Abstract: Electronic communication methods and systems for determining biometric events and annotating recorded information with indicia of the biometric events are disclosed. Exemplary methods and systems can further determine contexts within the recorded information and further annotate the recorded information with indicia of the context.

Abstract: A secure start system for an autonomous vehicle can include a communications router comprising an input interface to receive a boot-loader to enable network communications with a backend system. The secure start system utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault. The secure start system then retrieves a set of decryption keys from the backend data vault, via the private communications session, to decrypt a plurality of encrypted drives of the autonomous vehicle, which enables one or more functions of the autonomous vehicle.

Abstract: Aspects of the disclosure relate to using smart glass and distributed ledger technology to provide secure authentication for digitally hand signing documents. Smart glasses worn by a customer may be activated via an application on a mobile device. The smart glasses may then scan the document and a biometric feature of the customer. The captured biometric feature and document content may be stored on a distributed ledger system. Based on the information stored on the distributed ledger, a unique binary code may be generated. The binary code may be converted into an image and shared with the mobile application. The image may then be embedded into the document as a digital hand signature. The document and the embedded image may be submitted to nodes of the distributed ledger for authentication of the digital hand signature.

Abstract: Systems and methods disclosed herein provide a geo-targeted online reservation system that ensures authenticity of customer devices requesting reservations by generating reservations only if threshold authentication conditions are satisfied. For example, a computing device registered with a server system receives inputs for requesting a reservation of a limited release product and for configuring the product. To authenticate the computing device, the server device transmits an electronic message to the computing device requesting the computing device to respond. A response to the message is one threshold authentication condition for generating the reservation. Upon determining that one or more threshold authentication conditions are satisfied, the server device generates a reservation for the product.

Abstract: A system and method for home security, and in particular to notifying residents of a home of a visitor's presence and providing an automatic assessment of the visitor's legitimacy, is disclosed. In one example, the system can be configured to automatically identify a logo worn by the visitor using optical recognition and generate a notification for the resident that identifies the company. In another example, the system can request presentation of an encrypted key that should be stored on the visitor's computing device. In another example, the system can query a database of scheduled services and determine if a person was requested or scheduled for a visit. In some embodiments, the system can assign a security token to the merchant which will be required at the time of the appointment.

Abstract: Novel tools and techniques might provide for implementing application, service, and/or content access control. Based at least in part on a consumer's choice of applications, services, content, and/or content providers—particular in exchange for a subsidy on content and/or network access fees provided to the consumer by chosen content providers—, a computing system may determine whether access to applications, services, and/or content not associated with the chosen content providers (“other content”) should be allowed or restricted. If restricted, the computing system might utilize various network access techniques and/or technologies to block the consumer's access to the other content, to allow access to the other content on a charge per access basis, or to allow access to the other content at reduced network access speeds. In some embodiments, an access provider (e.g., an Internet service provider, etc.) might perform both determination and implementation of content access and restriction.

Abstract: Various implementations disclosed herein include devices, systems, and methods that provide authority transfer of a virtual object in a shared CGR environment. In some implementations, at a first electronic device associated with a first owner having authority to transmit state updates of a virtual object, a state update is transmitted to one or more peers participating in the shared CGR environment associated with the current state of the virtual object by the first electronic device. In some implementations, a handoff message is transmitted to indicate that ownership of the virtual object is being handed off. Then, an acquisition message transmitted by a second electronic device associated with a second owner indicates ownership acquisition of the virtual object by the second owner. The first electronic device accepts state updates of the virtual object transmitted from the second owner based on receiving the acquisition message.

Abstract: An objective of the present invention is to achieve greater efficiency in searches for illegal (illegitimate) content. The illegitimate content relates to content posted by an unauthorized user without a legitimate ownership of the content. An illegitimate content search device according to the present invention comprises: a content profile acquisition part for acquiring a profile including a posting history of illegitimate content posted by a user having posted candidate content being potentially illegitimate content; and a matching priority calculation part for calculating, on the basis of the profile, the priority of the candidate content with regard to determining whether a plurality of pieces of content is illegitimate content, and elevating the priority of the illegitimate content with a history of having posted the illegitimate content higher than if content without the history.

Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

Abstract: A server of a distributed computing system that is at least partially hosted on a particular access network receives a plurality of messages from a plurality of devices over a network, each of the messages associated with a corresponding source address. For each of the plurality of devices, a current access network is determined for the device. For each of the devices with a current access network being the particular access network, a first network policy is applied to the device. For each of the devices with a current access network being other than the particular access network, a second network policy is applied to the device, the second network policy defining a second encryption requirement.

Abstract: A method for updating network access application authentication information applicable to a terminal having an embedded universal integrated circuit card (eUICC) that has at least one profile. The method includes receiving, by the terminal, a first message from a remote server, where the first message includes network access application (NAA) authentication parameter update information and a first identifier, updating, by the terminal, authentication information of a profile corresponding to the first identifier based on the NAA authentication parameter update information, and detaching, by the terminal, from a network and re-attaching to the network based on updated authentication information of the profile.

Abstract: The present application discloses a communication method, a terminal, a server, a communication system, a computer device and a medium. The communication method includes that a server establishes a connection and feeds back a display control in response to requests of a first terminal and a second terminal; then, the server feeds back function feedback information in response to a function request of the first terminal, and feeds back function feedback information in response to a menu request of the second terminal; and the servers presents multiple interface components and maintains and updates each interface component in response to management operation of a third user.

Abstract: A control method for controlling a second server apparatus configured to communicate with a first server apparatus and store a program is provided. The first server apparatus is configured to provide a file sharing service. The program provides a function for printing a file having been uploaded to the first server apparatus. The control method includes: acquiring network information of an information processing apparatus accessing the first server apparatus; selecting, based on the acquired network information, a piece of printer information from among pieces of printer information; and performing control for causing the information processing apparatus to display an object displaying the selected piece of printer information and configured for receiving a selection of printer information from among the pieces of printer information.

Abstract: A system includes an identity authentication system interface operatively coupled to a computerized network for receiving identity information over the computerized network. An identity authentication tool operatively coupled to the identity authentication system interface that receives, from the identity authentication system interface, a request to authenticate an identity; information pertaining to the user; information pertaining to the user; a collected electronic signature representation of a user; and a private information indicator from the user device. The identity authentication tool determines an indication of whether the user information matches user information stored by the identity authentication tool; and the private information indicator from the user device indicates that the user's private information was verified. An indication that the identity was verified or not verified is output by the identity authentication tool.

Abstract: A system, method, and computer-readable recording media for a user account secure with a single sign on (SSO) password hidden authentication. Receiving credential information (CI) and generating the SSO password through at least one client device (CD). Encrypting the SSO password. Storing the SSO password in the CD and an electronic device (ED). Transmit the SSO password and encrypted SSO password to a cloud services platform (CSP), where the CSP stores both. Storing the SSO password in a cloud server (CS). Accessing the user account, if SSO password is unavailable, through the CSP transmitting a one time passcode to a user email, the CD setting a temporary password transferred to the CSP. The CSP confirming a match and transmitting the encrypted SSO password to the CD, the CD decrypting the encrypted SSO password and resetting the temporary password to the SSO password.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: Described herein is a system in which an electronic record is stored within a distributed environment. In this system, a validation node may receive a transaction record from an acceptance node. The validation node may verify that the acceptance node is authorized 5 to participate in a blockchain network, identify a user associated with the transaction record, and append the transaction record to an electronic record. The transaction record may be associated with a digital signature formed by hashing multiple data elements, and then encrypting the hashed data elements using a private encryption key.

Abstract: The example embodiments are directed to a system and method for managing blockchain transaction processing. In an example, the method includes one or more of receiving a message transmitted from a client device, the message including a predefined structural format for processing by a service providing computing system, determining a type of the message and detecting one or more sensitive fields within the message based on the determined type of the message, anonymizing values of the one or more sensitive fields within the message while leaving the predefined structural format intact, and transmitting the anonymized message including the one or more anonymized values with the predefined structural format remaining intact to the service providing computing system. The system can anonymize data from a private network before it is transmitted to a public service.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for identifying potential attacks through monitoring of user credential login attempts across a network of websites. One example method includes monitoring login attempts associated with a plurality of websites and identifying a first login attempt at a first website associated with a set of user credentials. In response to determining that the set of user credentials do not correspond to a valid set of credentials, a count value associated with an entry in a failed credential log associated with the user credentials is incremented. If the count threshold associated with a compromised user credential rule is exceeded by the current count value, then the first set of credentials is identified as a set of compromised credentials and at least one protective action is initiated.

Abstract: A method of securely processing data in a third party cloud environment is provided. Third party computer executable code is executed in a secure portion of the third party cloud environment. An external data request for external data to be received from an external data provider is then processed whereby the external data request comprises at least a portion of the secure data. The third party cloud environment determines whether to authorise the first external data request, and if the request is so authorised the request is sent to the external data provider and the external data is received from the external data provider.

Abstract: A system includes a database, a sensor, and a hardware processor communicatively coupled to the sensor. The database stores an identifier assigned to a mobile device. The presence of the identifier in the database indicates that a user of the mobile device is associated with a security breach. The mobile device is configured to transmit the identifier over a wireless network. The sensor has a range and is configured to obtain the identifier transmitted by the mobile device when the mobile device is located within the range. The hardware processor receives the identifier from the sensor. The processor also determines that the identifier is stored in the database. In response to determining that the identifier is stored in the database, the processor initiates a security protocol.

Abstract: An apparatus includes a processor coupled to a memory. The processor calls a second function from a first function by coloring with an inaccessible color value a first memory area associated with the first function, branching to the second function, coloring with a second color value a second memory area associated with the second function, operating on the second memory area, and coloring with the inaccessible color value the second memory area. The processor then returns control to the first function, and colors with a first color value the first memory area. The coloring step includes branching to a coloring routine that includes a basic block beginning with a single branch target instruction, identifying and authorizing the calling routine, coloring with a hardcoded color value a memory area associated with the calling routine, and returning to the calling routine.

Abstract: A system and method for linking to accounts using credential-less authentication that includes: within a first application context at an account-linking computing service: receiving a request to establish an account link, establishing the account link to a user account of an account service using user credentials, and receiving user identifying information of the first application context and storing the user identifying information in association with the account link; and within a second application context at the account-linking computing service: receiving user identifying information of the second application context, searching and identifying a candidate account link using the user identifying information of the second application context, verifying eligibility for access to the account link, and permitting access to the account link upon successful verification of eligibility.

Abstract: Techniques are disclosed for mitigating network-based attacks, brute-force attacks, enumeration account takeover type attacks, and generally attacks that might result in unauthorized access to user accounts, denial-of-service, loss of functionality to users, etc. Authenticating a user at an end-point of a network may occur using an activator. In some instances, an authentication module (e.g. on a server) receives and validates a key activator. If the key activator is valid, the authentication module is activated. After the authentication module is activated, the authentication module may receive and authenticate a security credential, such as a password, that is associated with the user. If the authentication module receives the security credential without being activated, the authentication module may not authenticate the security credential, even if the security credential is a valid credential.

Abstract: Embodiments include apparatuses, methods, and systems for performing security protection of association between a user device and a user. A computing system receives from a service provider a notification that an identifier of a user device has been activated in the user device to be associated with a user identifier to replace an existing identifier of the user device associated with the user identifier. The computing system further receives from the user device a request for information associated with the user identifier to be sent to the user device associated with the identifier of the user device. Before sending the requested information to the user device, the computing system verifies the identifier of the user device has been activated by the user by an additional authentication of the user through a communication path between the user and the computing system. Other embodiments may also be described and claimed.

Abstract: The present disclosure includes apparatuses, methods, and systems for using a local ledger block chain for secure updates. An embodiment includes a memory, and circuitry configured to receive a global block to be added to a local ledger block chain for validating an update for data stored in the memory, where the global block to be added to the local ledger block chain includes a cryptographic hash of a current local block in the local ledger block chain, a cryptographic hash of the data stored in the memory to be updated, where the current local block in the local ledger block chain has a digital signature associated therewith that indicates the global block is from an authorized entity.

Abstract: Embodiments described herein enable a user to bypass the use of one-time keys or account recovery codes by providing techniques for accessory assisted account recovery. In various embodiments, accessory assisted account recovery makes use of an accessory device of a user, where the accessory device can be any device having a secure processor, cryptographic engine, public key accelerator, or is otherwise able to accelerate cryptographic operations or perform cryptographic operations in a secure execution environment. An account recovery key can be split into multiple portions. At least one portion of the recovery key is then encrypted. The accessory device is then configured to be uniquely capable of decrypting the encrypted portion of an account recovery key.

Abstract: An apparatus includes: a hardware processor that executes, based on recognized information obtained by voice recognition, a process requiring an execution authority; and an authenticator that performs authentication to determine, using first confidential information that is preset, whether the execution authority has been given. Upon determining that the recognized information corresponds to the preset confidential information, the hardware processor provides a user with a predetermined notification regarding security of the preset confidential information.

Abstract: A method for recovering data. Identity factors are collected at a device, wherein hashes of the identity factors are configured to be stored at a server. A dynamic password is generated at the device based on the identity factors and a Salt generated by the server and configured to be delivered to the device. A selfie is captured of a user. The device generates a symmetric key used to encrypt the selfie. The symmetric key is encrypted using the dynamic password. The encrypted symmetric key and the encrypted selfie are stored on the server. One or more data items are stored on the server. The dynamic password is recoverable by presenting the plurality of identity factors that are hashed to the server. The symmetric key is recoverable using the recovered dynamic password. The data items are recoverable by presenting the symmetric key and a second selfie of the user.

Abstract: Transactional Lock Elision allows hardware transactions to execute unmodified critical sections protected by the same lock concurrently, by subscribing to the lock and verifying that it is available before committing the transaction. A “lazy subscription” optimization, which delays lock subscription, can potentially cause behavior that cannot occur when the critical sections are executed under the lock. Hardware extensions may provide mechanisms to ensure that lazy subscriptions are safe (e.g., that they result in correct behavior). Prior to executing a critical section transactionally, its lock and subscription code may be identified (e.g., by writing their locations to special registers). Prior to committing the transaction, the thread executing the critical section may verify that the correct lock was correctly subscribed to. If not, or if locations identified by the special registers have been modified, the transaction may be aborted.

Abstract: Methods, systems, and devices for supporting security for private data inputs to artificial intelligence models are described. A device (e.g., an application server) may receive a request to run an artificial intelligence model. The device may run the artificial intelligence model on a public data set and an extended set of data that includes both the public data set and a private data set. The device may determine a first set of outcomes based on running the artificial intelligence model on the public data set and a second set of outcomes based on rerunning the model on the extended set of data. The device may then compare the two sets of outcomes to determine whether a private data value is identifiable based on the second set of outcomes. If a private data value is identifiable, the device may obfuscate the results prior to transmitting the results to the requestor.

Abstract: The present disclosure includes apparatuses, methods, and systems for using a local ledger block chain for secure updates. An embodiment includes a memory, and circuitry configured to receive a global block to be added to a local ledger block chain for validating an update for data stored in the memory, where the global block to be added to the local ledger block chain includes a cryptographic hash of a current local block in the local ledger block chain, a cryptographic hash of the data stored in the memory to be updated, where the current local block in the local ledger block chain has a digital signature associated therewith that indicates the global block is from an authorized entity.

Abstract: Disclosed is a method for obtaining emergency device access for field devices in process automation technology by means of a security token. The method includes the field device receiving and storing a public key before an emergency occurs; connecting the security token to the field device; sending a challenge from the field device to the security token; calculating a response to the challenge by means of a private key on the security token and sending the response from the security token to the field device; and granting emergency access if the response is correct.

Abstract: A first ingress interface on a switch receives a first control packet for establishing a Transmission Control Protocol (TCP) session and selects a first engine running on a first line card in the switch. A second ingress interface receives a second control packet and selects the same first engine. Data associated with the TCP session received by the first or second ingress interface subsequent to establishing the TCP session is to be forwarded to the first engine. The first ingress interface receives a third control packet and sends, to the selected first engine, a notification indicating the TCP session which is to be tracked. The first or second ingress interface receives a fourth packet with a payload associated with the TCP session and forwards, to the selected first engine, a copy of the fourth packet, thereby facilitating a plurality of engine instances to support application identification.

Abstract: Native activity tracking using credential and authentication management in scalable data networks is described, including detecting a request from an extension installed on a browser to access a data network, initiating another request from the extension to a server to retrieve authentication data to access the data network, transferring from the server to the extension the authentication data and an instruction to the extension to generate a further request, transmitting the further request to the data network from the browser, the request comprising the authentication data from the server without manual input of the authentication data, presenting an overlay on the browser, the overlay being configured to indicate a login status associated with the data network, and storing one or more portions of data transferred between the data network and the browser, the storing being performed by the extension if access to the data network has been provided to the browser in response to the request.

Abstract: A method of separating identity IPs for identification of applications from the locator IPs for identifying the route is provided. A virtual service layer (VSL) protocol stack uses the IP addresses assigned by network administrators to the application endpoints to support the TCP/IP stack as the identity IP addresses that are not published to the underlay network for routing. On the other hand, the VSL stack uses the IP addresses assigned by the underlay network to the VSL enabled endpoints and VSL enabled routers as the locator IP addresses for routing packets. The VSL stack formats application flow packets with identity headers as identity packet and encapsulates identity packet with the locator header to route the packet. The separation of the identity and locator identifications are used to eliminate the network middleboxes and provide firewall, load balancing, connectivity, SD-WAN, and WAN-optimization, as a part of the communication protocol.

Abstract: The present invention broadly comprises crowd-sourced computer-implemented methods and systems of collecting and transforming portable device data. One embodiment of the invention may be implemented as a system including an electronic device including a sensor configured to collect data, the device configured to begin collection of data based on a command from a user of the electronic device; and a server configured to issue a command to the electronic device to turn on the sensor and transmit data collected by the sensor to the server without any input by the user of the electronic device when a condition is met.

Abstract: One example method includes extracting content metadata from data, storing the content metadata in a data catalogue, receiving at the data catalogue, from a user, a request to access the data, transmitting, by the data catalogue to a security service provider, an access request that includes the extracted content metadata and metadata relating to the access request, accessing, by the security service provider, identity metadata concerning an identity of the user, and a data access policy, and transmitting, by the security service provider to the data catalogue, a decision as to whether or not access can be granted to the data, and the decision is based on the data access policy, the identity metadata, and the metadata in the access request.

Abstract: A method, system and computer program product for secure access management for tools within a secure environment. A virtual file system for a user in memory on a server side in the secure environment is accessed as part of an authenticated user session including a user command instigated by a user. At the virtual file system, an encrypted file stored in the secure environment is obtained, where the file is encrypted using a public key of a user. A read operation at the virtual file system of the encrypted file is intercepted and the encrypted file is sent to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key. The decrypted file is then received at the virtual file system enabling the user to run the required user command.

Abstract: IoT frameworks require flexible and scalable communication and security schemes that can be deployed on devices of low computational capabilities and memory (e.g., resource-constrained devices). A system is provided including a mesh network of resource-constrained devices creating a self-organizing and collaborative communication topology between the devices, and an attribute-based encryption security scheme integrated with the mesh network that enables the resource-constrained devices to communicate securely in unsecured channels by defining an access policy that can only be satisfied by the authorized resource-constrained devices. In order to integrate the attribute-based encryption scheme with the mesh network of resource-constrained devices, a serializer and deserializer are provided that prepare all communications to go through the attribute-based encryption scheme by converting all data and metadata into a suitable format for transmission over the network.

Abstract: Systems and methods of managing fraudulent devices are provided. The system detects a request for a connection to communicatively couple a technician computing device with a receiver computing device. The system identifies connection data for the connection. The system requests, based on the connection data, a plurality of account values. Each of the plurality of account values is associated with an account that the technician computing device used to establish the connection. The system generates a score indicating a fraudulent level of the account based on the plurality of account values. The system terminates, responsive to a comparison of the score with a fraud threshold, the connection. The system transmits, to a ticketing system, a support ticket generated responsive to the comparison of the score with the fraud threshold.

Abstract: A system for credential authentication comprises an interface configured to receive a create indication to create a visitor network credential and receive a certify indication to certify an authentication device to use a network, and a processor configured to provide the visitor network credential to the authentication device in response to the certify indication, provide a proof request to the authentication device, receive a proof response, validate the proof response using a distributed ledger, generate a network certificate, and provide the network certificate to the authentication device.

Abstract: Computer systems and methods are provided for transmitting authorization information to an image capturing device. A computing system receives, from an image capturing device, captured image data that includes a first facial image and an image of a document that includes a second facial image. The first facial image and the second facial image are included a single image frame. The captured image data is analyzed to determine a first portion of the captured image data that corresponds to the first facial image and a second portion of the captured image data that corresponds to the second facial image. The first portion of the captured image data is compared with the second portion of the captured image data. In accordance with a determination that the first facial image and the second facial image meet matching criteria, authorization information is transmitted to the image capturing device.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of authentication questions using e-mail processing. A request for access to an account may be received from a user device. A plurality of organizations may be identified. One or more e-mail associated with the account may be identified. The e-mails may be processed to identify one or more organizations that correspond to transactions conducted by a user. A modified plurality of organizations may be generated by removing, from the plurality of organizations, the one or more organizations. An authentication question may be generated and provided to the user device. A response to the authentication question may be received, and the user device may be provided access based on the response.

Abstract: Sensitive information can be managed using a trusted platform module. For example, a system can encrypt target information using a cryptographic key to generate encrypted data. The system can also receive an encrypted key from a trusted platform module, where the encrypted key is a version of the cryptographic key that is encrypted using a public key stored in the trusted platform module. The system can then transmit the encrypted data and the encrypted key to a remote computing system, for example to store the encrypted data and the encrypted key on the remote computing system. Using these techniques, the target information may be secured and stored in remote locations.

Abstract: Systems, methods, and computer-readable media are disclosed for data unblocking in application platforms. An application platform may comprise a plurality of systems. A system may store data having a residence period. Upon expiration of the residence period, the data may be blocked from further processing. Data which is blocked may need to then be unblocked. Systems may be leading systems or dependent systems. Data unblocking may be triggered from the leading system to the dependent systems. At runtime, the dependent system may receive a trust token which may be used to verify a calling system as the leading system. If a data unblocking request is called from a dependent system, data unblocking may be prevented.

Abstract: A system, method, and apparatus for implementing workflows across multiple differing systems and devices is provided herein. During operation, a workflow is automatically generated based upon a camera detecting denial of entry of an individual. The workflow can then be implemented or suggested as a newly-created workflow at other various entry points.

Abstract: The present disclosure relates to two-factor authentication with a Hardware Security Module (HSM). In response to a login attempt, the HSM indicates that two-factor authentication is required. To generate the second authentication factor, a management console is accessed using credentials. The management console generates the second authentication factor and provides the second authentication factor to the client. The client then provides the second authentication factor to the HSM to complete the two-factor authentication operations.

Abstract: Aspects of a privileged identity management system and method provide users with the ability to request elevated privileges to perform tasks on computing systems and software applications. The privileged identity management system and method also provides users with the ability to extend the elevated privileges to access privileged features or perform tasks using elevated privileges. The privileged identity management system and method utilize a different device that is readily available to the user in order to provide communications relating to the elevated privileges.

Abstract: In an approach for a rule-based filtering system for securing password logins, a processor receives a password input on a user device. A processor determines whether the password requires filtering. Responsive to determining the password requires filtering, a processor filters characters from the password based on a set of filtering rules to create a filtered password. A processor determines whether the filtered password matches a stored password.