Abstract: Techniques for automatically performing one or more actions responsive to a successful login. In one embodiment, an action automatically performed responsive to the login uses content created prior to the login.

Abstract: A system and method to select and retrieve contact center transactions from a set of transactions stored in a queuing mechanism. The system includes an interactive voice response system configured to accept at least one call and dynamically populate a web form with call data associated with the at least one call. The system also includes a queuing engine configured to allow a call agent to access the call data prior to the at least one call being connected to the call agent.

Abstract: The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, or the like) is then implemented.

Abstract: A method and apparatus for securing transactions using verified resource locations is described. In one embodiment, the method for authorizing a transaction request using published location information for at least one resource includes examining relationship data regarding at least one resource to identify at least one publisher computer and at least one subscriber computer, wherein the at least one publisher computer communicates location information for the at least one resource and in response to at least one transaction request from the at least one subscriber computer, comparing the location information with the at least one transaction request to verify at least one resource location.

Abstract: Disclosed are a method and a system for synchronizing and providing data requiring digital rights protection, to a portable device, wherein a contents providing server is connected with a contents synchronization server to which the portable device is connected.

Abstract: A print server comprises: unit configured to acquire an owner name of a user for specifying the user in an output apparatus, the owner name being set in advance in correspondence with user information of the user who issues the print instruction in the print server and being to be set in a print job to be processed by the output apparatus; and unit configured to, when the acquisition unit has acquired the owner name, generate a print job in which the acquired owner name is set as an owner name of the print job, and when the owner name has been neither set nor acquired, generate a print job in which a user name designated in the user information of the user in the print server is set as the owner name of the print job.

Abstract: Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.

Abstract: Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.

Abstract: In an information management system, policies are deployed to targets and targets can evaluate the policies whether they are connected or disconnected to the system. The policies may be transferred to the target, which may be a device or user. Relevant policies may be transferred while not relevant policies are not. The policies may have policy abstractions.

Abstract: Access of a client device to a protected resource is controlled by issuing an authentication information request for a dynamic sub-set of client-side storage values previously stored on the client device by one or more servers. Authentication information is received from the client device based on the dynamic sub-set of client-side storage values. The client device is authenticated based upon verification of the received authentication information. The received authentication information from the client device is optionally encrypted. The client-side storage values comprise any value stored by one or more servers on the client device. The client-side storage values are substantially specific to the client device. The client-side storage values are optionally stored as a matrix. The requested dynamic sub-set of the client-side storage values may comprise one or more cells from a plurality of records in the matrix.

Abstract: An enumeration prevention technique involves receiving an authentication session request which includes a validation result indicating whether a user identifier supplied by the user identifies a valid user entry in a user database. The technique further involves providing a genuine authentication session response when the validation result indicates that the user identifier does identify a valid user entry in the user database. The genuine authentication session response includes a user-expected set of artifacts to confirm authenticity of the authentication server to the user. The technique further involves providing a faux authentication session response when the validation result indicates that the user identifier does not identify a valid user entry in the user database. The faux authentication session response includes a machine-selected set of artifacts enabling the faux authentication session response to resemble a genuine authentication session response.

Abstract: An encryption key module in a content providing server receives a request to stream electronic media data to the user device. The encryption key module identifies a predefined shared secret key corresponding to a key in a subscriber identity module (SIM) in the user device. The predefined shared secret key is used for encryption of data. The encryption key module encrypts the requested electronic media data based on the shared secret key and provides the encrypted electronic media data to the user device over a wireless network.

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: A system for transferring secured data has an authentication facilitator that transmits data indicative of a graphical key pad to a remote display device of a user computing device and, in response, receives from the user computing device icon location data indicative of locations of icons selected by a user. Additionally, the authentication facilitator recovers a personal identifier (PI) from the icon location data, translates the recovered PI to obtain a translated PI, and transmits the translated PI. The system further has a partner computing apparatus that receives the translated PI and allows the user access to a secured area based upon the translated PI.

Abstract: Apparatus, methods, and programs for protecting data on a wireless device may include a wireless device having a computer platform with a processing engine operable, based upon configurable parameters, to log data access attempt on the wireless device and transmit the log to a remote device. Furthermore, the wireless device may be configured to execute locally and remotely generated control commands on the wireless device, the commands operable to modify an operation of the wireless device. The embodiment may also include an apparatus operable to receive the transmitted log, analyze the received log and transmit a control command to the wireless device. The apparatus may further generate a data access report and make the report available to an authorized user.

Abstract: Provided is an off-line two-factor user authentication system. The off-line two-factor user authentication system is designed to use, as a password, a one-time-password derivation rule to be applied to certain pattern elements included in a presentation pattern at specific positions so as to create a one-time password, and further use, as a second authentication factor, information identifying a client to be used by a user. A plurality of pattern seed values each adapted to uniquely specify a presentation pattern in combination with a client ID, and a plurality of verification codes corresponding to respective ones of the pattern seed values, are stored in an off-line two-factor authentication client. A presentation pattern is created based on a selected one of the pattern seed values and a client ID, and an entered one-time password is verified based on a verification code corresponding to the selected pattern seed value.

Abstract: A method of authenticating access to a service comprises: a) receiving at a mobile terminal, over a bi-directional near-field communication channel between the mobile terminal and a browser, at least part of the identifier of a service; b) comparing, at the mobile terminal, at least part of the identifier received at the mobile terminal with a set of identifiers stored in the mobile device; and c) authenticating access to the service on the basis of whether at least part of the identifier received at the mobile terminal matches an identifier in the set. The mobile terminal may stored a set of URLs, and may compare a received URL (or part URL) with the set of stored URLs. It may generate an alert to the user if at least part of the URL received at the mobile terminal does not match a stored URL. User names and keys are not required to be stored on the web-browser, so the web-browser does not need to maintain a password database.

Abstract: A system for performing authentication of a first user to a second user includes the ability for the first user to submit multiple instances of authentication data which are evaluated and then used to generate an overall level of confidence in the claimed identity of the first user. The individual authentication instances are evaluated based upon: the degree of match between the user provided by the first user during the authentication and the data provided by the first user during his enrollment; the inherent reliability of the authentication technique being used; the circumstances surrounding the generation of the authentication data by the first user; and the circumstances surrounding the generation of the enrollment data by the first user. This confidence level is compared with a required trust level which is based at least in part upon the requirements of the second user, and the authentication result is based upon this comparison.

Abstract: Method enabling a user to verify the operation of a personal cryptographic device, comprising the following steps: a) a user (2) enters an access request in a terminal (3) (100), d) a personal cryptographic device (1) of the user (2) calculates and displays a response (105), g) the user (2) verifies the operation of the personal cryptographic device (1) by requesting the terminal (3) to display the expected response to the challenge (110), i) the terminal (3) displays the expected response to the challenge (113), j) the user (2) compares the response displayed by the personal cryptographic device with the response displayed by the terminal.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for using a device identification program. In some embodiments, a system is configured to: receive device identification information from a mobile device, search a database of records based on the identification information, and in response to determining a match between information associated with a record in the database and the identification information, enable first access to an application initiated on the mobile device.

Abstract: A print server may include an anonymous printer registration module configured to receive, at a cloud print service, a registration request from a printer over a network and return a registration response to the printer over the network. The anonymous printer registration module may include a claim code provider configured to provide a claim code included within the registration response to the printer over the network, wherein the printer is configured to provide the claim code to a user of the printer, and a printer matcher configured to receive the claim code from the user over the network and match a user account of the user within the cloud print service with the printer, in response to the receipt of the claim code from the user.

Abstract: A method for a covert communication system comprising a pair of flash memory devices having encrypted boot instructions and communication software thereon whereby the flash memory devices once plugged into a computer's USB ports and the computer is powered on, the flash memory boot load tests for the presence of a flash memory device dongle having an encrypted key that that once validated starts the encrypted communication software designed to create, edit, send and receive a report comprising data files forming a data package, which can only be transmitted by restarting the computer.

Abstract: A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.

Abstract: Verifying a user includes: receiving a service request; generating a text based first dynamic password upon receiving the service request; converting the first dynamic password into sound information; transmitting the sound information to a user terminal over a communication network; receiving over the Internet a second dynamic password entered by the user based on the sound information, the second dynamic password being a text based password; comparing the first and second dynamic passwords for consistency; and indicating that verification is successful if the first and the second dynamic passwords are consistent.

Abstract: A printer may include a registration requester configured to receive an initiation request from a user to initiate a registration of the printer, and further configured to send a registration request to a cloud print service over a network. The printer may include a claim facilitator configured to receive a registration response from the cloud print service over the network, the registration response including a claim code, and further configured to provide, using printer functionality, the claim code to the user. The printer also may include an authentication manager configured to request an authentication credential issued by the cloud print service in response to a matching of the printer with a user account of the user within the cloud print service, the matching based on a receipt of the claim code from the user at the cloud print service, and further configured to receive and store the authentication credential at the printer.

Abstract: The present invention provides a method for keys generation, member authentication and communication security in a dynamic group, which comprises steps: assigning each member an identification vector containing common group identification vector elements and an individual identification vector element, and generating an authentication vector and an access control vector for each member according to the identification vector; using the identification vector elements to generate public key elements and establish an authentication public key and an access control public key; and using a polynomial and the identification vector to generate a private key. The present invention uses these public keys and private keys, which are generated from the identification vectors, to implement serverless member authentication and data access control, whereby is protected privacy of members and promoted security of communication.

Abstract: An interactive method for authentication is based on a shared secret which is in the form of an enumerated pattern of fields on a frame of reference. An instance of the frame of reference comprises an array of characters in which the characters are arranged in a random or other irregular pattern on a grid of content fields. An authentication challenge includes characters from the character set, and is delivered in- or out-of-band. The authentication response includes the enumerated position numbers on the enumerated pattern of the field locations on the grid at which the challenge characters are found.

Abstract: A method is disclosed for adjusting a security interface display on an electronic device. The method comprises a user of an electronic device requesting a change in the display of an interface for entering security code information on the device. The device presents to the user a variety of options related to the manner in which the graphical elements of the security interface may be displayed. The user may select any one or more of the display options. The electronic device thereafter displays a security interface with graphical elements displayed according to the user's selection.

Abstract: A method may include storing user information associated with a first user, where the user information includes at least two of location information, presence information, address book information or calendar information. The method may also include storing access control information identifying criteria for allowing parties to access the user information and receiving, from a first party, a request for access to at least a first portion of the user information. The method may further include determining, based on the access control information, whether the first party is authorized to access the first portion of the user information and providing access to the first portion of the user information, when it is determined that the first party is authorized to access the first portion of the user information.

Abstract: A wireless communications system may include a user-wearable device including a clasp having open and closed positions, a first wireless security circuit (WSC), and a first controller coupled to the clasp and the first WSC. The system may further include a mobile wireless communications device including a portable housing, an input device(s), a second WSC carried by the portable housing and configured to communicate with the first WSC when in close proximity therewith, and a second controller carried by the portable housing and coupled to the second WSC and the input device(s). The second controller may be configured to enable mobile wireless communications device(s) function based upon a manual entry of an authentication code via the input device(s), and bypass the manual entry and enable the mobile wireless communications device function(s) based upon a communication from the user-wearable device and a position of the clasp.

Abstract: A method and structure for entering authentication data into a device by displaying in an optical unit a key map which correlates data input into the device with keys of the device, the key map indicating data different from that of the keys of the device.

Abstract: A server apparatus includes an analyzer unit which analyzes log-in information for a server received from a client, determines an authentication scheme of the server, and extracts, from the log-in information, provisional authentication information in a form representative of variable information. The analyzer unit stores, in the storage device, information representative of the authentication scheme and the provisional authentication information as the variable information. The analyzer unit also stores, in the storage device, as the variable information, authentication information of a user for the server that is associated with representative authentication information of the user.

Abstract: A method and apparatus for remediating backup data to control access to sensitive data is described. In one embodiment, the method for facilitating sensitive data remediation from backup images without a separate data store includes examining the backup images to identify sensitive data and modifying remediation information associated with the sensitive data, wherein the remediation information restricts access to the sensitive data to at least one corresponding access group.

Abstract: Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored.

Abstract: A system and method for allowing access to digitally protected content are disclosed. License metadata and credentials from multiple types of digital rights management systems may be used to grant access to content protected by a different type of digital rights management system. Hierarchical levels of access to the content may be granted based on at least one of license metadata and credentials.

Abstract: This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service.

Abstract: Disclosed are various embodiments for logging out from multiple network sites using an authentication client that manages sessions for the network sites. Account data is maintained for multiple accounts of a user for multiple network sites. The account data includes a respective security credential for each of the accounts. An authentication client automatically authenticates with multiple authentication services corresponding to multiple network sites using multiple accounts in response to the user accessing each network site. A respective session is established for each network site. A logout is performed by ending each one of the sessions.

Abstract: The present disclosure describes methods, systems, and computer program products for interactive authentication can include receiving a valid authentication credential or an invalid authentication credential associated with a digital identity. The credentials can be received from an end user at an input device in association with a login attempt. If a valid authentication credential is received, it is determined whether an identification token is received with the valid authentication credential. If received, the identification token is identified as a token included in a list of valid tokens associated with the digital identity at an authentication system. In response to the determination that the identification token is included in the list of valid tokens, it is determined whether a lockout period associated with the identification token in the list of valid tokens has expired. If expired, the end user associated with the login attempt can be authenticated.

Abstract: Similarity-based fraud detection techniques are provided in adaptive authentication systems. A method is provided for determining if an event is fraudulent by obtaining a plurality of tagged events and one or more untagged events, wherein the tagged events indicate a likelihood of whether the corresponding event was fraudulent; constructing a graph, wherein each node in the graph represents an event and has a value representing a likelihood of whether the corresponding event was fraudulent and wherein similar transactions are connected via weighted links; diffusing through weights in the graph to assign values to nodes such that neighbors of nodes having non-zero values receive similar values as the neighbors; and classifying whether at least one of the one or more untagged events is fraudulent based on the assigned values.

Abstract: Technologies are described herein for customized identifier (“ID”) generation by an ID service. One or more calling components (“components”) remote from the ID service generate requests for IDs. The requests can include one or more rules defining how the IDs are to be generated, type data identifying a type of IDs to be generated, encryption data specifying whether, and if so, how the IDs are to be encrypted, and number data defining how many IDs are to be generated at a particular time. The ID service receives the request, and in response to the request, generates the number of IDs specified, in accordance with the rules, type data, and encryption data provided in the request. An ID database can store one or more of the IDs and/or rules associated with the components, such that each component can be relieved from maintaining its own database for ID operations.

Abstract: A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.

Abstract: The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service.

Abstract: This disclosure is directed for improved techniques for configuring a device to generate a secondary password based at least in part on a secure authentication key. The techniques of this disclosure may, in some examples, provide for capturing, by a computing device, an image of a display of another computing device. The captured image includes at least one encoded graphical image, such as a barcode, that includes an indication of the content of a secure authentication key. The computing device may use the secure authentication key to generate a secondary password to be used in conjunction with a primary password to gain access to a password-protected web service.

Abstract: A secure registry system and method for the use thereof are provided which permits secure access to a database containing selected data on a plurality of entities, at least portions of which database has restricted access. Mechanisms are provided for controlling access to restricted access portions of the database are provided, such access being determined by at least one of the identity of the requesting entity and the entity's status. A multicharacter public code may be provided which the system can map to provide permit delivery of items, complete telephone calls and perform other functions for entities. The system may also be utilized to locate an individual based on limited biological data. Organizations utilizing the system may have custom software facilitating their access and use of the system.

Abstract: A communication method on a communication link between an aircraft and a ground station, the communication capable of being configured according to a plurality of safety levels in which, when the aircraft sends a request to a ground station to modify the safety level of the communication from a previous safety level to a new safety level and the aircraft does not receive an acknowledgement of the request by the ground station, the aircraft still accepts messages from the ground station according to the new security level.

Abstract: A system in a cloud services environment comprises one or more service offerings, one or more service instances and one or more service support utilities. Each of the one or more service offerings is described by at least one service descriptor. Each of the one or more service instances is obtained from at least one of the one or more service offerings. Each of the one or more service support utilities is customized by at least one service descriptor. A service comprises at least one component and a service descriptor comprises one or more models.

Abstract: A system and method is provided for generating a one-time passcode (OTP) from a user device. The method includes providing a passcode application and a cardstring defined by a provider account to the user device. The passcode application is configured to generate a passcode configured as a user OTP for the provider account, using the cardstring. The cardstring is defined by at least one key camouflaged with a personal identification number (PIN). The key may be camouflaged by modifying and encrypting the modified key under the PIN. The key may be configured as a symmetric key, a secret, a seed, and a controlled datum. The cardstring may be an EMV cardstring; and the key may be a UDKA or UDKB. The cardstring may be an OTP cardstring, and the key may be a secret configurable to generate one of a HOTP, a TOTP, and a counter-based OTP.

Abstract: Establishing trusted communication with a media client application on a client device includes receiving an identifying token originating in a secure messaging session between a messaging server and the client device, and sending an encrypted generated nonce to the messaging server for delivery to the client device. A blob request message is received that includes a decrypted nonce value and identifies the client device, user, and content owner. The blob request message is tested and a blob is conditionally sent to the client device that includes a secret value for accessing an API via which the client device obtains decryption keys for decrypting protected media. Testing includes evaluating whether the decrypted nonce value matches the generated nonce value. The blob request message may include device integrity information to evaluate whether the device has been tampered with, as a further condition to allowing access to the protected media.

Abstract: Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

Abstract: A computing device which includes an access control mechanism which is used to control access to keys which are used in cryptographic processes. Any application wishing to gain access to a key must first obtain authorization from the access control mechanism. Authorized applications may access keys directly, without having to pass data through the access control mechanism.