Abstract: Systems and methods are disclosed for manipulating electronic multimedia content to a user. One method includes generating a plurality of biometric models, each biometric model corresponding to one of a plurality of people; receiving electronic media content over a network; extracting image or audio data from the electronic media content; detecting biometric information in the image or audio data; and calculating a probability of the electronic media content involving one of the plurality of people, based on the biometric information and the plurality of biometric models.

Abstract: In a computing environment a request is received from a computing device associated with a user, requesting access to one or more computing resources. An approximate geographic location of the computing device is determined based on geographic information associated with the computing device. Access to the requested one or more computing resources is allowed based on the approximate geographic location of the computing device and geographic policy information for the user.

Abstract: A user equipment in a communications system, the user equipment comprising: a memory arranged to store at least one identifier associated with the user equipment; a transceiver arranged to communicate with a node in the communication system, wherein the transceiver is arranged to receive the at least one identifier from the node in the communications system, wherein the at least one identifier is used by the user equipment to authenticate the user equipment to at least one further node in the communications system.

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: Method and system for distributing token records in market environment is disclosed. At least one token record comprising a unique seed associated with a OTP token. Encryption key and decryption key are generated for assisting selective encryption and decryption of token record associated with OTP token. The token record is encrypted with the assistance of encryption key. One of encrypted token record and decryption key is provided into market environment. A device comprising an identifier for facilitating identification of token record associated with OTP token is provided into market environment together with the one of encrypted token record and decryption key. The identifier concealed by tamper-evident removable material such that any effort to reveal identifier will be readily apparent. The other of the encrypted token record and decryption key is provided to an entity in response to entity providing identifier.

Abstract: Disclosed is a portable storage device including a fingerprint sensor, a fingerprint data processing unit, a data repository, a data processing unit and the like. The fingerprint data processing unit outputs a fingerprint matching signal when fingerprint information received from the fingerprint sensor matches authentication fingerprint information of the fingerprint data repository. If the fingerprint matching signal is received from the fingerprint data processing unit, the data processing unit retrieves a data requested by the user terminal from the data repository, converts the retrieved data into a read-only data and transmits the read-only data to the user terminal.

Abstract: Managing website access for a user who is initially not logged in to the website includes: receiving a request sent by the user via a client to access a webpage that requires the user to log into the website, the request comprising an original page address of the webpage; encoding at least a portion of the original page address to generate an encoded portion; generating a short address that includes the encoded portion; redirecting the client using the short address; maintaining a mapping of at least the encoded portion and the original page address; redirecting the client to a login server for the user to perform login using a login address that is based at least in part on the short address; redirecting the client based at least in part on the short address; and determining the original page address.

Abstract: A method of processing requests for different digital services hosted by respective service entities is disclosed. The method including steps of receiving a request packet from a communication device, the request packet includes source and destination identifiers, determining which one of the different digital services the communication device is requesting a service, based on the destination identifier, authenticating the request packet based on the source identifier to determine an access permission of the communication device for accessing the determined digital service, and if the access permission is granted, modifying the request packet and forwarding the modified request packet based on the destination identifier to the determined digital service for processing.

Abstract: Technology is disclosed for sharing an authentication profile of a user between a group of user devices for accessing an access restricted computing environment (“the technology”). The access restricted computing environment can require the user to input authentication information, such as a username, password, or answers to challenge questions, to authenticate the user. For example, to access a wireless network on a first user device, a user may have to input a password for the wireless network. To access the same wireless network on a second user device, the user may have to input the password again on the second user device. The technology facilitates the user to obtain the authentication information required to access the wireless network from another user device, e.g., a device from which the user has accessed the wireless network previously. This can eliminate the need for the user to manually input the authentication information repeatedly.

Abstract: A validating device receives, from a client device associated with a user, a representation for a first credential associated with the user. The validating device validates the representation for the first credential associated with the user based on data derived from the representation for the first credential associated with the user and identification data associated with the validating device. The validating device obtains a first set of data associated with the user and a second set of data associated with the user. The second set of data is different from the first set of data. The first set of data is obtained based on verifying the identification data associated with the validating device. Obtaining the second set of data is independent of verifying the identification data associated with the validating device.

Abstract: System and methodology that utilizes keyboard patterns and alpha string patterns for password cracking. Keyboard patterns can be used as components of passwords, and the relevant shapes can extracted from these keyboard patterns and passwords. This keyboard information can be used to extend a probabilistic context-free grammar that can then be used to generate guesses containing keyboard patterns. Further, patterns in alpha strings, such as repeated words and multi-words, can be systematically learned using a training dictionary. This information can be used to extend the probabilistic context-free grammars which leads to generation of guesses based on the distribution of these patterns in the alpha strings, Keyboard patterns and alpha string patterns, individually and in combination, are shown herein to be effective for password cracking.

Abstract: In one embodiment, the disclosure is directed to an integrated mouse and mass memory storage device (herein, memory storage device). In another embodiment, the disclosure is directed to a Bluetooth mouse having an integrated memory storage device. In still another embodiment, the disclosure relates to a controller for transmitting one or more storage data packets along with one or more mouse data packets from an BT mouse having an integrated mass memory storage.

Abstract: A computer implemented method, system and product comprising establishing a lease contract for an analytic subscription, defining an analytic subscription as an evaluation that is passed to a provider that provides a Boolean evaluation model and a potential true/false event expression, receiving, via the bus, events from the systems of records until the expiration of the lease; and rejecting during a specified period of time events received from the systems of record after the expiration of the lease period.

Abstract: Apparatuses and methods are provided for executing a function corresponding to a handwritten user input at the same time as providing a handwritten unlock command on a lock screen of an electronic device. The apparatus includes a touch screen that displays a lock screen including a first layer for unlocking the lock screen and a second layer that is laid over the first layer, and a controller that verifies that an unlock command is the same as a predetermined unlock command in response to the unlock command being input to the first layer, to display the second layer in response to the unlock command being the same as the predetermined unlock command, and to search for a command corresponding to a handwritten user input that is input to the second layer to execute the command.

Abstract: Online retailers may operate one or more services configured to detect requests generated by automated agents. A CAPTCHA may be transmitted in response to requests generated by automated agents. The CAPTCHAs may be included in a modal pop-up box configured to be displayed by a client application displaying a webpage to a customer of the online retailer. Furthermore, the CAPTCHAs included in the modal pop-up box may be rendered inactive and caused not to be displayed by client application executing the webpage. Rendering the CAPTCHAs inactive may provide an additional signal which may be sued to update one or more automated agent detection models.

Abstract: The described embodiments comprise an electronic device that executes an application, the electronic device including a processing subsystem. In these embodiments, the processing subsystem is configured to acquire a receipt associated with the application, wherein the application was purchased by a purchasing entity and installed on the electronic device after being assigned to a user of the electronic device by the purchasing entity. The processing subsystem is further configured to determine, using the receipt, if the application has expired. When the application has not expired, The processing subsystem is configured to execute the application with predetermined functions of the application enabled. When the application has expired, The processing subsystem is configured to execute the application with the predetermined functions of the application disabled.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: An information processing apparatus is provided. The processing apparatus includes a first acquiring unit that acquires information for specifying an operator, an operator authenticating unit that authenticates the operator, a first determining unit that determines whether information on the operator is continuously acquired, a second acquiring unit that acquires information for specifying a checker, a checker authenticating unit that authenticates a checker corresponding to the operator, a second determining unit that determines whether information on the checker is continuously acquired, and a controller that controls a processing apparatus to execute processing, on the condition that the operator is authenticated and the checker is authenticated.

Abstract: A security aware email server and a method of managing incoming email are described. The server includes a memory device configured to store rules, instructions, and user preferences. The processor makes a determination of whether a sender of an incoming email used a secure or unsecure sending network to send the email and determines an action to take with the email based on the determination and the user preferences.

Abstract: A mobile device may include an authenticator and a processor. The authenticator may generate an authorization request with a secure token to access a server. The processor may access the server using an authorization token, if the authenticator receives the authorization token in response to the authorization request. The authenticator may embed the authorization request with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if the authorization token should be given to the mobile device.

Abstract: Embodiments relate to systems and methods for establishing isolation between content hosting services executing on a common support server. In aspects, a server virtualization platform can operate on a common physical support server to instantiate, configure, and operate a set of virtual servers. The set of virtual servers can, for instance, be used to run independent Web sites or other locations or services. The data available to each process on each virtual server can be encoded using an SELinux™ label including an MCS (multi-category security) category or categories uniquely identifying that process. Isolation of the potentially sensitive data for multiple Web sites and/or their content hosted on a common physical server can therefore be enforced, since each process operating on each virtual server is restricted to only access and manipulate data objects or other entities having matching MCS category information identified on that baremetal support server.

Abstract: A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.

Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.

Abstract: A method for changing the status, locked or unlocked, of a target machine including a security service and a session management module includes receiving, by the security service, a query corresponding to a request to change the status of the target machine, the query including at least one piece of identification information from a user of a source machine; from the security service, verifying if access rights to the target machine related to the user of the source machine allow a change in the status of the target machine by the user; if so, sending, from the security service, a status change message to the session management module of the target machine and proceeding to the status change made by the session management module.

Abstract: An information processing apparatus which communicates with an external apparatus having a face authentication function, comprises a unit which acquires a type of the authentication function of the external apparatus from the external apparatus; a unit which receives image data held in the external apparatus and a face feature amount used by the external apparatus for the authentication function; and a unit which controls, in accordance with a result of comparing a type of a face authentication function of the information processing apparatus with the type of the authentication function of the external apparatus, whether to use the received face feature amount for the authentication function of the information processing apparatus, or to re-generate, from the received image data, a face feature amount corresponding to the type of the authentication function of the information processing apparatus.

Abstract: Techniques for securing a device for use in or with a process plant include provisioning the device with a key generated at least in part from data indicative of necessary conditions and/or attributes that must be met before the device is allowed access to a network of the process plant. Upon initialization, the device determines, based on the key, whether or not the necessary conditions are met, and the device isolates itself or accesses the process control network accordingly. Keys and the necessary conditions/attributes indicated therein may be based on, for example, location, time, context, customer, supplier, particular plant, manufacturer, user, data type, device type, and/or other criteria. Additionally, sub-keys associated with a key may be generated from another set of necessary conditions/attributes. Sub-keys may be provided by a different entity than the key provider entity.

Abstract: A technique provides access control. The technique involves prompting a user to enter color-shape pairings, and receiving multiple color-shape pairings from the user. Each color-shape pairing includes (i) a color selection from multiple selectable colors and (ii) a shape selection from multiple selectable shapes. The technique further involves generating an access control result based on the received multiple color-shape pairings, the access control result controlling access to a set of protected resources. For example, color segments can be displayed on a touch screen in the form of a color wheel, and multiple shapes can be rendered within each color segment. Alternatively, (i) a color palette including the multiple selectable colors and (ii) a shape menu including the multiple selectable shapes can be rendered on the touch screen to prompt the user to provide drag and drop gestures over the touch screen. Other configurations are suitable for use as well.

Abstract: Apparatus, systems, and methods may operate to receive, at a generating identity provider (IDP), original user credentials sufficient to authenticate a user directly from a user machine, or indirectly from an initial identity provider. Additional activities may include generating, by the generating IDP, generated user credentials having the lifetime of a login session associated with the user, the lifetime initiated approximately when the original user credentials or a token associated with the user are/is validated at the generating IDP. Still further activities may include receiving a request associated with the user during the login session to access an application protected by an agent, and transmitting at least part of the generated user credentials from the generating IDP to the application to authenticate the user to the generating IDP while the login session is not terminated or expired. Additional apparatus, systems, and methods are disclosed.

Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM (“SRAP PLATFORM”) provides a secure supporting infrastructure within a corporate network framework and applications based thereon for use and placement of corporate resources. A non-trusted device may he authorized to access and use corporate resources, and the corporate network server may manage the placement of resources via the SRAP PLATFORM.

Abstract: A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Abstract: A method of securely distributing and storing content may include receiving user content and identifying a number of storage servers that are configured to receive portions of the user content. The method may also include dissecting the user content into content portions for storage in the storage servers. The number of content portions may be selected to be equal to the identified number of storage servers, and the user content may be dissected into the content portions using a randomized dissection pattern. The method may additionally include transmitting each of the plurality of content portions to separate storage servers. Each of the storage servers may be independent from the transmitting computer system and from each other. Each of the storage servers may be operated according to a common protocol, such that each of the storage servers can store any of the content portions.

Abstract: An image forming system with an information processor and an image forming device includes a memory that pre-stores user identification information, an input that accepts an entry of delegation identification information, a data creation part that creates transmission data using the delegation destination identification information as first authentication information when the entry of the delegation destination identification information is accepted, and that creates transmission data using user identification information as first authentication information when the entry of the delegation destination identification information is not accepted, a transmission part that sends the transmission data to the image forming device including a reception part that receives the transmission data, an authentication part that performs authentication using the first authentication information, that permits image formation based upon the transmission data when the authentication is successful, and an image forming part tha

Abstract: Systems and methods for facilitating authentication of an electronic device accessing plurality of mobile applications are disclosed. The system may receive a device public key and authentication information of the electronic device. The system may validate the authentication information to initiate a device session with the electronic device and create an authentication token signed with a server signature. The system may enable the electronic device to access a first mobile application based on the authentication information validated. Further, the system may receive the authentication token signed with a device signature. The system may authorize the authentication token by verifying the device signature and the server signature on the authentication token with a device public key and a server public key respectively. The system may then enable the electronic device to access the second mobile application using the authentication token authorized.

Abstract: In a biometric sensor system and method, storage of acquired biometric data and/or processing of that data may be shifted from specialized secure processing hardware to host system resources for improved speed and reduced cost of biometric sensor devices and systems. Stored data may be encrypted and/or signed by the specialized secure processing hardware and/or software. A database of authorized biometric data (e.g., patterns or key features representing all or a portion of the fingerprints of authorized users) may be stored on the host system either encrypted or non-encrypted or both. Preliminary matching against a database of many enrolled fingerprints may be accomplished by the system processor to ease the processing burden on the specialized secure processing hardware/software. Final match confirmation remains within exclusive control of the specialized secure processing hardware/software in order to prevent data tampering or other efforts to defeat the security provided by biometric identification.

Abstract: Methods, apparatus and computer-readable media (transitory and non-transitory) are disclosed for receiving audio information based on sensing of one or more audible sounds; identifying one or more voice profiles, wherein each of the voice profiles is associated with an individual and indicates one or more voice characteristics of the associated individual; determining at least a given voice profile of the one or more voice profiles matches the audio information; determining co-presence of the user with at least the individual associated with the given voice profile based on determining the given voice profile matches the audio information; identifying an action that includes a trigger based on co-presence of the user and the individual associated with the given voice profile; and invoking the action based on the determined co-presence of the user with at least the individual associated with the given voice profile.

Abstract: Systems and methods are provided for password reset. For example, a first server receives a request operation instruction from a user terminal, wherein the request operation instruction includes account information and identity information; the first server determines whether to permit password reset for a first account indicated by the account information; in response to the password reset for the first account being permitted, the first server authenticates the account information and the identity information; if the authentication of the account information and the identity information is successful, the first server processes the request operation instruction and sends a password reset prompt to the user terminal; the user terminal receives the password reset prompt and sends to the first server password information set by a user in response to the password reset prompt; and the first server sends to a second server a password reset request that carries the password information.

Abstract: A system for protecting and de-identifying healthcare data includes a storage device for storing the healthcare data and personally identifiable information for a person and a processor in communication with the database. The processor generates an anonymous linking code using a keyed hash function and a second hash function. The anonymous linking code is based at least in part on a portion of the personally identifiable information. The processor further appends the anonymous linking code to the healthcare data for the person.

Abstract: Disclosed is a method and system of managing user security permissions for access to resources accessible over a communications network, to participate in a designated task or conversation relating to the resources. The method and system include: assembling resources relating to the designated task or conversation into a collection and allocating security permissions for users to access said resources in the collection over the network based on whether the users are active or passive participants in the task or the conversation. Active participants have been invited to participate in the task or the conversation and passive participants have not been invited to participate in the task or the conversation, and security permissions allocated for each of the users to access said resources in the collection to the providers of the resources are communicated, such that the providers set the security permissions for each of the users to access the resources.

Abstract: An authentication server apparatus is capable of simply and accurately assessing whether a user terminal is being operated by a person. In the authentication server apparatus connected to the user terminal, operating instructions for instructing operation by an operator by using objects are associated with operation information and stored. A session ID is imparted for each session with the user terminal, operating instructions are selected for each session, a page provided with the selected operating instructions and the objects is generated, and position information is received corresponding to operations executed at the user terminal that has displayed the page.

Abstract: Embodiments of the present disclosure include systems and methods for secure release of secret information over a network. The server can be configured to receive a request from a client to access the deposit of secret information, send an authorization request to at least one designated trustee in the set of designated trustees for the deposit of secret information, receive responses over the network from one or more of the designated trustees in the set of designated trustees and apply a trustee policy to the responses from the one or more designated trustees in the set of trustees to determine if the request is authorized. If the request is authorized, the server can send the secret information to the client. If the request is not authorized, the server denies access by the client to the secret information.

Abstract: Disclosed are system and methods for controlling access of a consumer to personal data of a user. An example method includes: collecting information about the consumer of personal data; comparing the collected information with one or more templates containing risk criteria to determine whether a risk is associated with the consumer; setting, based on the determined risk, consumer access parameters for access of the consumer to the personal information of the user; and controlling access of the consumer to the personal data of the user based on the set consumer access parameters.

Abstract: Disclosed is an improved method, system, and program product to implement a login interface that collects additional information (in addition to the username and password) to be used in the login process. The additional information may include role and environment information specifying the privileges or resources in an application that the user may access.

Abstract: Files associated with the operation of gateway and client devices in a network may be downloaded with minimal operator intervention. Accordingly, a method includes receiving data including a first file, a first authentication element, and a second authentication element, the first authentication element being unique to a client device associated with the gateway device. The method also includes determining if the second authentication element is valid for the gateway device and storing the first authentication element and the second file for the client device if the second authentication element is valid for the gateway device. An apparatus includes a receiver that receives data, a processor that determines if the second authentication element is valid for the gateway device, and a memory that stores the first authentication element and a portion of the data for the client device if the second authentication element is valid for the gateway device.

Abstract: Sharable content item links with use restrictions. In one embodiment, for example, a method comprises: receiving, from a client computing device used by an authenticated link submitter, a first request to access a server-stored content item at a sharable link; wherein the link submitter is authenticated according to a first authentication factor; responsive to receiving the first request, prompting the link submitter to enter/submit a second authentication factor; and providing access to the server-stored content item at the shareable link responsive to receiving the second authentication factor from the link submitter.

Abstract: A personal computer is provided comprising a network communication interface configured to communicate with the Internet. The computer further includes a memory device configured to store information and computer-executable program code. The computer further includes a processor operatively coupled to the network communication interface and the memory device. The processor and the computer-executable program code are both configured to provide enhanced security features for safeguarding financial transactions conducted over the Internet and for safeguarding non-public information stored in the memory from being retrieved over the Internet by an unauthorized entity. The computer further includes indicia attached to the computer. The indicia is visible to a potential user of the computer and is configured to portray to the potential user of the computer that the computer is specifically designed and built to provide increased security for financial transactions handled over the Internet.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to data backup and archival tools and provide a method, system and computer program product for the dispersal and retrieval of fragments in a peer-to-peer data backup and archival network. In an embodiment of the invention, a method for the dispersal and retrieval of fragments in a peer-to-peer data backup and archival network can include partitioning a file into multiple, different fragments for storage in a peer-to-peer data backup and archival network, selecting different peer hosts in the peer-to-peer data backup and archival network to store different ones of the fragments, and storing each of the fragments in at least one of the selected different peer hosts. Optionally, the fragments can be encrypted before storage in the different peer hosts.

Abstract: Information useful for authenticating an entity is sent over a back channel during the authentication of an entity to a RESTful service. The delivery of the entity-related information is triggered by the validation of a service ticket received by the authentication component of the RESTful service.

Abstract: Apparatuses, systems and methods are provided for managing a plurality of information technology devices in an information technology environment in which the plurality of information technology devices are connected to a network.

Abstract: A content access device and system may allow portable remote devices to be paired with a variety of different devices, allowing remote control through a network connection. Content access devices may expose application program interfaces, allowing incoming network traffic to control operation of the device much in the same way that a local infrared remote would. Routing content commands through an external application server may also yield other benefits, such as allowing more customized selection of information and advertising content to users based on their viewing history.

Abstract: A method for securing user data includes the steps of: a) setting the user data as input data; b) randomly fragmenting the input data into a plurality of Atoms and randomly distributing the Atoms into an AtomPool and an AtomKey; and c) recording information about the fragmentation and the distribution of step b) into an AtomMap.