Abstract: Computer-implemented systems, methods, and computer-readable media for selecting a sequence of content parts from polymorphic content of an audiovisual presentation based on at least one profile of a user include receiving content information associated with polymorphic content, receiving profile information of a user, and selecting for rendering, from amongst the alternative content parts, a sequence of content parts from the polymorphic content based on at least a portion of the profile information.

Abstract: A method may include receiving content included in a social media post of a user; analyzing the content included in the social media post to determine a likelihood that the social media post contains security information associated with the user; transmitting an alert to a computing device of the user, based on the analyzing, that the content includes the security information associated with the user; and presenting an option to change the security information.

Abstract: Techniques for securely instantiating applications associated with computing resource service provider services on hardware that is controlled by third parties and/or customers of the computing resource service provider are described herein. A request to instantiate an application is received and fulfilled by selecting a computer system from computer systems that are controlled by a third party and/or a customer of the computing resource service provider. The computer system is selected based at least in part on the hardware capabilities of the computer system associated with instantiating a secure execution environment. The application is then instantiated within a secure execution environment operating on the computer system.

Abstract: An identity and access management (IAM) system is associated with a set of data sources from which data is collected. A set of vulnerabilities that the IAM system should attempt to detect is identified. For each vulnerability to be detected, a prioritized list of strategies used to detect that vulnerability is generated. Preferably, each strategy specifies the type(s) of data required to detect that vulnerability. An algorithm to determine a best strategy to be used for detecting each vulnerability, preferably based on the data available from the data sources, is then identified. The IAM system then collects data in an optimized manner. In particular, during the collection process, the IAM system preferably collects only what is necessary based on the configuration, even if the data source is capable of providing additional data. The collected data is then processed to detect security vulnerabilities associated with the IAM accounts.

Abstract: Techniques for enhancing the security of storing sensitive information or a token on a communication device may include sending a request for the sensitive information or token. The communication device may receive a session key encrypted with a hash value derived from user authentication data that authenticates the user of the communication device, and the sensitive information or token encrypted with the session key. The session key encrypted with the hash value, and the sensitive information or token encrypted with the session key can be stored in a memory of the communication device.

Abstract: A user, group, and device management and authentication system allows administrators to manage one or more directories with devices that are not associated with a domain of the one or more directories via a set of APIs. The system also allows applications and services that do not have direct access to a list of directory users to access the one or more directories. The user, group, and device management and authentication system may be an add-on system that works in conjunction with a centrally-managed directory service to provide such functionality. For example, the system may generate an access token associated with a particular directory that can be used by a service accessed by an administrator to call an API provided by the system. The API call may be translated into a directory-specific API call that can be used to perform an action in the particular directory.

Abstract: In an environment that includes a host computing system that executes virtual machines, and a secure cloud computing channel that communicatively couples the host to a client computing system that is assigned to a particular one of the virtual machines, the particular virtual machine generates a certificate, install the certificate on the itself, and returns a certificate representation to the client. This may occur when the virtual machine is provisioned. During a subsequent connection request from the client to the virtual machine, the virtual machine returns the certificate to the client. The client compares the certificate representation that was returned during provisioning with the certificate returned during the subsequent connection, and if there is a match, then the virtual machine is authenticated to the client. Thus, in this case, the virtual machine authenticates without the client having to generate, install, and manage security for a certificate.

Abstract: Systems and methods of virtual world interaction, operation, implementation, instantiation, creation, and other functions related to virtual worlds (note that where the term “virtual world” is used herein, it is to be understood as referring to virtual world systems, virtual environments reflecting real, simulated, fantasy, or other structures, and includes information systems that utilize interaction within a 3D environment). Various embodiments facilitate interoperation between and within virtual worlds, and may provide consistent structures for operating virtual worlds. The disclosed embodiments may further enable individuals to build new virtual worlds within a framework, and allow third party users to better interact with those worlds.

Abstract: A method and technique for access authentication includes: responsive to receiving an access request from a user for a secure resource, transmitting a uniform resource locator (URL) to the user; responsive to transmitting the URL to the user, logging a timestamp for the URL transmission; responsive to receiving a request for the URL, logging a timestamp for the URL request; and responsive to verifying that a difference between the timestamp for the URL transmission and the timestamp for the URL request is within a predetermined time period, providing access to the secure resource.

Abstract: An information terminal apparatus includes: a first image pickup section that obtains a first picked-up image; a first communication section that receives a second picked-up image obtained by a second image pickup section according to a first communication standard; a second communication section that performs communication according to a second communication standard different from the first communication standard; and a display control section that displays the first picked-up image during the communication of the second communication section when communication of the first communication section is not established. Cooperative display control with respect to a plurality of picked-up images from a plurality of image pickup sections reduces a waiting time period before the picked-up images are displayed.

Abstract: An accessory for a host medical device that is capable of authenticating itself to the host medical device. The accessory includes an onboard facility for authenticating the accessory to the host medical device. Various embodiments of the accessory enable it to validate itself to the host medical device without the host medical device reading any stored information from the accessory.

Abstract: Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.

Abstract: A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed.

Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

Abstract: Techniques for mitigating the transitive data problem using a secure asset manager are provided. These techniques include generating a secure asset manager compliant application by tagging source code for the application with a data tag to indicate that a data element associated with the source code is a sensitive data element, accessing a policy file comprising transitive rules associated with the sensitive data element, and generating one or more object files for the application from the source code. These techniques also include storing a sensitive data element in a secure memory region managed by a secure asset manager, and managing the sensitive data element according to a policy associated with the sensitive data element by an application from which the sensitive data element originates, the policy defining transitive rules associated with the sensitive data element.

Abstract: Embodiments are directed towards employing a non-repudiation process for consumer credit requests based on an affirmative authentication of a one-time-pin (“OTP”) generated from a consumer biometric smartcard. The biometric smartcard may authenticate biometric information (e.g. fingerprint, facial image, iris image, or the like) of the consumer based on biometric templates stored on the biometric smartcard. In at least some of the various embodiments, the OTP may be authenticated by an identity authority, such that an associated credit request to a provider may be authenticated. In some embodiments, the provider may request and utilize a credit report for an authentic credit request to determine whether or not the consumer has an acceptable credit rating. If the consumer has an acceptable credit rating, then the provider may provide credit to the consumer.

Abstract: This invention relates to a method of healthcare data handling by a trusted agent possessing or having an access to decryption keys for accessing healthcare data. A request is received from a requestor requesting accessing healthcare data. A log is generated containing data relating to the request or the requestor or both. Finally, the requestor is provided with an access to the healthcare data.

Abstract: A device-installation-information distribution apparatus for distributing device installation information including a function of installing program on an information processing apparatus to enable the information processing apparatus to use a device over a network and a function of configuring operation settings of the program includes a distribution request obtaining unit configured to obtain a distribution request, which is transmitted from the information processing apparatus, requesting to distribute the device installation information, a device-installation-information update unit configured to obtain login information for use in logging into the information processing apparatus at a privilege authorized to install software based on the obtained distribution request and device installation information for the target device and update the device installation information by adding the login information to the device installation information, and a device-installation-information distribution unit configur

Abstract: Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.

Abstract: A multi-vocal password verifying method includes the steps of: (1) displaying at least one set of candidate information units, the information units of the password being included in at least one set of candidate information units for being chosen; (2) accepting setting of relative location between a target selection region and the candidate information units such that the number of the candidate information units covered by the target selection region is two or more, the candidate information units covered by said target selection region being defined as a selection information unit set; and (3) comparing the information units of the password with the selection information unit set, and it being determined that the user has chosen correct information units from the predefined password when the selection information unit set contains the information units of the password.

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

Abstract: Provided is a process including: receiving, with an intermediary server, a request to access web content at a web server; submitting, from the intermediary server a value by which possession of an access credential is demonstrated, wherein the value is withheld from the client web browser; receiving, by the intermediary web browser, instructions to store in web browser memory an access token; and sending, from the intermediary server, to the client web browser executing on the client computing device, instructions to store the access token in browser memory of the client web browser, thereby authenticating the client web browser without the client web browser having access to the value by which possession of the access credential is demonstrated.

Abstract: A subscription-based personal medical information storage device comprises a data storage unit comprising a computer readable storage medium configured to store medical and non-medical information of a user, and facilitate the retrieval of medical and non-medical information of the user from a remote medical information storage device. The data storage unit is configured to automatically run an authentication routine upon connection with the general purpose computing device to confirm that the personal medical information storage device is neither lost nor stolen before granting access thereto. A communication module is configured to facilitate a communication connection with the remote medical information storage device, and wherein the remote medical information storage device comprises an advertisement module.

Abstract: A method and system for use in distributing token records is disclosed. At least one token record comprises a unique seed associated with a one-time password (OTP) token. An encryption key and a corresponding decryption key are generated for assisting selective encryption and decryption of a token record associated with a OTP token. The encryption key and the decryption key being unique to an end user of the token record. The token record is encrypted with the assistance of the encryption key. One of the decryption key and the encrypted token record is provided to the end user of the token record. The other of the decryption key and the encrypted token record is provided to the end user in response to secure receipt of the one of the decryption key and the encrypted token record by the end user. The encrypted token record can be decrypted with the assistance of the decryption key.

Abstract: Policy changes are propagated to access control devices of a distributed system. The policy changes are given immediate effect without having to wait for the changes to propagate through the system. A token encodes the policy change and can be provided in connection with access requests. Before an access control device has received a propagated policy change, the access control device can evaluate a token provided in connection with a request to determine, consistent with the policy change, whether to fulfill the request.

Abstract: In one example, a wearable device includes one or more processors, a plurality of communication components, one or more motion sensors configured to detect motion of the wearable device and generate, based on the detected motion, motion data, and a storage device configured to store at least one module. The at least one module may be operable by the one or more processors to: responsive to determining that the wearable device is not connected to the computing device using the first communication technology, determine, based on the motion data, whether the wearable device is currently being worn, and responsive to determining that the wearable device is currently being worn, establish the wireless connection to the computing device using the second communication component.

Abstract: A password verifying method includes the following steps: providing a plurality of interactive regions in which several known password characters are arranged and shown randomly, at least one interactive region containing at least two characters; accepting selection of one of said plurality of interactive regions by a user, and after selection of one of the interactive regions by the user, randomly re-distributing said several known password characters into said interactive regions for subsequent selection by the user; and comparing characters contained in a predefined password sequence with characters contained in the interactive regions selected by the user, and outputting a signal representing a successful password verification when each character contained in the password sequence is identical to corresponding ones of the characters shown in respective ones of the interactive regions selected by the user.

Abstract: Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.

Abstract: Methods, systems, and products create anonymous loan documents. Electronic loan documents are prepared for a borrower of a loan. An anonymous shadow copy of the electronic loan documents is generated that removes personally identifying information, such as names, addresses, and social security numbers. The anonymous shadow copy of the electronic loan documents may then be electronically published.

Abstract: An audio/video content management apparatus, for use with an external hard drive, includes a control circuit that performs a trust token generation operation. The trust token generation operation includes obtaining first identification information and hard drive identification information, encrypting and combining the first identification information and the hard drive identification information as a trust token, and sending the trust token to the external hard drive. The control circuit also performs a trust token validation operation including obtaining the first identification information, the hard drive identification information, and the trust token from the external hard drive.

Abstract: An approach for improving mobile device security is provided. The approach configures a passcode for accessing a mobile device, wherein configuring the passcode includes incorporating one or more hardware buttons into the passcode, such that the one or more hardware buttons are relevant when entering the passcode to gain entry to the mobile device. The approach receives a passcode attempt on the mobile device, wherein the passcode attempt includes a combination of one or more touch screen buttons and at least one of the one or more hardware buttons. The approach determines whether the passcode attempt matches the passcode. Responsive to a determination that the passcode attempt does not match the passcode, the approach denies access to the mobile device.

Abstract: The present disclosure includes a system, method, and article of manufacture for lossless compression of data and high speed manipulation of the data. The method may comprise associating a customer with a plurality of levels, and counting, in near real time, a number of transactions at each level in the plurality of levels based on a transaction history of the customer at each of a plurality of merchants. The method may further comprise counting the number of transactions during a time period. Similarly, the method may comprise determining an opportunity comprising an offer based upon the counting, determining an opportunity based upon a count indicating a transaction by the customer with a merchant, and/or determining an opportunity with a first merchant based upon a count indicating a transaction by the customer with a second merchant.

Abstract: Apparatuses and methods for changing a financial account after initiating a payment using a proxy object, such as a proxy card, are disclosed. The proxy card is associated with multiple financial accounts, such as accounts associated with credit cards, debit cards, and pre-paid gift cards. A consumer presents the proxy card to a merchant to make a payment, and the merchant swipes the proxy card and processes the payment by sending transaction information to a financial system. A computer system associated with the financial system selects a payment account associated with the proxy card to use for the payment, and an authorization for the transaction is obtained. Later, the consumer is given a limited time within which he may change the financial account used for the payment, such as by using his mobile device to select a different account associated with the proxy card to use to obtain funds for the payment.

Abstract: In a network authentication method, a client device stores a reference first private key portion obtained by encrypting a first private key portion of a private key. The private key and a public key cooperatively constitute an a symmetric key pair. After receipt of a second private key portion of the private key, the client device generates a digital signature for transaction data using a current key which combines the second private key portion and a current key portion obtained by decrypting the reference first private key portion. A verification server verifies, based on the public key, whether a received digital signature is signed with the private key, and obtains the transaction data when verification result is affirmative.

Abstract: Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.

Abstract: A method, system, and medium are provided for facilitating development of an application by a user for a mobile communications device. A portion of programmatic code provided by the user is retrieved and a classification corresponding to the code is determined. A set of rules comprising a use restriction associated with a protected application component is referenced to determine whether the code classification corresponds to a use restriction. Incident to identifying an associated use restriction, feedback is presented to the user that indicates that the portion of code corresponds to a use restriction.

Abstract: Resource restrictions are associated with a user identifier. A resource restriction agent receives operating system calls related for resources and provides resource request data to a resource agent. The resource agent determines whether the resource is restricted based on the resource request data and resource restriction data and generates access data based on the determination. The resource restriction agent grants or denies the system call based on the access data.

Abstract: A security device may receive a request from a client device and intended for a server device. The security device may identify the request as being associated with a malicious activity. The malicious activity may include one or more undesirable tasks directed to the server device. The security device may generate a challenge-response test based on identifying the request as being associated with the malicious activity. The challenge-response test may be generated using one or more construction techniques. The security device may provide the challenge-response test to the client device. The security device may receive, from the client device, a proposed solution to the challenge-response test. The security device may identify the proposed solution as being generated using an optical character recognition (OCR) program. The security device may protect the server device from the client device based on identifying the solution as being generated using an OCR program.

Abstract: An electronic device uses a voiceprint for user authentication, and includes a storage unit, a voice input unit, and at least one processor. The storage unit registers a first voiceprint based on first voice corresponding to a first character string and a second voiceprint based on second voice corresponding to a second character string longer than the first character string. The at least one processor generates a third voiceprint from third voice input to the voice input unit after registration of the voiceprint in the storage unit, and makes a first comparison between the first voiceprint and the third voiceprint as first user authentication. The at least one processor generates a fourth voiceprint from fourth voice input to the voice input unit after the third voice, and makes a second comparison between the second voiceprint and the fourth voiceprint, when the first user authentication has failed.

Abstract: A network traffic monitoring system for redirecting network traffic between a client device and a cloud service includes a monitor proxy server configured as a network intermediary between the client device and the cloud service; and a published identity provider. The published identity provider is configured to receive a login request from a client device and to authenticate the client device at a federated identity provider. The published identity provider is configured to receive from the federated identity provider a redirect response including an identity assertion and a redirect web address to the cloud service. The published identity provider is configured to rewrite the redirect web address to the web address of the monitor proxy server. As a result, network traffic between the cloud service and the client device is routed through the monitor proxy server after user authentication using the published identity provider.

Abstract: A communication device according to the present invention aims to restart data transmission/reception between communication devices in a short amount of time, without performing key sharing again, even when a communication device of a transmitting side is rebooted. The communication device includes a volatile memory storing a count value, a generator generating data including a count value, a communicator transmitting data to another communication device, a storage instructor, each time the communicator transmits data, updating the volatile memory with a count value, and a nonvolatile memory. A count value is incremented each time the communicator transmits data, the storage instructor causes the nonvolatile memory to store a count value at certain intervals, and the generator, when the communication device is rebooted, includes in data a sum of a certain value and a count value stored in the nonvolatile memory.

Abstract: A computer-implemented method for creating security profiles may include (1) identifying, within a computing environment, a new actor as a target for creating a new security behavior profile that defines expected behavior for the new actor, (2) identifying a weighted graph that connects the new actor as a node to other actors, (3) creating, by analyzing the weighted graph, the new security behavior profile based on the new actor's specific position within the weighted graph, (4) detecting a security anomaly by comparing actual behavior of the new actor within the computing environment with the new security behavior profile that defines expected behavior for the new actor, and (5) performing, by a computer security system, a remedial action in response to detecting the security anomaly. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A wearable computer interface comprising a three dimensional (3D) range camera and a picture camera that image the user and a controller that process the images to identify the user and determine if the user is authorized to use the interface to access functionalities provided by a computer interfaced by the interface.

Abstract: A method for performing a secure transaction between a secure device (2) and a terminal (4), the method being carried out by the secure device (2) and comprising the steps of: receiving transaction data from the terminal (4), characterized in that it comprises, before the step of receiving transaction data from the terminal (4), the steps of obtaining transaction data entered by a user of the secure device (2), and transmitting the transaction data to the terminal (4).

Abstract: Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.

Abstract: An architecture for a multimedia search system is described. To perform similarity matching of multimedia query frames against reference content, reference database comprising of a cluster index using cluster keys to perform similarity matching and a multimedia index to perform sequence matching is built. Methods to update and maintain the reference database that enables addition and removal of the multimedia contents, including portions of multimedia content, from the reference database in a running system are described. Hierarchical multi-level partitioning methods to organize the reference database are presented. Smart partitioning of the reference multimedia content according to the nature of the multimedia content, and according to the popularity among the social media, that supports scalable fast multimedia identification is also presented.

Abstract: Some described embodiments relate to techniques for editing markup elements of a markup language document to emphasize a portion of the visible content elements of the markup language document. The techniques may be implemented in any suitable manner, including via scripting language code (e.g., JavaScript) that is incorporated into the markup language document but is not preconfigured with information regarding the markup language document or any other markup language document. The scripting language code may perform the editing automatically, and based on an automatic analysis of markup elements of the markup language document. Some embodiments may include determining the portion of the markup language document to be emphasized by identifying content of interest to a user, including by determining a set of related content through analyzing a structure of markup elements of the markup language document and/or layout of visible content elements of the markup language document.

Abstract: A method and system to regulate a digital security system that controls access to a resource is disclosed. The system controls access to the resource according to a multi-level security protocol including a high-security-level access protocol and a low-security-level access protocol. The regulation method and system are configured to collect data from a set of user-data sources with which the user interacts during his daily life and, based on the collected data, to compute security parameters characterizing user activity. The computed security parameters are compared to a digital profile that models the characteristic behavior of this user. When the comparison indicates that the observed user activity is inconsistent with the digital behavior profile, the digital security system is regulated to set (or maintain) it in an operating state such that, when the user requests access to the resource in the future, the system will automatically implement the high-security-level access protocol.

Abstract: A device control method used in a device control system in which an operation terminal is used to remotely operate a device with a server device mediating between the operation terminal and the device, the device control method including: acquiring, upon reception of an operation instruction for operation of the device from the operation terminal, environment information pertaining to at least one of the device and the operation terminal; performing a determination of whether or not to cause execution of processing corresponding to the operation instruction based on whether or not the environment information satisfies a predetermined condition; and causing the device to execute an execution command for execution of the processing when a result of the determination is affirmative, and not causing the device to execute the execution command when the result of the determination is negative.

Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.