a secondary device belonging to a user take readings of a particular set of environmental conditions, such as wireless networks that are active in a room in which they are contained. An authentication server can then verify that the primary and secondary devices are in the same room by corroborating the readings of the environmental conditions read from the primary and secondary devices, and base an authentication result on the corroboration.

Abstract: A token apparatus is described, including (a) a controller, the controller being configured to generate an OTP in synchronization with a remote authentication server, (b) a display, the display being constructed and arranged to display the OTP, and (c) an input apparatus, the input apparatus being constructed and arranged to receive a user-input alteration code, the user-input alteration code being used to alter the OTP in a standardized manner. A method of operating a token device which displays an OTP in synchronization with a remote authentication server is described, including (a) receiving an alteration code, (b) entering the alteration code onto the token device, and (c) causing an altered OTP to be entered into an application that seeks to authenticate a user, the altered OTP having been generated from the OTP in a standardized manner based on the alteration code. An authentication system is also described.

Abstract: There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity.

Abstract: A technique performs an authentication operation using pulse and facial data from a user. The technique involves obtaining current pulse data from a user, and performing a comparison between the current pulse data from the user and expected pulse data for the user. The technique further involves generating an authentication result based on the comparison between the current pulse data and the expected pulse data. The authentication result may control user access to a computerized resource. Since such a technique uses pulse data, a perpetrator cannot simply submit a static image of a subject's face to circumvent the authentication process. In some arrangements, the technique involves obtaining videos of human faces and deriving cardiac pulse rates from the videos. For such arrangements, a standard webcam can be used to capture the videos. Moreover, such techniques are capable of factoring in circadian rhythms and/or aging adjustments to detect and thwart video replay attacks.

Abstract: An enumeration prevention technique involves receiving an authentication session request which includes a validation result indicating whether a user identifier supplied by the user identifies a valid user entry in a user database. The technique further involves providing a genuine authentication session response when the validation result indicates that the user identifier does identify a valid user entry in the user database. The genuine authentication session response includes a user-expected set of artifacts to confirm authenticity of the authentication server to the user. The technique further involves providing a faux authentication session response when the validation result indicates that the user identifier does not identify a valid user entry in the user database. The faux authentication session response includes a machine-selected set of artifacts enabling the faux authentication session response to resemble a genuine authentication session response.

Abstract: A method is used in authenticating using organization based information. Organization based information is analyzed for information that is suitable for use in authenticating a user. The organization based information includes employee-used information. A question is derived from the organization based information. Based on the question, a process used to authenticate a user is executed.

Abstract: An improved technique involves automatically producing a set of KBA questions using values of attributes associated with correctly answered questions. A KBA question server obtains such attribute values from a prior set of pilot questions taken from users who were successfully authenticated. Examples of attributes include a source of facts in a question, placement of facts in a question, and question structure. The KBA question server then generates optimal formatting rules based on the attribute values; such formatting rules define a relationship between facts used to derive KBA questions and the words used to express the KBA questions to users. The KBA question generator then produces KBA questions according to the formatting rules.

Abstract: There is disclosed a technique for use in assessing the risk of information leakage. The technique receives a set of facts that have references to individuals associated with an organization. Based on the received facts, a link is detected between an individual associated with the organization and an occurrence indicative of risk. A connection is identified between the individual and confidential information within the organization. Based on the detected link and the identified connection, the risk is determined of the confidential information being leaked in an unauthorized manner by the individual.

Abstract: An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information.

Abstract: A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client.

Abstract: A technique of authenticating a user involves storing a set of expected OTPs in memory of a mobile device, the set of expected OTPs having been previously generated by and acquired from an external authentication server. The technique further involves receiving, after the set of expected OTPs is stored in the memory, an authentication request from a user of the mobile device, the authentication request including a user-provided OTP. The technique further involves performing, by processing circuitry of the mobile device, a local authentication operation which provides an authentication result based on a comparison between the user-provided OTP and an expected OTP of the set of expected OTPs stored in the memory. The authentication result indicates whether authentication of the user is successful or unsuccessful.

Abstract: Methods, computer program products, and apparatuses are provided for securely exchanging a data file between a client machine and a remote application server (e.g., a banking application operating on a banking server) in the context of a user communicating with the remote application server through a secure virtualized environment running on a virtualization server.

Abstract: An improved technique involves converting facts from multiple fact sources to a common data format. Along these lines, for each fact source having a source-specific format, a KBA system provides an adaptor that converts incoming facts in the source-specific format to the common data format prior to generating questions. The KBA system stores the facts in the common format in a database for subsequent access. In response to an authorization request, the KBA system then builds questions based on the facts from multiple sources in the common data format stored in the database.

Abstract: An improved technique tailors a biometric challenge activity to a particular user. The particular user submits electronic input from which an authentication system extracts information concerning traits of the particular user; such traits can include keystroke and swiping patterns, handheld device positions, and place of origin. An authentication server maps values of user attributes such as place of origin, age, and UI device to the extracted traits. The authentication server then selects biometric challenges for the particular user based on user attributes having values which deviate most from a mean value of that attribute taken across a population of users. That is, the authentication server bases biometric challenges on the most distinguishing traits of the particular user.

Abstract: A technique processes an email message. The technique involves receiving the email message from a network, and performing an authenticity analysis operation to determine authenticity of the email message. The technique further involves forwarding a copy of the email message to an external central hub through the network when a result of the authenticity analysis operation indicates that the email message is not authentic, and refraining from sending the copy of the email message to the external central hub through the network when the result of the authenticity analysis operation indicates that the email message is authentic. Such an embodiment is well suited for identifying spear phishing attacks within email messages routinely handled by an email server.

Abstract: An improved authentication technique employs a user's mobile device to obtain a picture of the user from which facial geometry is extracted and applied as part of an authentication operation of the user to the remote network. In some examples, a server stores facial geometry for different users along with associated PINs. By matching facial geometry of the user with facial geometry on the server, the user's PIN can be obtained, without the user ever having to register or remember the PIN.

Abstract: A technique controls access to a protected resource. The technique involves performing a series of authentication operations between an end user device and an authentication engine, and providing, while the series of authentication operations results in ongoing successful authentication, a virtual desktop session from a virtual desktop server to the end user device to enable a user at the end user device to access the protected resource using the virtual desktop session. The technique further involves closing the virtual desktop session when the series of authentication operations results in unsuccessful authentication (e.g., receipt of an incorrect authentication factor, loss of communications between the end user device and the authentication engine, etc.) to prevent further access to the protected resource using the virtual desktop session.

Abstract: A technique controls launching of a client application on an electronic device. The technique involves, after the client application is installed on the electronic device, providing input from the electronic device to an adaptive authentication service of a remote authentication server. The technique further involves receiving a credential from the adaptive authentication service of the remote authentication server in response to a successful adaptive authentication result which is based on the input provided from the electronic device. The technique further involves invoking the client application with the credential on the electronic device to establish a trusted session between the client application and an application server. Such a technique is well suited for use by multi environment clients such as general purpose computers, tablets and smart phones.