Abstract: A system for providing an application associated with a portable communication device the ability to communicate via a secure element. The system has a digital identifier and digital token operably associated with the application; a card services module that provides an application programming interface to the secure element; and a secure data table associated with the card services module. The secure data table includes a list of trusted applications each identifiable by paired digital identifier and token. The card services module [includes] compares the identifier and the token with each of the identifier-token pairs in the table until a match indicates the application is trusted. The card services module issues commands to the secure element based on an action requested by a trusted application in conjunction with the presentation of the digital token. A method of providing an application with the ability to communicate via secure element is also disclosed.

Abstract: An authentication method requires receiving an order from a server to perform an act which is then verified by the server for liveness. The act may comprise shining a color on an object such as the face of the user, holding a flash at a particular location or a combination of these and other similar acts.

Abstract: A computer-implemented method for securing data and computer systems is described. In one embodiment, a request to connect to a server is received at an intermediary network device. It is detected, at the intermediary network device, that the server uses a one-time password (OTP) protocol. Based at least in part on the detecting that the server uses an OTP protocol, an action is performed by the intermediary network device. The action may include blocking, at the intermediary network device, a connection other than the connection to the server that uses the OTP protocol.

Abstract: The security and privacy of a user is enhanced by distinguishing between potentially sensitive information and non-sensitive information being displayed on a display of a computing device. In an embodiment, potentially sensitive information on a display is identified by parsing information to be displayed. A front-facing camera of the user's computing device is used to monitor the user's background and compare any changes to a threshold amount. In response to a detected change in the background, actions are taken to alert the user or reduce the visibility of identified potentially sensitive information shown on the display screen.

Abstract: Methods and apparatuses for controlling access to computer systems and for annotating media files. One embodiment includes a method including generating a challenge to a user, wherein the challenge includes a verify part and a read part. The methods also includes prompting the user to solve both the verify part of the challenge and the read part of the challenge; receiving input from the user; determining if the input from the user relative to the verify part of the challenge corresponds with the known answer for the verify part of the challenge; and identifying the input from the user relative to the read part of the challenge as an answer to the read part of the challenge, if the input from the user relative to the verify part of the challenge corresponds with the known answer for the verify part of the challenge.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity as a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines its acceptability. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset embodying the user's privacy preferences regarding the disclosure of identity information. Based on the evaluation results, the user can either approve or disapprove the privacy policy, and decide whether to proceed with disclosure of the user identity.

Abstract: An information processing system includes an electronic device; a service providing system including information processing devices connected to the image forming device via a network; a single sign on unit configured to send a request from the electronic device to the service providing system, to acquire authentication information of an external service that performs a process in cooperation with an application operating in the image forming device; an access control unit configured to receive the request from the single sign on unit whose validity has been confirmed, based on a result obtained by using identification information of the single sign on unit, in the service providing system; and a data management unit configured to acquire the authentication information of the external service from a storage unit based on the request from the single sign on unit that is valid, and to provide the authentication information of the external service to the single sign on unit via the access control unit.

Abstract: A method, system, and computer accessible medium are disclosed for launching an application authentication policy (AAP) application on a computing device, enabling the device for use as a personal device of a user if the user is authenticated by the AAP application, and otherwise enabling the device for use as a non-personal device that provides only basic functionality but protects other users' personal data and applications.

Abstract: This document describes policies for digital rights management that enable distribution of full-function versions of applications that, while fully functional, have functions limited by an associated policy. A policy may be replaced or updated, thereby enabling use of previously limited functions without distribution of another version of the application.

Abstract: A method for opening a virtual disk comprises reading information from a metadata file that identifies the current owner of the virtual disk. The method further includes sending a release request to the current owner of the virtual disk to release the virtual disk, writing information to the metadata file identifying the new owner, and then opening the virtual disk.

Abstract: A method for authenticating a user seeking access to first and second resources that have different authentication levels. The method includes receiving a primary token that is associated with a first authentication event of the user and authenticates the user to access the first resource, and receiving a first request to access the second resource. The method further includes receiving first credentials of the user. The method further includes, responsive to validating the first credentials, generating a second authentication event, associating the second authentication event with the primary token, and issuing a first secondary token that authenticates the user to access the second resource.

Abstract: An operation for an operation unit is detected. If the operation is detected and a communication unit executes close proximity wireless communication with an external apparatus, a confirmation screen for confirming execution of processing corresponding to the operation for the operation unit is displayed.

Abstract: Disclosed herein are a resource control service, system, method and architecture. A client device's resource access is limited to an approved resource, or resources. A request for a resource is directed to a resource control service that determines whether or not to grant access to the requested resource. Where a determination is made to grant access to the resource, a response is transmitted to the client device, the response redirecting the client device to a second URI for the approved version of the requested resource. The response can be used by the client device request the resource from the location identified in the response.

Abstract: Disclosed are systems and method for encrypted transmission of web pages. One exemplary method comprises: receiving, by a proxy server, a web page requested by a user device; analyzing, by a hardware processor of the proxy server, the received web page to identify code of elements of the web page; selecting one or more identified elements of the web page for encryption; encrypting, by the hardware processor, the code of the one or more selected elements; generating, by the hardware processor, a script containing the encrypted code of the one or more selected elements; modifying the web page, by the hardware processor, by replacing in the web page the code of the one or more selected elements with the script containing the encrypted code of said one or more selected elements; and transmitting, by the proxy server, the modified web page to the user device.

Abstract: Provided is an input/output device, including: a touch unit that is touched by a human body; an information processing unit that performs information processing based on a touch made on the touch unit by the human body; and a human-body communication unit that performs human-body communication by using the human body touching the touch unit as a path.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: A multi-functional device configured to receive a function execution request transmitted from a terminal device without using a driver program, transmit a relation information request for requesting transmission of user relation information to the terminal apparatus, in a case where the function execution request not including individual relation information relating to individual identification information is received from the terminal apparatus, and control a specific function engine of the multi-functional device to execute a specific function, in a case where the function execution request including individual relation information relating to individual identification information is received from the terminal apparatus in response to the transmitting of the relation information request to the terminal apparatus and on condition that individual permission information associated with the individual identification information in a table indicates that use of the specific function is permitted.

Abstract: Described are techniques for processing inputs. A plurality of rules engines is provided. Each of the rules engines is written in a different programming language. Input validation processing is performed of a first set of one or more inputs by a first of the plurality of rules engines using a first portion of a set of validation rules. Input validation processing is performed for the first set of one or more inputs by a second of the plurality of rules engines using the first portion of validation rules.

Abstract: A technique allows a client computing system with a web browser to receive a web page in response to transmitting a request for content. The web page may include active content, html data and cascading style sheets (CSS). In embodiments, a gateway device may rewrite the web page dynamically by rewriting node identifiers and class names, removing and separating client-side scripts from html data and CSS data, and blocking or disabling execution of the client-side scripts if these scripts contain vulnerable code. A web page may be rewritten based on analysis information provided by a third-party or analyzed at the gateway device.

Abstract: Distribution of verification of passwords for electronic account. Password verification is distributed (divided) across multiple entities to reduce potential exposure in the event of a server exposure.

Abstract: A service provision system includes: a management information storage unit that stores management information for managing user identification information, device identification information, and service identification information in association with one another; an authentication information receiving unit that receives authentication information including user authentication information and device authentication information from a device connected via a network; a service specifying unit that specifies, when the authentication information is authenticated by an authentication unit, a service associated with the authentication information based on the authentication information and the management information; and a first execution unit that receives a use request of a mail distribution service from the first device connected via the network, composes a mail according to the use request of the mail distribution service received from the first device, and distributes the composed mail to a previously specified

Abstract: A system and method including defining at least one device authentication policy; at a policy engine, initializing authentication policy processing for an authenticator device; collecting device status assessment; evaluating policy compliance of the device status assessment to an associated defined device authentication policy; and enforcing use of the authenticator device according to the policy compliance.

Abstract: A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the permission within the local area network, (4) receiving, via the Internet connectivity, a request by the guest user from outside the local area network to access the device, and (5) providing access to the device in response to validating the request based on the shared secret and the permission. Various other methods and systems are also disclosed.

Abstract: A system for analyzing and modifying passwords in a manner that provides a user with a strong and usable/memorable password. The user would propose a password that has relevance and can be remembered. The invention would evaluate the password to ascertain its strength. The evaluation is based on a probabilistic password cracking system that is trained on sets of revealed passwords and that can generate password guesses in highest probability order. If the user's proposed password is strong enough, the proposed password is accepted. If the user's proposed password is not strong enough, the system will reject it. If the proposed password is rejected, the system modifies the password and suggests one or more stronger passwords. The modified passwords would have limited modifications to the proposed password. Thus, the user has a tested strong and memorable password.

Abstract: In some examples, methods and systems may process one or more payment transactions between a merchant and a customer by registering, by a biometric sensor of a payment object reader or a mobile device, a biometric characteristic as a biometric payment instrument, for example by obtaining data corresponding to a biometric characteristic of the customer. The data is converted into a digital signature of the biometric characteristic and compared with a registered biometric instrument at the time of transaction. If a match is obtained, the customer effects payments through the registered biometric instrument.

Abstract: A network component is provided. The network component is configured to receive a handover context from a first access network device. The network component is capable of sending a first proxy binding update message to a second access network device to initiate a proxy care-of test; receiving a care-of keygen token from the second access network device in response to the first proxy binding update. The network component is configured to send a second proxy binding update message in response to the care-of keygen token to the second access network device to initiate a complete proxy binding update exchange. The network component is configured to receive a proxy binding acknowledge (PBA) message from the second access network device to establish a direct route between the network component and the second access network device.

Abstract: The present invention provides a method for safely recovering, protecting, and reading short term memory devices, such as DRAM modules, following their immediate removal from a system after it powers down. By providing power and appropriate control signals, the present invention stabilizes the memory and allows it to be safely read.

Abstract: Provided is an apparatus for encrypting data including a key determiner configured to determine a cipher key for white-box cryptography (WBC)-based encryption and a symmetric key different from the cipher key and an encrypter configured to generate a ciphertext of the data using the WBC-based encryption and symmetric-key-based encryption with the symmetric key.

Abstract: Methods and apparatus are provided, such as a memory card with a processor and nonvolatile memory coupled thereto. The nonvolatile memory has a secure area configured to store a user password and a serial number in encrypted form. The card is configured to grant access to the secure area when the card receives a password that matches the stored user password and the card is coupled to a system having the serial number.

Abstract: This document describes techniques for identifying trusted websites. In one embodiment, a computer system can receive a request from user to access a website and a private image and a public image wherein the public image and the private image are associated with a user account that enables the user to access the website. The computer system then embeds the private image in the public image to create a combined image and transmits the combined image to a client device for processing. The computer system can then receive a confirmation from the user that at least the private image embedded in the combined image is verified.

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: A system and method for exchanging data among partitions of a storage device is disclosed. For example, data stored in a first partition is exchanged with an application included in the first partition or with a second application included in a second partition. In one embodiment, the second application is associated with a global certificate while the first application is associated with a different platform certificate. A verification module included in the first partition receives a request for data and determines if the request for data is received from the first application. If the request for data is not received from the first application, the verification module determines whether the request is received from the second application and whether the global certificate is an authorized certificate. For example, the verification module determines whether the global certificate is included in a listing of authorized certificates.

Abstract: A method is disclosed for migrating a client domain involving identifying a user account entry in a client domain's password table, where the entry includes a user identifier and a first hashed password value, where the first hashed password value is derived from hashing a user password with a client domain hash algorithm. The first hashed password value is re-hashed using a multi-tenant system hash algorithm to obtain a second hashed password value. Another user account entry is created and stored in a multi-tenant system password table along with the second hashed password value and metadata from which the client domain hash algorithm can be determined.

Abstract: In a computing environment a request is received from a computing device associated with a user, requesting access to one or more computing resources. An approximate geographic location of the computing device is determined based on geographic information associated with the computing device. Access to the requested one or more computing resources is allowed based on the approximate geographic location of the computing device and geographic policy information for the user.

Abstract: Systems and methods are disclosed for manipulating electronic multimedia content to a user. One method includes generating a plurality of biometric models, each biometric model corresponding to one of a plurality of people; receiving electronic media content over a network; extracting image or audio data from the electronic media content; detecting biometric information in the image or audio data; and calculating a probability of the electronic media content involving one of the plurality of people, based on the biometric information and the plurality of biometric models.

Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: Method and system for distributing token records in market environment is disclosed. At least one token record comprising a unique seed associated with a OTP token. Encryption key and decryption key are generated for assisting selective encryption and decryption of token record associated with OTP token. The token record is encrypted with the assistance of encryption key. One of encrypted token record and decryption key is provided into market environment. A device comprising an identifier for facilitating identification of token record associated with OTP token is provided into market environment together with the one of encrypted token record and decryption key. The identifier concealed by tamper-evident removable material such that any effort to reveal identifier will be readily apparent. The other of the encrypted token record and decryption key is provided to an entity in response to entity providing identifier.

Abstract: A method of processing requests for different digital services hosted by respective service entities is disclosed. The method including steps of receiving a request packet from a communication device, the request packet includes source and destination identifiers, determining which one of the different digital services the communication device is requesting a service, based on the destination identifier, authenticating the request packet based on the source identifier to determine an access permission of the communication device for accessing the determined digital service, and if the access permission is granted, modifying the request packet and forwarding the modified request packet based on the destination identifier to the determined digital service for processing.

Abstract: Managing website access for a user who is initially not logged in to the website includes: receiving a request sent by the user via a client to access a webpage that requires the user to log into the website, the request comprising an original page address of the webpage; encoding at least a portion of the original page address to generate an encoded portion; generating a short address that includes the encoded portion; redirecting the client using the short address; maintaining a mapping of at least the encoded portion and the original page address; redirecting the client to a login server for the user to perform login using a login address that is based at least in part on the short address; redirecting the client based at least in part on the short address; and determining the original page address.

Abstract: Disclosed is a portable storage device including a fingerprint sensor, a fingerprint data processing unit, a data repository, a data processing unit and the like. The fingerprint data processing unit outputs a fingerprint matching signal when fingerprint information received from the fingerprint sensor matches authentication fingerprint information of the fingerprint data repository. If the fingerprint matching signal is received from the fingerprint data processing unit, the data processing unit retrieves a data requested by the user terminal from the data repository, converts the retrieved data into a read-only data and transmits the read-only data to the user terminal.

Abstract: Technology is disclosed for sharing an authentication profile of a user between a group of user devices for accessing an access restricted computing environment (“the technology”). The access restricted computing environment can require the user to input authentication information, such as a username, password, or answers to challenge questions, to authenticate the user. For example, to access a wireless network on a first user device, a user may have to input a password for the wireless network. To access the same wireless network on a second user device, the user may have to input the password again on the second user device. The technology facilitates the user to obtain the authentication information required to access the wireless network from another user device, e.g., a device from which the user has accessed the wireless network previously. This can eliminate the need for the user to manually input the authentication information repeatedly.

Abstract: System and methodology that utilizes keyboard patterns and alpha string patterns for password cracking. Keyboard patterns can be used as components of passwords, and the relevant shapes can extracted from these keyboard patterns and passwords. This keyboard information can be used to extend a probabilistic context-free grammar that can then be used to generate guesses containing keyboard patterns. Further, patterns in alpha strings, such as repeated words and multi-words, can be systematically learned using a training dictionary. This information can be used to extend the probabilistic context-free grammars which leads to generation of guesses based on the distribution of these patterns in the alpha strings, Keyboard patterns and alpha string patterns, individually and in combination, are shown herein to be effective for password cracking.

Abstract: A computer implemented method, system and product comprising establishing a lease contract for an analytic subscription, defining an analytic subscription as an evaluation that is passed to a provider that provides a Boolean evaluation model and a potential true/false event expression, receiving, via the bus, events from the systems of records until the expiration of the lease; and rejecting during a specified period of time events received from the systems of record after the expiration of the lease period.

Abstract: In one embodiment, the disclosure is directed to an integrated mouse and mass memory storage device (herein, memory storage device). In another embodiment, the disclosure is directed to a Bluetooth mouse having an integrated memory storage device. In still another embodiment, the disclosure relates to a controller for transmitting one or more storage data packets along with one or more mouse data packets from an BT mouse having an integrated mass memory storage.

Abstract: A validating device receives, from a client device associated with a user, a representation for a first credential associated with the user. The validating device validates the representation for the first credential associated with the user based on data derived from the representation for the first credential associated with the user and identification data associated with the validating device. The validating device obtains a first set of data associated with the user and a second set of data associated with the user. The second set of data is different from the first set of data. The first set of data is obtained based on verifying the identification data associated with the validating device. Obtaining the second set of data is independent of verifying the identification data associated with the validating device.

Abstract: Apparatuses and methods are provided for executing a function corresponding to a handwritten user input at the same time as providing a handwritten unlock command on a lock screen of an electronic device. The apparatus includes a touch screen that displays a lock screen including a first layer for unlocking the lock screen and a second layer that is laid over the first layer, and a controller that verifies that an unlock command is the same as a predetermined unlock command in response to the unlock command being input to the first layer, to display the second layer in response to the unlock command being the same as the predetermined unlock command, and to search for a command corresponding to a handwritten user input that is input to the second layer to execute the command.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: The described embodiments comprise an electronic device that executes an application, the electronic device including a processing subsystem. In these embodiments, the processing subsystem is configured to acquire a receipt associated with the application, wherein the application was purchased by a purchasing entity and installed on the electronic device after being assigned to a user of the electronic device by the purchasing entity. The processing subsystem is further configured to determine, using the receipt, if the application has expired. When the application has not expired, The processing subsystem is configured to execute the application with predetermined functions of the application enabled. When the application has expired, The processing subsystem is configured to execute the application with the predetermined functions of the application disabled.