Abstract: An authentication method of an electronic device is disclosed. A plurality of key inputs is received from a user via activation of input keys. At least one key input from the key inputs is validated based on a predefined criterion to obtain a password. The password is compared to a registered password to obtain an authenticated password.

Abstract: A system and method for dynamically adjusting or modifying the password expiration period for a given user based upon how a user accesses the password-protected resource. The tighter the physical control of how a user can access a resource results in a loosening or maintaining of the password expiration period to be a relatively long period of time, whereas the looser the physical control of how a user can access a resource results in a tightening of the password expiration period to be a relatively short period of time. The password expiration period is adjusted based on both actual usage patterns as well as variances in such usage patterns.

Abstract: An encrypted file is decrypted to gain access to a stored hash value for a credentials setting component. A test hash value of the credentials setting component is formed. Before decrypting a set of encrypted credentials to form decrypted credentials, it is required that the test hash value of the credentials setting component match the stored hash value of the credentials setting component. The decrypted credentials are then passed to the credentials setting component to set credentials that instructions are to be executed under.

Abstract: A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present.

Abstract: A method for user authentication involves initiating an authentication process, receiving images associated with the authentication process, selecting an image from the images to generate a selection; and obtaining authentication based on the selection, where the image is associated with the authentication process and sent prior to initiating the authentication process.

Abstract: In some aspects of the present disclosure a device is disclosed that includes a processor; a storage unit; a user interface; a transceiver; a device identifying unit arranged to store device identifying data; a memory unit arranged to store machine-executable instructions that when executed by the processor causes a password to be generated, based on the device identifying data, that is arranged to allow the device to access a public wireless local area network (PWLAN).

Abstract: In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.

Abstract: A method and apparatus for synchronously changing authentication credentials of a plurality of domains comprising detecting an authentication credential change event for a particular domain, where the authentication credential is being changed from a first credential to a second credential, determining whether the particular domain is within a domain group, and, if the particular domain is within the domain group, changing the authentication credential of at least one other domain in the domain group from the first credential to the second credential.

Abstract: A memory storage apparatus including a connector, a rewritable non-volatile memory module and a memory controller is provided. The memory controller receives a password to be verified, transforms the password into a data stream by using a first unit, generates a cipher text to be verified according to a predetermined data stream and the transformed data stream by using a second unit, and determines whether the cipher text to be verified is the same to a predetermined cipher text stored in the rewritable non-volatile memory module. When the cipher text to be verified is the same to the predetermined cipher text, the memory controller identifies that the password to be verified is validated. Accordingly, the memory storage apparatus can effectively verify a password input by a user, thereby protecting data stored in the rewritable non-volatile memory module.

Abstract: A method for providing security in a networked multimedia computing system is provided wherein an administrative workstation is challenged by a network workstation when the administrative workstation is attempting to manipulate or query the network workstation. The administrative workstation responds in an automatic fashion to supply a series of logically acceptable password candidates to the challenging workstation in an attempt to validate itself to the challenging network workstation without interrupting a user. If none of the series of passwords is successful, an administrator, or user, operating the administrative workstation is prompted to manually enter a password. The system allows for an administrative workstation to automatically and transparently validate itself to a challenging network workstation, in most situations, without requiring input from the administrator.

Abstract: A system for automatically completing fields in online forms, such as login forms and new user registration forms, which employs a Master Cookie File containing sets of records associated with the user, his or her accounts or web sites, and registered values associated with form tags (e.g. username, password, address, email, telephone, etc.). When the user encounters another form, the MCF is automatically searched for matching values and form tags, primarily from the same account or web site, or alternatively from other accounts or sites. A flowing pop-up menu is displayed nearby the form fields from which the user can select values to automatically complete the form. Automatic account information updating, value expiration management, mapping of favorite values, and sharing of values are optional, enhanced functions of the invention.

Abstract: A file may contain an unencrypted and an encrypted portion. The unencrypted portion may contain a layout section that may point to a published license, metadata, and a contents section, where the contents section is in the encrypted portion. The encrypted portion may contain the contents section which may act as a directory for one or more included files that may be compressed and stored in the encrypted portion. When the file is opened by a receiver, the receiver may read the published license and communicate with a security server to establish access rights and receive at least one key for decrypting at least a portion of the encrypted portion of the file. The receiver may then gain access to the included files.

Abstract: A method and system are provided for resetting a password using a first device and a second device. The second device stores data encrypted using a content protection key, which itself is stored in encrypted form using the password, and is also stored in encrypted form using a key encryption key. The first device receives a public key from a second device. The first device uses the public key and a stored private key to generate a further public key. The further public key and a new password are sent to the second device. The second device uses the further public key to generate the key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key is created, and encrypted using the new password.

Abstract: A method for access control to installation control systems of wind energy installations. The method includes receiving a requested user name and a requested password, wherein authorizations and checking information are coded in the requested password. The method further includes decoding the authorizations and the checking information from the requested password, checking the requested user name on the basis of the decoded checking information, checking the decoded authorizations if the check of the requested user name on the basis of the decoded checking information has a positive result, and allowing access to an installation control system of a wind energy installation when the decoded authorizations are sufficient. A wind energy installation for implementing the method includes an installation control system and a decoding unit.

Abstract: When a plurality of information processing apparatuses that have an authentication function cooperate to execute a job, user authentication information is transmitted from a cooperative information source processing apparatus to a destination cooperative information processing apparatus that execute the cooperative job. A user account is created at the destination cooperative information processing apparatus based on the transmitted authentication information. When the cooperative information source processing apparatus notifies execution of a cooperative job to the destination cooperative information processing apparatus, authentication information that is authenticated at the cooperative information source processing apparatus is transmitted to the destination cooperative information processing apparatus. The destination cooperative information processing apparatus creates a user account based on the authentication information, and executes the cooperative job using the created user account.

Abstract: A character string indicating a date obtained from a calendar clock is combined with a fixed-value character string held internally to generate a hash character string using a hash function. The hash character string is compared with an input character string. When there is a match, the body portion of an application software is executed. When there is no match, a process is terminated without executing the body portion of the application software.

Abstract: A programmable controller system is formed by connecting a personal computer having an aid device program module installed to serve as an aid device for development of control program to a programmable controller having password protect function. A hardware key storing a specified password code is detachably attached to the personal computer. The aid device program module checks whether or not software module with a function of certifying a hardware key exists and if it is found to exist, it is linked as a part of the aid device program module and the function of certifying the hardware key is caused to operate.

Abstract: A method for securing data transmitted over a network to an image display device. In one embodiment, the method may include identifying at least one image display device on the network, selecting the at least one image display device for transmission of data, activating a data protection process to generate locked data and transmitting the locked data to the image display device. The method may further include receiving a key to unlock the locked data such that the data is available to the image display device.

Abstract: Access to resource(s) intended to be shared with specific groups of individuals is controlled using concise tests of shared knowledge instead of (or in addition) to accounts and access control lists. Users can readily learn the concept and choose questions that will control the access by the desired group with little effort. Such questions can be relatively secure to guesses by those not intended to have access, particularly if the number of allowed guesses is relatively limited. Users can generally predict the security of their questions, but sometimes underestimate the ability of attackers to use Web searching or enumeration to discover answers. In such cases, the system can automatically discover weak questions and then suggest alternatives. By lowering the threshold to access control, shared knowledge tests can enable more types of information to acquire collaborative value on the Internet and on other types of networks.

Abstract: A tolerant key verification method is provided. The tolerant key verification method comprises the following steps. A first key is generated instantly according to first characteristic values from a user terminal and is transmitted to a verification server to perform a comparison. When a data in the verification server matches the first key, the verification server makes no response and asks a network-service server to provide a network service to the user terminal. When the data doesn't match the first key, the verification server makes no response. When no data is available, the verification server makes no response and asks a message server to send a key-regeneration signal to the user terminal such that the user terminal generates a second key instantly according to second characteristic values. The verification server saves the second key and asks the network-service server to provide the network service to the user terminal.

Abstract: In accordance with one or more aspects, a current security policy for accessing a device or volume of a computing device is identified. A secondary access control state for the device or volume is also identified. An access state for the device is determined based on both the current security policy and the secondary access control state.

Abstract: According to one embodiment, an information processing apparatus includes a main body, an authentication unit which performs an authentication process, upon power-on of the main body, if authentication information is registered in the main body, the authentication process including a process to authenticate a user based on authentication information input by the user and the authentication information registered in the main body, and a forced-registration unit which performs a forced-registration process to request the user to register new authentication information and inhibit the main body from operating until the new authentication information is registered, upon power-on of the main body.

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: A system that enables network authorization status to be conveyed to the device requesting network services within or outside the scope of an authentication exchange is provided. The authorization status notification or information can be automatically generated or otherwise triggered by a request from the user or device. For instance, a query can be employed to solicit device authorization status related to a particular service or group of services. Additionally, authorization status notification can be automatically triggered based upon a change in the device authorization state.

Abstract: A method and system for providing remote user access to secure financial applications by deployment of SSO software (126) to client workstations (120), including receiving a password for collaborating access to a secure server (110); navigating to the secure server (110) using a web browser (124) on a remote workstation (120); providing user authorization details and the received password to the secure server (120); generating a subsequent password at the secure server (110) upon validation of the user authorization details and received password; downloading an SSO deployment file (122) to the remote workstation (120), said deployment file (122) including the subsequent password; executing the SSO deployment file (122) to install an SSO client application (126) on the remote workstation; reading workstation settings and user credentials from a secure file or data store; and running the SSO client application (126) on the workstation to employ the user credentials and subsequent password to logon to the secure

Abstract: The present invention relates to systems and methods for securing web-based transactions. A system for securing web-based transactions includes a credential strengthener coupled to a client browser. The client browser communicates with a web server in a web-transaction. The credential strengthener converts a web credential entered by a user at the client browser to a higher entropy web credential associated with the user. The client browser then returns the higher entropy web credential for further use in the web transaction. A method for securing a web-based transaction includes steps of converting a web credential entered by a user at a client browser to a higher entropy web credential associated with the user, and returning the higher entropy web credential to the web server to continue the web transaction.

Abstract: A document management device, when receiving information on a document registration user who is a requester for document registration and information on a document registration destination, provides a first page (top page) displayed when the document registration user logs into the document management device with a link (button) for accessing a second page for registering a desired document at the document registration destination. When the document registration user performs an operation of registering the desired document on the second page accessed through the link included in the first page, the desired document is registered at the document registration destination.

Abstract: A computer implemented method, data processing system and computer program product are disclosed for password expiration based on vulnerability detection. A request for a password is received during re-activation of a first account that belongs to a particular user. A test password is compared to a previously created password that belongs to the particular user to determine if a match occurred. Responsive to determining that there is a match, a second account that belongs to the particular user with respect to the match is expired.

Abstract: A method for locking the application program includes: when running a application program stored in a terminal, it judges whether a first unlocking key of the application program exists in the terminal; in the case that the first unlocking key does not exist, the terminal generates and stores the first unlocking key, and sends it to a device; judging whether the device has locked the application program, in the case that the result of judgment is no, proceeding to the first step, otherwise proceeding to the second step: the first step, the device locks the application program, generates a second unlocking key, and notifies the second unlocking key to a user, proceeding to the second step; the second step, performing the authentication process for the user; in the case that the first unlocking key exists in the terminal, the first unlocking key is sent to the device, judging whether the device has locked the application program or not, if not, proceeding to the third step, otherwise proceeding to the forth ste

Abstract: An MFP stores information of a web service for permitting use with respect to each user, and information for limiting a use of its function. When there is a web service allowed to be used by the logged in user, its list is displayed. When a linked function with the selected web service is not allowed to be used, a massage to the effect that is displayed and when the use of the function is limited, limited contents are displayed to confirm the use of the web service.

Abstract: A system and method for communicating information over an insecure communications network include one or more computing devices that may access a first server via the communication network. In operation the first server displays an authentication Web page having a virtual pad with a plurality of characters that may be selected directly from a display of the computing device.

Abstract: Apparatus, methods, and computer program products for providing portable communication identity services are provided. A request is received to access a portable communication identity from a communications device. User information is received that is input by a user of the communications device, and the user information is authenticated. Capabilities of the communications device are accessed, and the portable communication identity is transmitted in accordance with the capabilities of the communications device.

Abstract: An augmented boot code module includes instructions to be executed by a processing unit during a boot process. The augmented boot code module also includes an encrypted version of a cryptographic key that can be decrypted with a cryptographic key that remains in the processing unit despite a reset of the processing unit. In one embodiment, the processing unit may decrypt the encrypted version of the cryptographic key and then use the decrypted key to establish a protected communication channel with a security processor, such as a trusted platform module (TPM). Other embodiments are described and claimed.

Abstract: In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.

Abstract: A secure system for user authentication comprised of an authentication interface having a character dial and alignment markers is provided. A passcode input module receives user commands to move the character dial with respect to the alignment markers and to record a configuration of the characters with respect to the alignment markers, thereby creating alignment configuration data. A passcode generation module receives at least one of said alignment configuration data from passcode input module and generates a plurality of passcode hypotheses. An authentication module receives the passcode hypotheses and compares the passcode hypotheses with the passcodes of registered users stored in a data store. The passcode hypotheses are updated after each new alignment configuration data entered by the user. The authentication module authenticates a user upon finding a passcode hypothesis matching a stored passcode.

Abstract: A method, service, system, computer program, etc., provides a list of acceptable authentication servers that a user could use to log in when accessing a networked device, such as a networked printer or document processing device. The embodiments include preparing a module, such as a dynamically loadable module (DLM) for use in the networked system accessed by the users. Each of the networked devices is enabled to accept the DLM. The embodiments forward the DLM to the networked devices as a print job along a print job submission path within the network. The networked devices recognize the DLM as a special job. Further, the networked devices use the DLM to install the XML file on each of the networked devices. Thus, the authentication server lists and authentication programs are updated within each of the networked devices using the DLM.

Abstract: Embodiments are directed towards employing a plurality of single use passwords to provide phishing detection and user authentication. A user receives a plurality of single use passwords that expire within a defined time period after having been sent to a registered device. During a login attempt, the user enters a user name and a requested one of the passwords, which once entered expires. If valid, the user then enters a portion of another password to complete a displayed portion of a password, and a specified other one of passwords. If the displayed portion of the other passwords does not match any portion of one of passwords, then the user may detect a phishing attempt and terminate the login. If the user correctly the password data, the user may then access secured data. Each new login request requires a different set of passwords to be used.

Abstract: There is provided apparatus comprising a user interface for displaying a plurality of items. The apparatus is arranged: a) to receive at least one instruction, by which instruction or instructions, one or more of a plurality of items initially displayed on the user interface is or are categorized as an item or items to be hidden and the remaining one or more of the plurality of items initially displayed on the user interface is or are categorized as an item or items to be displayed; b) to receive an instruction to hide, from the user interface, the one or more items to be hidden; and c) to hide from the user interface, the one or more items to be hidden, such that the item or items categorized as items to be displayed are displayed on the user interface, and the item or items categorized as items to be hidden are not displayed on the user interface. In one preferred arrangement, the apparatus is an electronic device.

Abstract: The present invention provides a system and a method for generating digital signatures. The system comprises a first formula which generates the signature as selected series from at least two, but preferably more digitized biometric features of a user. The signature comprises a different selected series per unit of time of for instance 10 seconds. The invention comprises a second formula which assigns a numerical value to a data file. The second formula can also use the numerical value to define another time interval, on the basis of which another signature can be generated. The invention further provides a number of examples for application of the generated signature during the sending of data files.

Abstract: A password management system and method for securing networked client terminals and mobile devices is provided. More specifically, the present invention provides a system and method for encrypting randomly generated administrator-level passwords and providing a means for decrypting the randomly generated passwords for single-use unrestricted access to a designated terminal or mobile device. When unrestricted access to the terminal or mobile device is required, the encrypted administrator-level password is decrypted using a shared symmetric key, which is generated during encryption of the administrator password, to reveal the administrator-level password for the terminal or mobile device. The administrator-level password is a single-use password, wherein upon use of the administrator-level password a new administrator-level password may be automatically generated for the corresponding terminal or mobile device.

Abstract: A smart card, system, and method for securely authorizing a user or user device using the smart card is provided. The smart card is configured to provide, upon initialization or a request for authentication, a public key to the user input device such that the PIN or password entered by the user is encrypted before transmission to the smart card via a smart card reader. The smart card then decrypts the PIN or password to authorize the user. Preferably, the smart card is configured to provide both a public key and a nonce to the user input device, which then encrypts a concatenation or other combination of the nonce and the user-input PIN or password before transmission to the smart card. The smart card reader thus never receives a copy of the PIN or password in the clear, allowing the smart card to be used with untrusted smart card readers.

Abstract: A projector system includes an information processing apparatus and a projector. The projector includes a device connection unit which enables communication between the information processing apparatus and the projector, a password generating unit which generates a password, and an encryption unit which encrypts the password and outputs the encrypted password to the information processing apparatus through the device connection unit.

Abstract: A wireless communication device to be wirelessly connected to a wireless network is provided. The wireless communication device includes a password obtainer to obtain a password designated by a user for connecting the wireless communication device to the wireless network, and a wireless connector to connect the wireless communication device to the wireless network with the use of the obtained password. The wireless connector sequentially selects one set from two or more sets, and sequentially attempts to connect the wireless communication device to the wireless network with the use of the sequentially selected one set. Each set of the two or more sets has an authorization method and an encryption method.

Abstract: Disclosed is a method of providing a completely automated public turing test to tell a computer and a human apart (CAPTCHA) based on image. The method comprises the steps of: storing a plurality of randomly-selected images by session when a request for a web page is received from a user client; providing the web page and a session ID to the user client; generating a test image by mixing the plurality of images when a request for a test image corresponding to the session ID is received from the user client; transmitting the generated test image to the user client; receiving at least one of first identification information inputted by the user about the test image from the user client; and comparing the first identification information with second identification information included in Meta information of the test image.

Abstract: A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker.

Abstract: An image processing apparatus generates a password each time transmission of image data is instructed, encrypts the image data with the generated password, transmits the encrypted image data, and notifies the generated password.

Abstract: The present invention is directed to a system and method for authenticating a user of a device or computer system using a graphical password. In an exemplary embodiment, a user is presented with a plurality of graphical images on a display screen of an access device, such as a handheld smart phone. Each graphical image includes one or more associated attributes. The user sequential selects graphical images and a password is generated based on the combination of attributes of the selected images. The generated password is compared with a stored password to authenticate the user and grant access to the device. In another aspect, the graphical password includes time, motion, and/or keyboard input attributes such that the password is multidimensional.

Abstract: An image processing apparatus includes a generation unit configured to scan a document and generate an original image, a decoding unit configured to decode a two-dimensional code on the original image generated in the generation unit to obtain original information, and a determination unit configured to determine whether the original information obtained in the decoding unit contains a password. The image processing apparatus also includes a conversion unit configured to convert the original image generated by the generation unit into an electronic file attaching the password if the determination unit determines that the original information contains the password, and convert the original image generated by the generation unit into an electronic file without attaching the password if the determination unit determines that the original information does not contain the password, and a sending unit configured to send the electronic file obtained by the conversion in the conversion unit.

Abstract: An access control method of a semiconductor device includes providing an inputted password as an input of a hash operator; performing a hash operation in the hash operator and outputting a first hash value; controlling the hash operator so that the hash operation is repeatedly performed in the hash operator by providing the first hash value as an input of the hash operator when the first hash value and a second hash value stored in a nonvolatile memory do not coincide; and setting an access level with respect to the inner circuit according to the repetition number of times of the hash operation of the hash operator when the first and second hash values coincide.

Abstract: Disclosed are methods, systems, and computer program products for identifying sensitive data from a user-entered input sequence based on user-defined criteria. According to one method, user-defined criteria for identifying sensitive data within user-entered input sequences that include sensitive data and padding data are received. A request for sensitive data from a requesting agent is presented. A user-entered input sequence that includes sensitive data and padding data is received in response to the request for sensitive data. Sensitive data is identified within the user-entered input sequence using the user-defined criteria. The identified sensitive data is provided to the requesting agent in response to the request for sensitive data.