Abstract: The accessibility of a hyperlinked files is displayed. A hyperlink that references a resource is extracted from a target file. An attempt to acquire the resource is made by performing a first authentication operation. A first object is received in response to performing the authentication operation. A second object is acquired by performing a second authentication operation using pre-determined authentication information. The first object and the second object are compared to determine if the first object is the same as the second object. Information indicating the accessibility of the resource is presented via a display apparatus.

Abstract: Provided is a network system which improves a security and prevents illegal use when providing services such as Internet banking services. A random graphic table (RMT) is issued to a user, and having text characters which a user inputs and figures which corresponds to the text characters, respectively, and which is unrelated to the text characters such as a photograph. A banking organization server (30) manages random graphic table data corresponding to the random graphic table (RMT), distributes data for input including a portion of the random graphic table data to a communication terminal device (10) when information is inputted, and executing a specification of information to be specified while comparing the data for input with the random graphic table (RMT).

Abstract: A method and information handling system (IHS) that optimizes boot time. The method includes a basic input output system (BIOS) performing an authentication check of drivers during an initial boot process. The results of the authentication check are stored along with an unified extensible firmware interface (UEFI) image for each driver in an authentication results data structure (ARDS). In response to receipt of a subsequent request to enable a secure boot of the IHS, when the initial boot process was performed with the secure boot disabled, the ARDS is accessed to determine if any of the drivers failed the authentication check. When none of the drivers have failed the authentication check, the boot process is continued using the UEFI images of the drivers. When at least one of the drivers has failed its authentication check, a notification is output indicating a failure of the authentication check.

Abstract: A method and system are provided for authenticating a user to an application back-end using a key pair and one or more bearer tokens such as a password, a biometric code, or a biometric key, while protecting the bearer tokens against back-end security breaches. In one embodiment, an application front-end authenticates the user by sending the bearer tokens and a public key to the application back-end, and demonstrating knowledge of a private key. The application back-end compares an authentication-phase tag derived from a joint hash of the public key and the bearer tokens against a registration-phase tag stored in a device record within a back-end database. The public key is not stored in the database, thereby depriving an adversary who breaches back-end security of information needed to test guesses of the bearer tokens.

Abstract: Techniques related to view-based expiration of shared content are described. An online content management system receives a view access request from a client device. The view access request includes a shared link to a server-stored content item. A view access counter associated with the shared link is used to determine that the view access request is authorized. The shared link is resolved to the server-stored content item, and at least a portion of the server-stored content item is sent to the client device. Optionally, instructions that cause the client device to send an acknowledgement can also be sent to the client device. The acknowledgement indicates that one or more presentation conditions have been satisfied. The one or more presentation conditions can include presenting at least the portion of the server-stored content item at the client device. The online content management system receives the acknowledgement and increments the view access counter.

Abstract: An information processing system establishes connection between an information storage apparatus and an application installed in a terminal including a storage device for storing authentication information. The information processing system includes a setting information acquisition unit configured to acquire setting information from the information storage apparatus when the terminal receives an execution request to execute the application, the setting information indicating whether to prompt input of the authentication information.

Abstract: Techniques for bridging a honey network to a suspicious device in a network (e.g., an enterprise network) are disclosed. In some embodiments, a system for bridging a honey network to a suspicious device in an enterprise network includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an internal network communication from a suspicious device in the target network environment to the virtual clone for the target device in the honey network.

Abstract: An authentication scheme in which an instance of a designated element is shifted to proximity with a designated target to gain access a device may be enhanced by creating conditions that allow for either the designated element or the designated target to be different for each instance of authentication. In one embodiment, a secondary display portion may be used to provide an indication of a dynamic designated element. In another embodiment, a secondary display portion, in combination with a tertiary display portion, may be used to provide an indication of a dynamic designated target.

Abstract: Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store.

Abstract: Systems and methods for configuring user equipment (UE) for use with compatible subscriber identity modules (SIMs) is disclosed. The UE can include a UE SIMLock configuration containing one or more UE parameters and a value for each category. A compatible SIM can include a SIM configuration with compatible SIM values. The UE can request a UE SIMLock configuration from one or more telecommunications network devices using secure communications. The UE can receive a UE SIMLock configuration from the telecommunications network device. The UE SIMLock configuration can be applied to the UE modem governing SIMLock engine behavior. The UE SIMLock configuration can be updated dynamically with subsequent messages from the telecommunications network device to reflect changes in the account associated with the UE, such as the fulfillment of a contract or theft of the UE.

Abstract: An apparatus includes a memory, and a processor coupled to the memory and configured to specify a communication source device that performs a plurality of traffic confirmations of communications with a plurality of first devices, and control to discard a plurality of first authentication requests for the plurality of first devices generated by the communication source device after performing the plurality of traffic confirmations of communications.

Abstract: A network access service operates as an intermediary between client applications and network services. The network access service is configured to perform one or more authentication processes required by the network services on behalf of the client applications. This includes the network access service obtaining and managing access tokens on behalf of the client applications. The network access service reuses access tokens and automatically acquires new access tokens upon expiration. The network access service is also configured to format data from a client application into a format required by a network service and to provide application program interface and language support required by a network service.

Abstract: A method, and a system are provided for implementing cloud based malware container protection. A container is provisioned for a user. The container is monitored, and when an abnormal activity is detected based upon historical metric data, a unikernel is provisioned and a user application is migrated to the unikernel while inspection occurs.

Abstract: A Privacy Controlled Social Network including a first device that shares content with a second device through at least one network, where content is “encoded” or “locked” at the first device by applying a locking code. In embodiments, the locked content that is shared may include media that is locked by applying the locking code at the first device. The locked content may be shared with the second device and include a message or caption that is not locked and viewable by the recipient user of the second device. The locked content may be unlocked by providing the appropriate code to a user interface to unlock the content for the user of the second device. A lock/unlock scheme using input related to a display of an item associated with the content to lock/unlock the content may utilize gestures on a touch screen displaying the item as the lock/unlock code.

Abstract: An access control system utilizes authorized users' mobile electronic devices for transmitting biometric identifiers in combination with using a key card, for authenticating the user's access privileges for unlocking a secure door. The system may further verify proximity of the user's device to the access control reader, which verifies correspondence of the key card with the transmitted biometric characteristics. The system may further require entry of a PIN into the user's device, for its transmission to the access control system for access confirmation. A scanner scans the area around its geographic location for search signals emitted by mobile electronic devices, and identifies a position, a type, and an address of each device, using characteristics of the search signals. Audio analytics detect/identify a position of sudden sound fluctuations indicating a gunshot/fight incident, and correlates the incident location to a device location.

Abstract: Disclosed is a method, apparatus, and system to control the unlocking of an entry for a guest having a wireless device by an owner access point. A virtual key for a wireless device and an access control rule associated with the virtual key may be stored at the owner access point. The owner access point may determine whether a virtual key received from a wireless device matches the stored virtual key and whether the access control rule for the stored virtual key is satisfied. If the virtual key matches, and the access control rule for the stored virtual key is satisfied, the owner access point may transmit an open command to the entry.

Abstract: A computer-implemented method for managing access may include (1) identifying an attempt to perform, within a computing environment, an action that involves a specific entity, (2) determining that the attempted action is anomalous for the specific entity, (3) identifying a quota of allowed anomalous actions for the specific entity, (4) determining that the attempted action causes a count of anomalous actions to exceed the quota of allowed anomalous actions, and (5) performing a security action based on the determination that the attempted action causes the count of anomalous actions to exceed the quota of allowed anomalous actions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Disclosed is a storage device reader for interfacing a storage device and a user terminal, which includes a storage unit and a control unit. The data storage unit stores reader recognition information uniquely assigned to the storage device reader. The control unit retrieves reader recognition information stored in the storage device, determines whether or not the retrieved reader recognition information matches reader recognition information stored in the data storage unit, and transferring a file list stored in the storage device to the user terminal if the retrieved reader recognition information matches the stored reader recognition information.

Abstract: Embodiments of the present invention disclose a mood information processing method and apparatus. The method includes: first determining a mood information mode that corresponds to an application program, acquiring mood information of a message sender if the mood information mode that corresponds to the application program is transmitting a mood or correcting a mood, and then sending the mood information of the message sender to a message receiver. The embodiments of the present invention are applicable to outputting mood information of a user in an application program.

Abstract: Systems and methods are provided for online transactions using pattern recognition. A user of a payment provider may create and register patterns drawn by the user on a pattern entry image. The user may register the patterns by associating transaction options with each drawn pattern. Each pattern may be used to execute a particular transaction such as a purchase transaction, a payment of a specific amount, a payment to a specific recipient, or a sales transaction. When the user wishes to execute a transaction such as an online payment to a particular recipient for a particular amount, the user can redraw the registered pattern associated with payments to that recipient for that amount. A pattern can be drawn at a particular location on the pattern entry image. Different transactions can be associated with patterns drawn at different locations.

Abstract: A computer implemented user authentication method, according to which a mobile application is installed on the mobile terminal device of the user and when the user inputs his username and password, the mobile application creates a private and public encryption keys and encrypts the password with the public key. Data including the encrypted password, the username and the public key is sent to a dedicated server and stored therein as an encrypted file under the username, along with information required for contacting the user's mobile terminal device. The user to selects, and enrolls to, an advanced authentication mechanism, which creates an authentication key for validating the identity of the user and encrypting the private key. The encrypted private key is stored on the user's terminal device. Upon launching the mobile application, the user selects a preferred advanced authentication mechanism which returns an authentication key upon successful authentication of the user.

Abstract: A method and computer for assessing whether a password can be generated by using characteristics of a physical arrangement of keys of an input device. A received password includes characters corresponding to respective select keys in a sequence of select keys of the input device. For each select key, a final detection frequency is calculated as a sum of an initial detection frequency and an additive correction. A password determination value is calculated as a ratio of a total number of select keys having a final detection frequency equal to a minimum detection frequency and the total number of select keys in the sequence of select keys. A determination of whether the calculated password determination value is, or is not, less than a predetermined threshold value indicates that the password cannot, or can, respectively, be generated by using the characteristics of the physical arrangement of keys of the input device.

Abstract: External data storage device queries the user for a password on at least the first attachment. The password is escrowed in encrypted form. If the user elects this option, the password is then passed to an encryption module which unlocks the encrypted file or partition and upon subsequent attachments of the external data storage device may automatically unlock the encrypted file or partition using the securely escrowed password. The escrow of the encrypted password is managed in an external storage device containing the encrypted file or partition.

Abstract: A method and system for verification of a pattern based passcode. User input of a series of key inputs to a keyboard is received from a user. A registered pattern for the user of a sequence of keyboard direction movements is retrieved, wherein the pattern based passcode is the registered pattern. A first character in a first key input of the series of key inputs is identified, wherein the first key input is the first key, of the series of key inputs, that was inputted by the user. It is determined is made that that the identified first character is not in an excluded group of characters and in response, it is verified that a pattern of directional movements from the first character to the remaining characters after the first character in the series of key inputs matches the registered pattern for the user.

Abstract: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.

Abstract: A technique is directed to operating an authentication system. The technique involves receiving an enrollment request to enroll a user in a new authentication procedure in place of an earlier-established authentication procedure. The earlier-established authentication procedure is operative to authenticate the user at a first security level within a range of security levels. The new authentication procedure is operative to authenticate the user at a second security level within the range of security levels, the first security level being at least as high as the second security level within the range of security levels. The technique further involves, in response to the enrollment request, initiating the earlier-established authentication procedure to authenticate the user. The technique further involves, in response to completion of the earlier-established authentication procedure, performing an authentication enrollment operation associated with the new authentication procedure.

Abstract: A plurality of subscribers are registered to receive, from a publisher component, at client devices, via a broker component, at least one of messages and content pertaining to a first topic. Each of the subscribers is caused to generate one of N random numbers. A different one of the N random numbers is generated by each of the subscribers. Each of the subscribers is instructed to listen only for the messages and content pertaining to the first topic and corresponding to the corresponding one of the N random numbers. The at least one of messages and content pertaining to the first topic are published to those of the subscribers associated with each one of the N random numbers, number by number, until the at least one of messages and content pertaining to the first topic has been published to all of the plurality of subscribers.

Abstract: In an information terminal device, tap information in accordance with a pattern of a tapping operation of a user is acquired, and unlocking information is acquired in which unlocking tap information items, each of which functions as an unlocking key for each of applications, are associated with the corresponding applications. If a predetermined condition is satisfied, the present device is changed from a normal state to a locked state. If the present device is in the normal state and the acquired tap information coincides with any one of the unlocking tap information items, the present device is changed from the locked state to a limited unlocked state in which at least the application associated with the relevant unlocking tap information item is operable.

Abstract: Certain aspects of a device and method for authenticating a user are disclosed. The device may display a first set of images and receive a user input. The received user input may comprise a set of gestures and a selection of a plurality of images from the first set of images in a pre-determined sequence. The selected plurality of images may be modified based on the set of gestures. The device compares the modified selected plurality of images with a second set of pre-stored images. The device may authenticate the user based on the comparison.

Abstract: A system to control access to a nonvolatile memory. The system includes an embedded controller, and a nonvolatile memory including a password. The embedded controller and the nonvolatile memory may be in communication with one another. The system further includes a lock register receiving and storing the password from the nonvolatile memory, and a key register receiving a key from the embedded controller and holding the key for one machine cycle. Further, the system includes a comparator connected between the lock register and the key register. The comparator compares the password received from the lock register and the key received from the key register. Output from the comparator is provided to an access filter connected between the embedded controller and the nonvolatile memory. Based on the comparator output, the access filter may grant or block access to the nonvolatile memory.

Abstract: A method is provided for accessing user personal information. In such method, personal information belonging to a particular user is stored at a user information processing system such as a user computer. A form may then be displayed on the user information processing system. A user-provided recall input can then be received at the user information processing system and the fact of its receipt can be indicated on the form. Using the recall input, the stored user personal information can be accessed for processing in connection with the displayed form. Display of information at the user information processing system may then be manipulated based on a result of the processing.

Abstract: Presented are a method and a node in a Lawful Interception (LI) network, in which the node is configured to provide a Law Enforcement Agency with Intercept Related Information (IRI) and Content of Communications (CC) of data traffic in a digital communications network. The IRI and CC are forwarded to an Intercept Mediation and Delivery unit node (IMDU) of the LI network, wherein the IMDU is configured to sample the content of communications according a certain sampling rate to achieve one or more samples of the CC, and to forward the generated one or more samples to the Law Enforcement Agency.

Abstract: The present invention includes a device and method to authenticate a user to a computer prior to the user having access to the computer or network. As user name and password protocols are nearly ubiquitous in authentication applications used today, there have been developed many nefarious techniques to defeat the security of such systems. It is relatively easy to write a computer program to guess passwords and then use those passwords to defeat security and cause harm and mischief to a computer, its users and others. To thwart such activity, the present invention provides a novel device that can be provided within a keyboard, in a computer, or in a third device having connectivity thereto. The device in conjunction with the method provides a secure password mode and a challenge/response protocol to verify that the password is entered in response to a particular request for a password.

Abstract: A computer security system comprises a security module adapted to control access to a secure computer resource by a user via a client based on verification of a security credential provided by the user. The computer security system also comprises verification data disposed on the client and accessible by the security module. The security module is adapted to enable the user to recover the security credential based on a response received from the user associated with the verification data.

Abstract: Embodiments of the present invention disclose a method, system, and computer program product for bluesalt security. A computer receives a confidential data configuration wherein specific sensor are assigned to specific confidential information. The assigned sensors are measured for values as a system administrator enters a password corresponding to the confidential information. The measured values are converted into a salt and concatenated with the password to generate a primary key. The primary key is used to encrypt the confidential information, then the primary key is encrypted using a secondary key comprised of a second password with a second set of sensor information as the salt. The encrypted key is saved securely while the secondary key is destroyed. In order to decrypt the confidential information, a user must replicate the password and sensor values to generate the primary or secondary key.

Abstract: A method and apparatus for unlocking a mobile terminal can immediately execute a specific application at a lock screen. The method of unlocking a mobile terminal includes: outputting a lock screen including an icon area in which at least one icon representing an application is displayed and a pattern area that receives a pattern gesture input for unlocking; sensing a touch signal that moves a specific icon displayed in the icon area to the pattern area; determining whether a first pattern gesture for unlocking is input to the pattern area without release of the touch signal; determining, if a first pattern gesture is input, whether the input first pattern gesture corresponds with a preset unlock pattern gesture; and unlocking, if the input first pattern gesture corresponds with a preset unlock pattern gesture, the mobile terminal and executing an application corresponding to the specific icon.

Abstract: The present application relates to a method of providing connectivity to a vehicle. The method comprises, at a first device aboard the vehicle, establishing at least one first connection with at least one first network, the at least one first connection allowing communication with a second device remote from the first device, transmitting via the at least one first connection an allocation request to the second device, receiving via the at least one first connection an allocation response from the second device, the allocation response indicating a first authentication device from a plurality of authentication devices remote from the first device, and establishing a second connection with a network and authenticating the first device on the network using the first authentication device.

Abstract: A method and system for verification of a pattern based passcode. A user input of a series of key inputs is received. A registered pattern for the user of a sequence of keyboard direction movements is retrieved. A first character input in the series of key inputs is identified. It is determined that the identified first character is not in an excluded group of characters, wherein the excluded group of characters are previously used first characters in a defined period or number of instances for the user. In response to having determined that the first character is not in the excluded group of characters, the series of key inputs after the first character input is compared with the registered pattern for the user.

Abstract: Methods, systems, and computer-readable storage media for enforcing access control in encrypted query processing. Implementations include actions of obtaining a set of user groups based on the user credential and a user group mapping, obtaining a set of relations based on the query, obtaining a set of virtual relations based on the set of user groups and the set of relations, receiving a first rewritten query based on the set of virtual relations and a query rewriting operation, encrypting the first rewritten query to provide an encrypted query, and transmitting the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data.

Abstract: The obfuscation of information included in Session Initiation Protocol (SIP) invites for the purposes of facilitating Lawfully Authorized Electronic Surveillance (LAES) is contemplated. The obfuscation may include the use of LAES headers with invites of sessions that require surveillance as well as those not requiring surveillance and/or selecting values or otherwise influencing parameter selection of data included in LAES headers according to a validity function, a shared secret, a key or other construct.

Abstract: A computer system may have a password entry form with a text field for a user to enter a password. The computer may receive text input from the user and display the text input in the text field. In response to the text input of the user, and without additional input from the user besides the text input, the computer may submit the password for verification of correctness. In some embodiments, submission of the password for verification occurs after a trigger event, where trigger events include without limitation a threshold time elapsing from the most recent text input of the user, a threshold time elapsing from the most recent password submission, entry of a threshold number of text characters, “immediate” submission after entry or deletion of a text character, and so forth.

Abstract: Generally, this disclosure describes providing theft deterrence for a device while in transit. The system may include lock state circuitry configured to receive and store an unlock token, the unlock token configured to indicate that an associated device has successfully completed transit from a source to a destination; and lock state read circuitry configured to request the unlock token from the lock state circuitry and to determine whether the associated device has successfully completed transit from the source to the destination based on the unlock token.

Abstract: A method, and an associated computer system and computer program product. A login request is received from a user, to log into a computing resource, wherein the login request includes a password and a user identifier of the user. The received password is compared with a stored password to determine whether to grant access to the computing resource. Responsive to determining that the received password does not match the stored password, an authenticity of the login request is determined, based on one or more characteristics of the user and/or one or more checks performed against the received password. A score is calculated based on the determined authenticity of the login request. The login request is denied. Based on the calculated score, it is decided whether to lock the user and deny the user further access to the computing resource.

Abstract: A method is described for unlocking a mobile device. The method comprises reorienting, by the mobile device, a pre-defined grid displayed by the mobile device for unlocking the mobile device. The method further comprises displacing the pre-defined grid by an offset and receiving, by the mobile device, a gesture from a user for attempting to unlock the mobile device according to the grid. Based on the gesture for attempting to unlock the mobile device, a verification interface is displayed. The mobile device is unlocked in response to the user successfully tracing the verification pattern.

Abstract: A mechanism is provided for determining and verifying a passcode is disclosed. The mechanism defines a passcode by a set of rules, each representing the position of a target key relative to a reference key on a given keyboard. The mechanism receives user selection of a passcode subset of the set of passcode pattern rules for representing a passcode comprising a pattern of keys on the keyboard. The mechanism stores the passcode subset of rules for subsequent verification against a user input passcode for controlling access to a resource.

Abstract: Some demonstrative embodiments include apparatuses, systems and/or methods of managing at a mobile device execution of an application on a computing device. For example, an apparatus may include an execution manager to manage at a mobile device execution of an application by a computing device, the execution manager to communicate with the computing device over a wireless communication link between the mobile device and the computing device, and to execute at the mobile device a front-end to control interaction between a user of the mobile device and the application according to a configuration of the mobile device.

Abstract: A method and system for authenticating a user is provided. The method includes receiving keyboard entries from a user while a cursor of a computer screen is positioned in a password field of the user. The keyboard entries include a series of alphanumeric characters forming part of a password of the user and one or more function keys that either delete one or more of the alphanumeric characters or do not affect the alphanumeric characters as entered into the password field. The key board entries are logged. The logged keyboard entries checked to determine whether they match a stored valid password for the user such that the one or more function keys that either delete one or more of the alphanumeric characters or do not affect the alphanumeric characters are considered part of the submitted password which is compared to the stored valid password for authentication of the user.

Abstract: A method for authenticating a user having a first enrollment step including: receiving by a first server an identifier and a password, and sending this information to a second server; on the second server: loading a security parameter, calculating a first cryptogram on the identifier, the password, and the security parameter, encrypting at least the identifier and the password, storing the encrypted data, sending the first cryptogram to the first server and storing said cryptogram on the first server; and a second verification step including: receiving by the first server the current identifier and the current password, and sending the information to the second server; on the second server calculating a second cryptogram on the current identifier, the current password, and the security parameter and sending the second cryptogram to the first server and verification that the first cryptogram is included in the database, if not, generating an error message.

Abstract: Aspects of the subject matter described herein relate to disclosing recovery keys. In aspects, when a recovery key is disclosed, data is updated to indicate that the recovery key has been disclosed. A machine that has locked data may determine whether a recovery key for the locked data has been disclosed and whether a new key needs to be generated for the locked data. If a new key needs to be generated for the locked data, the machine may generate the new key and send it to a recovery store for storage. In addition, old keys that protect the locked data may be deleted after the new key has been generated and stored.

Abstract: Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform.