Abstract: A method implemented on an augmented reality electronic device includes establishing a wireless connection with an automated teller machine (ATM). The AR electronic device is used to authenticate a user of the AR electronic device at the ATM. An initiation is permitted of a financial transaction through user interface functionality for the ATM that is displayed on the AR electronic device. Financial information for the financial transaction is displayed on a display screen of the AR electronic device, instead of displaying the financial information at the ATM.

Abstract: Method and system are provided for security credentials management for client applications. The method includes: detecting a user is entering security credentials for authentication of a client application; hashing at least a portion of the entered credentials to obtain current hashed credentials and storing the current hashed credentials; and comparing the current hashed credentials to previously stored hashed credentials for the client application. If the current hashed credentials and the previously stored hashed credentials match, the method may store the credentials for automatic completion of the credentials for the client application.

Abstract: Distributed systems and methods for encrypting data on a blockchain network are disclosed. One system comprises at least one injector coupled to a node on the blockchain, a controller coupled to the injector, and a generator coupled to the controller. The injector intercepts messages bound for the blockchain and encrypts data in the messages using encryption information received from the controller. The controller acquires encryption information from the generator, which generates encryption keys and derives encryption information from those encryption keys. The encryption information may be divided into multiple parts and distributed between a plurality of injectors. As a result, to assemble an encryption key for encrypting or decrypting data, an injector may have to cooperate with other injectors to acquire sufficient encryption information to re-assemble the encryption key.

Abstract: A method can include obtaining access code data corresponding to an access code transmitted to a user device. The method can further include monitoring the user device. The method can further include determining, based on the monitoring, that the access code is shared. The method can further include initiating, in response to the determining that the access code is shared, an invalidation of the access code.

Abstract: A user may provide a financial card to an automated teller machine (ATM) or point of sale (POS) terminal and may be authenticated by providing a gesture and/or an image selection via a mobile device to the ATM or the POS. The gesture and/or image selection may be provided using a touchscreen of the mobile device. The gesture and/or image provided by the user via the mobile device may be compared to a stored gesture and/or image provided by the user during an earlier registration of the financial card. If there is a match between the gesture and/or image provided by the user via the mobile device and the previously stored gesture and/or image, then the user is authenticated and may access an account associated with the financial card.

Abstract: A method for generating a dynamic username includes receiving a static component of a dynamic username and a selection of a dynamic parameter component of the dynamic username from a user. The static component and the selected dynamic parameter component are combined in a predetermined order, based on a user selected option. The dynamic username is produced from the combined static component and the selected dynamic parameter component based on the predetermined order. A rule for producing the dynamic username is generated. The rule defines the predetermined order of the static component and the selected dynamic parameter component. The static component and the rule are stored in a credential database with the rule being associated with the static component.

Abstract: An authentication management system receives a resource request directed to a software service, which may require password-based authentication. The system redirects the resource request to an authentication identity provider (IdP), and receives an authentication token generated by the authentication IdP. The redirecting of the resource request comprises transmission of an authentication request, which includes user identity information that can be authenticated by the IdP but does not include a password for the software service. In response to receiving the authentication token, the system causes a shadow account to be created with the software service. For password-based authentication, this may include setting a temporary, random password for the shadow account. The system is then able to generate authenticated connection information (e.g.

Abstract: Automating discovery server configuration as part of a discovery process includes determining one or more subnets selected from multiple subnets. Each of the one or more subnets selected is associated with a respective scheduled task. In response to determining the one or more subnets selected, one or more available discovery servers are identified from multiple discovery servers. The one or more discovery servers are configured based at least in part on the one or more subnets selected. In response to the automatic configuration, network discovery is initiated to perform the respective scheduled task.

Abstract: Methods, non-transitory computer readable media, and access policy manager apparatus that assists with enforcing an access control list based on one or more managed applications includes receiving a request to access a web application from an enrolled mobile device. An access control for the received request is identified based on data associated with the enrolled mobile device and a user using the enrolled mobile device. The identified access control list is enforced on the enrolled mobile device to determine when to provide access to the requested web application. Access to the requested web application is provided to the enrolled mobile device when enforced access control list comprises data to allow the enrolled mobile device access to the requested web application.

Abstract: An information handling system with improved data security has a signal detector circuit to receive a signal interrupt from a plurality of signal interrupt sources, and an authentication timer circuit that starts measuring a configured time duration based upon the received signal interrupt. A scrambler module initiates data scrambling upon completion of the configured time duration.

Abstract: A computer-implement method of processing resource exchange information includes the following steps: obtaining a data package including a user card identifier and a social network application identifier from a mobile phone; establishing a correspondence between the user card identifier and the social network application identifier and storing the correspondence in the computer system; obtaining user card data and resource exchange information from a payment terminal, wherein the user card data includes the user card identifier; performing security verification to the user card data and obtaining the corresponding social network application identifier when the security verification succeeds; processing a resource transfer request according to the social network application identifier and the resource exchange information and generating corresponding processing state information; and returning the corresponding processing state information to the payment terminal.

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

Abstract: An example operation may include one or more of creating a proposed transaction including one or more assets, transmitting the proposed transaction to a user device for authorization, receiving authorization from the user device via an asynchronous one-time password to authorize the proposed transaction, and creating a blockchain transaction including the asynchronous one-time password and content of the proposed transaction responsive to receiving the authorization.

Abstract: A method includes: training a prediction model with sample data; obtaining user information of a user as an input feature to the prediction model; predicting, using the prediction model according to a set of determination conditions, whether the user has forgotten a payment password associated with a payment application; and in response to predicting that the user has forgotten the payment password and detecting the user logging in the payment application with a login password different from the payment password, displaying a user interface for directing the user to a payment password resetting interface for resetting the payment password.

Abstract: A device may receive an input that indicates a request to initiate a transaction at an ATM device. The device may instruct the user to capture one or more images of the ATM device. The device may determine that an image has been captured and process the image to determine first information that identifies the ATM device. The device may send the first information to a server device and receive a signal that indicates the ATM device has been validated. The device may cause an augmented reality (AR) overlay to be displayed, wherein the AR overlay includes second information related to authenticating the user to the ATM device. The device may determine whether a user action is performed with respect to the second information included in the AR overlay, and perform a device action related to the second information, the ATM device, or the AR overlay.

Abstract: An information processing apparatus includes a memory, a request unit, an authenticating unit, and a determination unit. The memory stores authentication information for performing user authentication. When authentication information of a user who is a target of the user authentication is not stored in the memory, the request unit requests the authentication information from a different information processing apparatus. The authenticating unit performs the user authentication by using the authentication information stored in the memory or obtained from the different apparatus in response to the request from the request unit. The determination unit determines whether the apparatus or the different apparatus is to store the authentication information. When the authentication information is not stored in the apparatus, if it is determined that the apparatus is to store the authentication information, the memory stores the authentication information obtained in response to the request from the request unit.

Abstract: The present disclosure is related to devices, systems, and methods for preemptive alerts in a connected environment. An example device can include instructions to receive a log from a first log source, determine whether a pattern of events in the log exceeds an alert threshold of the first log source, wherein the pattern of events is associated with an event source, in response to the pattern of events exceeding the alert threshold, trigger an alert particular to the event source, and in response to the pattern of events exceeding the alert threshold, initiate a sensitivity threshold of a second log source that provides a same functionality as the first log source, wherein the sensitivity threshold is more sensitive than the alert threshold, and wherein the sensitivity threshold is particular to the event source.

Abstract: Disclosed is a client system for facilitating authentication of a user characterized by validating a password, at the client machine, transmitted by a server. In order to authenticate the user, initially, the client machine transmits a User Identification (ID) to the server. Upon receipt of the User ID, the server receives the User ID from the client machine and accordingly transmits a password to the client machine. In one aspect, the password may be transmitted by identifying the password, pertaining to the User ID, from a server password database and altering the password, to be transmitted, based on the metadata by using a Random Character Generator (RCG) algorithm. Subsequently, the client machine receives the password pertaining to the User ID from the server. Post receipt of the password, the client machine compares the password with a complementary password stored in a client password database presents on a client machine.

Abstract: A system for vaultless tokenization and encryption includes an iframe service for collecting data and a tokenization service for (de)tokenizing and encrypting/decrypting data. The system is accessible to users and partners that submit requests causing various functions to be executed by the system. The functions include, but are not limited to, providing (de)tokenization and/or encryption services, and managing and creating templates for iframe collection, (de)tokenization, and encryption/decryption. A template service facilitates generation of templates that parametrize collection of original data via served iframe elements, tokenization and/or encryption of original data, and detokenizing and/or decrypting tokens to recover original data. An iframe service is configured for providing a virtual terminal, an iframe that provides users direct access to (de)tokenization and/or decryption/encryption services.

Abstract: A computerized method of reducing a probability for falsely classifying a legitimate authentication process conducted by a legitimate user as a password guessing attack, comprising estimating a password guessing attack risk for an authentication process conducted by a user for accessing a secure service by performing the following for each of a plurality of failed access attempts in which the user provides incorrect authentication credentials: (1) calculate a risk score for a respective failed access attempt based on analysis of the incorrect authentication credentials provided during the respective failed access attempt and (2) update an authentication session score of the authentication process according to the calculated risk score and initiate one or more actions in case the updated authentication session value exceeds one or more threshold values extracted from a security policy predefined for the secure service.

Abstract: A speech interface device is configured to defer encryption of audio data on-device until a time when the encryption operation is not competing with other computationally-intensive operations for responding to the audio data. For example, audio data based on sound captured in an environment of the speech interface device can be stored in volatile memory of the speech interface device, without encrypting it, until a set of processing operations (e.g., ASR processing, NLU processing, audio event processing, etc.) performed based on the audio data have stopped. Based on a determination that these processing operations for responding to the audio data have stopped, the logic may encrypt the audio data to generate encrypted data, and the encrypted data can be stored in non-volatile memory of the speech interface device for uploading to a remote system when a connection is available.

Abstract: Some examples include detecting that a source computing device is in proximity to a target computing device. For instance, a user credential of the source computing device may be received from the source computing device. Further, a copy of system data of the source computing device may be retrieved from a cloud storage service. A system state of the source computing device may be restored on the target computing device by using the user credential received from the source computing device and the copy of the system data of the source computing device retrieved from the cloud storage. In some cases, the user credential may expire on the target computing device after a predetermined system event in the target computing device.

Abstract: Preparing a key block in a memory system. Various methods include: selecting a candidate key block of memory; checking a quality of the candidate key block using a word line of the candidate key block; altering operating parameters of the candidate key memory block; and registering the candidate key memory block as the key block. Where altering the operating parameters includes replacing a first set of parameters associated with the first memory block with a second set of parameters, where the first set of parameters includes a first erase parameter, a first program parameter, and a first read parameter, where the memory block operating in a normal block mode is accessed using the first set of parameters, and the second set of parameters includes a second erase parameter, a second program parameter, and a second read parameter, where the first memory block is accessed using the second set of parameters.

Abstract: Techniques are provided for preventing suspicious computer operations using a multi-channel protocol. An exemplary method includes detecting an operation comprising suspicious activity on a first device of a user; in response to the detecting, providing a control signal to suspend the operation on the first device; providing a notification of the suspicious activity to an identity system, wherein the identity system (i) provides an approval request to a distinct second device of the user to verify whether the operation is an authorized operation, (ii) receives a reply from the second device comprising an indication of whether the operation is an authorized operation, and (iii) notifies the first device of whether the operation is an authorized operation; and providing a control signal to enable the operation to proceed on the first device responsive to the reply from the second device indicating that the operation was an authorized operation.

Abstract: The application provides a user interface switching method and a terminal. After the terminal triggers a TUI display request of a CA according to a first operation on a CA interface by a user, the terminal switches a display environment of the CA from an REE to a TEE according to the TUI display request, and then displays a TA interface that is of the CA and that is in the TEE. In this case, the user may perform an operation of inputting sensitive information on the TA interface, and a malicious program that runs in the REE cannot access a hardware device to obtain the input operation in the TEE by the user. Therefore, t sensitive information of the user is stolen is prevented, thereby effectively enhancing security of the input operation by the user.

Abstract: Techniques are provided for using tokenization in conjunction with “behind-the-wall” JWT authentication. “Behind-the-wall” JWT authentication refers to JWT authentication techniques in which the JWT stays exclusively within the private network that is controlled by the web application provider. Because the JWT stays within the private network, the security risk posed by posting the JWT in a client cookie is avoided. However, because JWT is used behind-the-wall to authenticate a user with the services requested by the user, the authentication-related overhead is significantly reduced.

Abstract: A concealed-decision-tree computation system includes a user apparatus and 0th to (n?1)-th server apparatuses, where n is a predetermined positive integer. The user apparatus secret-shares data D into n shares [D]j (j=0, . . . , n?1) and sends the n shares [D]j (j=0, . . . , n?1) to the 0th to (n?1)-th server apparatuses, respectively. The 0th to (n?1)-th server apparatuses use the n shares [D]j (j=0, n?1) to perform secret cooperation computation to obtain n shares [out]0, . . . , [out]n-1 of a value “out” corresponding to the data D in a predetermined decision tree and send the n shares [out]0, . . . , [out]n-1 to the user apparatus. The user apparatus uses at least k shares out of the n received shares [out]0, . . . , [out]n-1 to restore the value “out” corresponding to the data D in the predetermined decision tree, where k is a predetermined integer equal to or smaller than n.

Abstract: A method for accessing legacy devices via Augmented Reality (AR) devices. The method includes acquiring, via an AR device, an image of a keyboard of a legacy device. The method includes accessing customer commands for initiating of a transaction using the legacy device. The method includes determining a command sequence based, at least in part, on the customer commands, the command sequence mapping to a keystroke sequence to be entered using the keyboard. The method includes generating an overlay indicating a keystroke sequence corresponding to the command sequence. The method also includes displaying, via the AR device, the overlay by visually projecting the overlay over the keyboard of the legacy device.

Abstract: Methods and systems for authenticating a user account based on a password are disclosed. In one aspect, a method includes receiving input defining a sequence of characters included in an entered password, ignoring characters between a first position in the sequence of characters and a second position in the sequence of characters, and validating the password based on non-ignored characters in the sequence of characters.

Abstract: Systems and methods are provided for online transactions using pattern recognition. A user of a payment provider may create and register patterns drawn by the user on a pattern entry image. The user may register the patterns by associating transaction options with each drawn pattern. Each pattern may be used to execute a particular transaction such as a purchase transaction, a payment of a specific amount, a payment to a specific recipient, or a sales transaction. When the user wishes to execute a transaction such as an online payment to a particular recipient for a particular amount, the user can redraw the registered pattern associated with payments to that recipient for that amount. A pattern can be drawn at a particular location on the pattern entry image. Different transactions can be associated with patterns drawn at different locations.

Abstract: Provided is a password authenticating apparatus that can provide a hint for selecting a password without displaying a part of the password. The input-receiving unit receives input of a password as an input password. A password-header-comparing unit compares a header portion of the input password up to a number of header comparison characters with authentication information, and determines whether or not the header portion of the input password up to the number of header comparison characters matches a portion from the start of a registered password up to the number of header comparison characters. A screen-generating unit, when it is determined there is no match, generates a header-error screen providing guidance that the input password already does not match in the header portion as a display screen. A display-control unit causes a display unit to display the display screen generated by the screen-generating unit.

Abstract: A method and an apparatus for device security verification utilizing a virtual trusted computing base are provided. The validity of a key for decryption is verified by a secure memory loader running on a processor of a device after booting of the device which is a computing device, and if the key is valid, encrypted firmware stored in a memory of the device is decrypted using the key to verify the confidentiality of the firmware. Then, the security memory loader verifies the authentication and integrity of the firmware by comparing a signature value generated for the decrypted firmware with an existing signature value.

Abstract: Tracking and analysis of the location of user and device access to telecommunications services may be used to validate that a given user or device is part of an authorized subscriber household and is therefore properly accessing those services in accordance with the terms of service. A service provider may determine, based on previously collected data and user information collected while a user accesses a service, whether the user's pattern of access establishes a required pattern of access determined by the service provider, such as access on a minimum periodic basis from the home of an authorized subscriber.

Abstract: A secure boot mechanism is described. The secure boot mechanism can operate in environments not originally designed to support such a mechanism. Downstream boot components can be executed from an encrypted boot partition. A first stage boot loader (FSBL) can load a second stage boot loader (SSBL) from an encrypted disk partition. The FSBL can decrypt and load the SSBL. The FSBL can intercept all I/O initiated by the SSBL so that the SSBL can transparently operate on an encrypted disk partition as though the encrypted disk were unencrypted.

Abstract: A method includes: training a prediction model with sample data; obtaining user information of a user as an input feature to the prediction model; predicting, using the prediction model according to a set of determination conditions, whether the user has forgotten a payment password associated with a payment application; and in response to predicting that the user has forgotten the payment password and detecting the user logging in the payment application with a login password different from the payment password, displaying a user interface for directing the user to a payment password resetting interface for resetting the payment password.

Abstract: A system for facilitating authentication of a user based on a polygonal image includes a registration module registering a user by selecting a password artifact comprising a first polygon and a first image from a set of images. The first polygon includes a plurality of grids. The registration module slices the first image to derive a set of sub first images based on the grids and derives a first image pattern by aligning a sub image on each of the grids in accordance with a preference defined by the user. The authentication module authenticates the user by displaying a plurality of password artifacts comprising a plurality of polygons and a plurality of images and derives a second image pattern upon aligning a sub image of a set of sub second images, created by slicing a second image, on each of a plurality of grids associated to the second polygon.

Abstract: Example techniques are described for image-based user authentication. An example method includes receiving, by a host system, a passphrase comprising a plurality of words, the passphrase being provided for authentication of a user. The method further includes generating, by the host system, an image selection grid comprising a plurality of images, each word from the passphrase corresponding to one or more images from the image selection grid. The method further includes receiving, by the host system, a plurality of selected images from the image selection grid. The method further includes storing, by the host system, the selected images as a login challenge for the user.

Abstract: A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.

Abstract: The present invention relates to a technique of authenticating a user by using junk data randomly generated when a password is inputted. According to the present invention, a password is received from a user and is stored, and it is determined whether a password matches with an original password stored in a memory among junk data and a password inputted together in a user authentication step. At this time, if a password including the junk data matches, by at least a certain length or more, a password including junk data inputted in a previous authentication step, user authentication fails even if the separately extracted passwords match each other, such that security can be further enhanced.

Abstract: An apparatus and method for setting authentication information of an information processing apparatus is provided. When a setting of a password to a PostScript (PS) interpreter is performed by a PS command, the password is stored in a volatile memory. When the setting of a password to the PS interpreter is performed through a setting screen, the password is stored in a nonvolatile memory, and thereafter, stored in the volatile memory.

Abstract: Devices, systems and process for authenticating devices are described. For at least one embodiment, a process for authenticating an IoT device with a hub to initiate an authenticated session, includes the operations of establishing an electronic data connection between an IoT device and a hub, sending an initial authentication signal including a cryptologic component and at least two perceptible components, receiving a responsive message secured by a cryptologic component and including a selection of at least one of the at least two perceptible components, determining whether the selection includes the identifying perceptible component, and establishing an authenticated session between the hub and the IoT device, if the result of the determining step is affirmative.

Abstract: A firmware can include multiple features for multiple users enabled based on the presence of authenticated variables. When attempting to access functionality of a feature, the firmware will check for the presence of an authenticated variable corresponding to the feature. The authenticated variable for the feature may be installed by a user. The firmware may data to enable a feature that includes an authenticated variable for enabling the feature and an authenticated variable corresponding to an end-user of the firmware. If the firmware has access to the end-user authenticated variable, the feature authenticated variable is installed.

Abstract: The present application provides a method for generating a SIMLOCK password. The method includes: obtaining an IMEI number of a mobile terminal; searching for the IMEI number in a database; if the IMEI number is not found, randomly generating a SIMLOCK password so that the SIMLOCK password corresponds to the IMEI number; and sending the SIMLOCK password to the mobile terminal, wherein the database is configured to store the IMEI number and the SIMLOCK password corresponding to the IMEI number. Through the above manner, the present disclosure may improve security of the mobile terminal.

Abstract: A computer device may include a memory storing instructions and processor configured to execute the instructions to provide a presentation image to a user device, wherein the presentation image is associated with a first model. The processor may be further configured to receive an image captured by a camera of the user device and a recorded alignment of the presentation image on a display of the user device; generate a second model based on the received image captured by the camera of the user device; determine an alignment of the first model with the second model based on the recorded alignment of the presentation image on the display of the user device; and generate an authentication determination verifying whether a user of the user device is human, based on the determined alignment of the first model with the second model.

Abstract: A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

Abstract: An information processing device includes a display. A password input screen for a user to input a password is displayed on the display. When the password is input on the password input screen, the useful number-of-days of the input password is calculated according to a predetermined calculation condition. When the useful number-of-days of the password is calculated, a confirmation screen for allowing the user to confirm the useful number-of-days of the calculated password is displayed on the display.

Abstract: A system and method for routing IP-based messaging, voice and video calling, comprising detecting network parameters of a network that a device is connected to, detecting a location of the device and routing the call based on the network parameters and the location.

Abstract: A method for image based authentication of a human computer user as opposed to a robot is applied in a server. The server generates a CAPTCHA image and preprocesses the CAPTCHA image. The CAPTCHA image is preprocessed by halftoning and mapping pixel sparsity onto pre-computed levels by block based operation. The server then encrypts the preprocessed CAPTCHA image into two shared images and transmits same to the client device. The client device renders the two shared images on a display through a user interface to facilitate superimposition of the two shared images and the user can visually decrypt the preprocessed CAPTCHA image and input an authentication code according to the CAPTCHA characters.

Abstract: Disclosed herein are embodiments of systems, methods, and products for authentication using entropic threshold. A server may require a user to create a series of security questions to which only the user has the answers. The answers to the security questions may satisfy an entropic threshold. Based on the answers to the security questions, the client device may generate a passphrase and encrypt the user's private key based on the passphrase. The server may also store the encrypted private key and the series of security questions into a database. When the user tries to access the private key, the server may send the user's security questions and encrypted private key. The client device may require the user to provide the answer to each security question. When the client device receives answers to all security questions, the client device may use the resulting passphrase to decrypt the user's encrypted private key.

Abstract: The information processing device includes a registration information obtaining unit, a data generating unit and a transmission processing unit. The registration information obtaining unit obtains user identification information, a login password, and attribute information in association with one another as user registration information. The data generating unit generates incomplete attribute information and complementary attribute information such that the attribute information can be reconstructed by combining the incomplete attribute information and the complementary attribute information with each other. The transmission processing unit transmits the user identification information, the login password, the incomplete attribute information, and the complementary attribute information to another information processing device.