Abstract: Technology is disclosed for preventing an exfiltration of a data associated with an application executing on a mobile device. The technology can migrate the application from a computing platform of the mobile device to a secure computing platform, where the secure computing platform is independent of the computing platform of the mobile device. The technology can further receive a request to access the application through the mobile device, execute the requested application on the secure computing platform, and provide an access to the requested application executing on the secure computing platform through the mobile device. The access provided through the mobile device includes displaying information on the mobile device, where the displayed information includes data generated by the execution of requested application on the secure platform.

Abstract: A method and system for authenticating a subscriber of a user using a graphical user interface or telephone using the same user name and password is provided. As a result, subscribers need to memorize only one user name and/or password, saving precious time and energy to the subscriber because of the low risk of forgetting the user name and/or password. In addition, with the advent of cross-category products such as web phones (Web user interface integrated in a telephone) and soft phone (software on a personal computer reproducing the function of a telephone), it can become confusing for subscribers to remember which passwords and user name to use for which device. Having one password and one user name to remember makes the situation simpler.

Abstract: A user ID authentication method, wherein it comprises the process step of realization of a call between the phone number recorded previously in the customer information database (5), and the interactive voice response system (IVR) (1) in the case where a user logs over a web browser (4) into a restricted access system requiring high security such as Internet banking.

Abstract: Multi-server one-time passcode verification is provided for respective high order and low order passcode portions. A user is authenticated by receiving an authentication passcode generated by a token associated with the user; and authenticating the user based on the received authentication passcode using at least a first authentication server and a second authentication server, wherein the first authentication server verifies a high-order portion of the received authentication passcode and wherein the second authentication server verifies a low-order portion of the received authentication passcode. The received authentication passcode is based on, for example, at least two protocodes PR,t and PB,t generated by the token and/or pseudorandom information RA,t. A codebook Ct, based on the pseudorandom information RA,t, can be used to embed additional auxiliary information into the authentication passcode.

Abstract: In a plurality of described embodiments, various modules of an application for a client device may operate to enhance personal security for an individual user, as well as public safety in general. A Blue-Phone-in-Pocket (bPip) module operates comparable to, but more effectively than, the traditional college campus blue light phone. When the user of the module toggles a button on the GUI of his/her smartphone, the App may instantly record and transmit key information to a command center, which operates to provide assistance to the student, at their current location, without requiring the student to relocate to one of the tradition blue light phone fixtures. A tracking module permits the student or other user to be tracked by his/her device until safely reaching a travel destination. The person may trigger an alarm if endangered during the trip, which may prompt a respond from local law enforcement, and other assigned individuals.

Abstract: Apparatus, systems, and methods provide a mechanism to enhance the management of data security in a system for users of the systems. Various embodiments include apparatus and methods to manage security of data in an electronic system on an application-by-application basis. Such application-by-application basis can be applied in addition to managing data security globally in the electronic system. Additional apparatus, systems, and methods are disclosed.

Abstract: A user authentication system 4 includes an authentication processing module 44, which authenticates a user terminal device 1 based on received account identification information and authentication information; a fraud determination module 48, which detects fraud in a login request from the user terminal device 1 based on the access history of the user terminal device 1; and a response control module 46, which allows the user of said user terminal device 1 to log in to a predetermined account if no fraud is detected in the login request and the user terminal device 1 has been authenticated, and, on the other hand, allows the user of said user terminal device 1 to log in to a dummy account in accordance with predetermined criteria if fraud is detected in the login request from the user terminal device 1.

Abstract: In some implementations, tokens that are representative of sensitive data may be used in place of the sensitive data to maintain the security of the sensitive data. For example, data may be separated into sensitive data and nonsensitive data, and at least the sensitive data is securely delivered to a data storage service. The data storage service generates a token that is representative of the sensitive data and stores the sensitive data as secure data. The data storage service may deliver the token to an entity that also receives the nonsensitive data, and the entity may use the token in place of the sensitive data. In some implementations, different tokens are generated each time the same piece of sensitive data is submitted for storage as secure data. Further, in some implementations, access policies define authorizations regarding which entities are able to resolve a token to access the actual sensitive data.

Abstract: Methods and systems for authenticating users and assigning authenticated users to groups are provided. A method receives a user credential and email address. The method forwards an authentication request including the email address and credential to a remote authentication provider. Based in part on the presence of a full user name in a received response, the method determines that the user is authenticated. Another method extracts a domain name from a received email address of an authenticated user. In response to determining that the domain name is associated with a group, the method assigns the user to the group. A system includes memory with instructions for assigning an authenticated user to a group. The system receives the user's email address and extracts a domain name from the email address. In response to determining that the domain name is associated with a group, the system assigns the user to the group.

Abstract: Multi-server passcode verification is provided for one-time authentication tokens with auxiliary channel compatibility. An exemplary method comprises receiving an authentication passcode generated by a token associated with a user; and processing the received authentication passcode using at least a first authentication server and a second authentication server, wherein the received authentication passcode is based on at least one protocode and embedded auxiliary information and wherein at least one of the first authentication server, the second authentication server and a relying party extract the embedded auxiliary information from the received authentication passcode. The disclosed method can extend an existing multi-server verification process to provide the processing of the received authentication passcode based on the embedded auxiliary information.

Abstract: An outsourcing environment is described herein by which an outsourcing entity may delegate document-transformation tasks to at least one worker entity, while preventing the worker entity from gaining knowledge of sensitive items that may be contained within a non-obfuscated original document (NOD). In one example, the environment may transform the NOD into an obfuscated original document (OOD) by removing sensitive items from the NOD. The worker entity may perform formatting and/or other document-transformation tasks on the OOD, without gaining knowledge of the sensitive items in the NOD, to produce an obfuscated transformed document (OTD). The environment may then allow for the outsourcing entity to view a content-restored version of the OTD.

Abstract: A user authentication tool continuously authenticates the user of a mobile device during an electronic communication session. A trusted user profile includes keypad pressure applied by the trusted user when depressing characters on a virtual keypad displayed on the mobile device touch screen. Keypad pressure applied by the current user of the mobile device is continually monitored during the current electronic communication session. The monitored keypad pressure applied by the current user is compared to the keypad pressure in the trusted user profile. A confidence score is generated based upon the compared keypad pressures of the current user and the trusted user, the confidence score being indicative of the likelihood that the current user is the trusted user of the mobile device. The mobile device is automatically required to re-authenticate the current user as the trusted user if the generated confidence score is below a predefined minimum confidence threshold.

Abstract: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.

Abstract: An image forming apparatus which is capable of making a user aware of a violation of an information security policy. A network communication unit receives data having a user ID attached thereto from an external apparatus. A printing unit prints an image based on the data. A control unit executes user authentication using the user ID attached to the data and determines, when the user authentication is successful, whether or not a password expiration date of the user has passed. When it is determined that the password expiration date has passed, the control unit restricts printing of the image to be printed based on the data having the user ID attached thereto.

Abstract: A method for controlling access to an electronic device, the electronic device displays an image on a display device of the electronic device, when the electronic device is locked. The electronic device obtains a pattern according to touch signals on the displayed image using an image-recognition algorithm. Once a similarity degree between the obtained pattern and a predetermined pattern is greater than or equal to a predetermined value, the electronic device is unlocked.

Abstract: A user's required password change is postponed according to context information determined to indicate that the current password change timing is at an inconvenient time for the user. A user is permitted to extend the use of an expired password when a pre-determined password validity period ends.

Abstract: Generally, this disclosure describes a method and system for authenticating to a network via a device-specific one-time password. A method in an embodiment may include generating a first one-time password (OTP) based at least in part on a plurality of client device attributes; and providing the first OTP to an authenticator associated with a private network during a first session, wherein the authenticator is configured to authenticate the client device to at least one of the private network and protected content included in the private network for a second session following the first session based on the provided first OTP.

Abstract: A password management system includes a character string conversion unit that converts an input character string to a character string different from the input character string using a predetermined arithmetic expression, the predetermined arithmetic expression being capable of giving a same converted result for a same character string and capable of converting a character string such that a plurality of original character string candidates exist for a converted character string; a password data storage unit that stores, for each user, a converted past password character string CPP that is a converted state of a past password character string PP of the user using the predetermined arithmetic expression and is different from the past password character string PP; and a strength determining unit that determines strength of a password.

Abstract: A distributed passcode verification system includes devices that each have a hardware secret and that are each able to perform a limited number of verifications using their hardware secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a hardware secret, to verify passcodes provided to a verifier.

Abstract: A method for entering password and a portable electronic device using the same, a method for unlocking the portable electronic device and a data authenticating method are provided, wherein the portable electronic device includes a touch screen. The method includes displaying an interface for entering a somatosensory password, measuring and recording at least one angle variation of the portable electronic device on at least one dimension, and generating a somatosensory signal data set according to the at least one angle variation of the portable electronic device on the at least one dimension. The method further includes generating a user password data according to the somatosensory signal data set, encrypting the user password data according to an encryption algorithm to generate an encrypted user password data, and transmitting the encrypted user password data to an authentication unit.

Abstract: Exposure of sensitive tenant information is minimized in a multi-tenant/multi-user environment. A unique encryption key is provided for each tenant. The tenant encryption key is never stored in the clear and each copy of the tenant encryption key is protected by a user derived password. A secure folder is created for each tenant and encrypted by the tenant encryption key. Secure folders are mounted only on-demand, i.e. when an authenticated request is received for that tenant. The secure folders are mounted only for specific durations only. Otherwise, they are un-mounted. When a secure folder is mounted, any read/write operation to the secure folder is encrypted/decrypted on-the-fly. When the secure folder is un-mounted, all file contents in the secure folder, and the secure folder itself, are not visible in the file system and no application can browse to the secure folder without the tenant encryption key.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: Security is enhanced for a user of an electronic device by providing a method for managing user login behavior. When an entered password that is different from a defined password is received, the method includes identifying alternative characters for at least one character of the entered password based on a location of a key corresponding to the character of the entered password on a keyboard used to enter the password. When the alternative characters are identified, a variation of the entered password is generated by replacing a character of the entered password with an alternative character of the character. When information relating to the variation matches information relating to the defined password, the entered password is determined to be valid.

Abstract: In accordance with some embodiments, multiple blind debug passwords are provided. Each of a plurality of interested entities may have its own password and each password may unlock a specific set of features offered by an integrated circuit. In some embodiments each entity does not know the other passwords of the other entities. Potentially interested entities include an integrated circuit end customer, the original equipment manufacturer, the entity that provided the features to the integrated circuit and a conditional access provider. All debug features may be controlled solely via access to the debug tiers which are accessed by multiple debug passwords. Lower tier passwords are required in order to access higher tiers. Debug features may be separated into multiple tiers with more intrusive access requiring multiple debug passwords in order to gain access.

Abstract: A method for managing passwords for a user. A processor of an apparatus storing at least one received, incorrect password proposal receives via a user interface a further password proposal from a user; generates a hash value for the further password proposal; sends the hash value to the authentication server; receives from the authentication server a message indicative of whether the hash value corresponds to a correct password or to an incorrect password. In case the message indicates that the hash value corresponds to a correct password, the processor uses a distance function on each incorrect password proposal to obtain a distance value representative of a distance between the incorrect password proposal and the correct password; and sending to the authentication server hash values for password proposals for which the distance value is lower than or equal to a threshold value. Also provided are the apparatus and a computer program support.

Abstract: Methods, systems, and computer programs for verifying a password are disclosed. For example, the password can be verified on a mobile device to control user access to the mobile device. In some implementations, a mobile device includes a user interface, a main processor, and a co-processor. The user interface receives a submitted password value from a user. The main processor calls the co-processor to provide a hash chain input value based on the submitted password value. The main processor evaluates a hash chain based on the hash chain input value provided by the co-processor. Evaluating the hash chain generates a submitted password verification value. The submitted password verification value is compared to a stored password verification value stored on the mobile device. Access to mobile device functionality may be permitted or denied based on a result of the comparison.

Abstract: Methods and apparatus are disclosed for generating a short term password that may be used to access a data warehouse. According to aspects of the disclosure, a user may request a password after inputting a data warehouse environment, an ID name, and a reason for the password reset. A server may receive the request and determine whether the difference in time of the present request and a previous request for the same ID name and data warehouse environment is greater than a time limit. Additionally, the server may determine whether a previous user has logged in using a password for the same ID name and data warehouse environment. Thereafter, the server may generate and output a short term password that expires after the time limit.

Abstract: A method for authentication in an electronic device is provided, comprising: receiving a touch pattern, the touch pattern including a set of points; determining, by a processor, whether the touch pattern is valid by validating a first portion of the touch pattern, the first portion not including at least one of the set of points; when the touch pattern is determined to be valid, unlocking the screen; and when the touch pattern is determined to be invalid, holding the screen locked.

Abstract: An embodiment provides a method, including: activating, at an information handling device, an optical sensor; initiating, using a processor, an identification sequence; receiving, at the optical sensor, a sequence of user gesture input; determining if the sequence of user gesture input matches a predetermined sequence of user gesture input stored as training data, the determining comprising comparing, using the processor, data points derived from a three dimensional limb movement of the user gesture input with the stored training data; and providing an identification result. Other aspects are described and claimed.

Abstract: A system and method of managing applications and event notifications using a cursor-based GUI, wherein the cursor-based GUI is located adjacent to the cursor and provides a user with the ability manage and monitor a plurality of dynamically updated applications, commands and event notifications via a persistent and centralized interface. Since the cursor-based GUI is persistent in nature, the plurality of applications, commands and event notifications can be accessed regardless of the user's computer environment. The user can manage user authentication requirements and other configuration information for the cursor-based GUI.

Abstract: Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.

Abstract: A method includes upon receiving a request from a user to perform an operation on a device that is running under an operating system, authenticating the user on the basis of credential data that is retrieved from a data storage unit that is associated with a lights-out management (LOM) capability of the device. If authentication of the user is successful, the user is enabled to perform the operation.

Abstract: A method & system for human interactive proof (HIP) is provided. A user is provided to respond a query linked to a logical captcha object or an analytical captcha object. Upon receiving inputs from the user, the correct information of the said captcha & the user's input is compared. If the user's input and the correct information of the captcha object matches then the user is authenticated as human, else the user is authenticated as not a human.

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: In a particular embodiment, a method includes receiving, at a set-top box from a server, a temporary authentication token that enables access to an account accessible by one or more devices. The temporary authentication token is generated after validation by the server of a particular authentication token received at the server from a first device. The first device is distinct from the set-top box. The method further includes initiating, at the set-top box, presentation of the temporary authentication token.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: Embodiments are directed towards hiding selected dialogues and/or contacts from display on a client computer while they are in a secret chat mode (SCM). A dialogue may be selected by a user, such as through the dialogue or through a list of previous dialogues. SCM may be activated by a user setting/providing a password. Activation of SCM may hide the dialogue and/or the contacts associated with the dialogue from being displayed. SCM for a hidden dialogue may be deactivated when user-provided password matches the set password. Deactivation of SCM may cause the hidden dialogue associated with that password to be unhidden and displayed. A notification that received password is valid may be displayed on the client computer regardless of whether the received password is valid or invalid. A replacement notification may be generated and provided to the user for received messages associated with hidden dialogues in SCM.

Abstract: A processor arrangement is provided. The processor arrangement includes: a first processor; a plurality of second processors, each second processor including a bit-mask generator configured to generate a processor-specific bit-mask sequence; wherein the first processor includes a bit-mask generator configured to generate the processor-specific bit-mask sequences of the second processors; wherein the first processor is configured to bit-mask a data bit sequence to be transmitted to one second processor of the plurality of second processors using a processor-specific bit-mask sequence specific to the one second processor, to thereby generate a processor-specific bit-masked data sequence to be transmitted to the one second processor.

Abstract: A method, a system, an apparatus, and a computer program product are presented for improving a register name identifier profile within a federated computing environment such that the register name identifier profile is enhanced to be more securely binding between two federated entities within the federated computing environment, such as an identity provider and a service provider. After the first federated entity sends a register name identifier request for a principal to the second federated entity, the second federated entity performs an authentication operation for the principal. In response to successfully completing the authentication operation, the second federated entity registers or modifies a name identifier for the principal that has been extracted from the received register name identifier request.

Abstract: An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled.

Abstract: A mobile terminal includes a touchpad, a background system, and a MEMS gyroscope. The background system includes a control module, an indicating needle displaying module, and a divided circle displaying module. The indicating needle displaying module displays an indicating needle in the touchpad. The divided circle displaying module displays a divided circle in the touchpad. Each scale of the divided circle corresponds to a code. The divided circle rotates with the mobile terminal to enable the indicating needle to be aligned with one scale of the divided circle. The MEMS gyroscope holds the indicating needle to be unmovable. The touchpad sends the one code to the control module after sensing a click gesture. The control module unlocks the mobile terminal after determining that a plurality of codes sent by the touchpad matches predetermined codes.

Abstract: Machines, systems and methods for providing an authentication challenge are provided. The method comprises analyzing data stored in a computing system equipped with a graphical user interface (GUI), wherein the data stored is related to identity and relationships among items that have a profile; and based on the analysis, issuing a challenge to authenticate access to one or more content or services available by way of the computing system, in response to a user interaction with the computing system, wherein the response to the challenge is known to a user who has personal knowledge of the identity and relationships among the items with a profile, and wherein the user successfully authenticates against the challenge by interacting with visual presentations of the items by placing the items in an order that indicates a correct relationship between at least two or more of the items.

Abstract: A biometric authentication device includes a biometric sensor that obtains an image of a biometric authentication portion of a user without contacting, a distance sensor that obtains a distance between the biometric sensor and the biometric authentication portion, and a guidance image display unit that shows a guidance image for guiding the biometric authentication portion to a distance that is appropriate for the biometric sensor to obtain the biometric authentication portion, the guidance image changing continuously or in stages according to the distance obtained by the distance sensor.

Abstract: Methods, systems, and products help users recall memories and search for content of those memories. When a user cannot recall a memory, the user is prompted with questions to help recall the memory. As the user answers the questions, a virtual recollection of the memory is synthesized from the answers to the questions. When the user is satisfied with the virtual recollection of the memory, a database of content may be searched for the virtual recollection of the memory. Video data, for example, may be retrieved that matches the virtual recollection of the memory. The video data is thus historical data documenting past events.

Abstract: A system for performing a secured transaction using a network including a server in communication with the network is provided. The server has a processor and a memory to store private account information from registered users and store commands that when executed by the processor cause the server to perform a method including: providing a login configuration to a user, including a matrix of dynamic symbols; determining an expected password for the user based on a trace pattern from the user and the symbols in the matrix; receiving a password from the user; and determining whether the password matches the expected password. A non-transitory machine-readable medium including a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above is also provided.

Abstract: A method and system for secure access to data files copied onto a second storage device from a first storage device. A computer receives data from a first storage device that is in communication with the computer. A data file is stored to a second storage device. A passkey is generated and associated with the data file. A passkey image file corresponding to the passkey is generated. The passkey image file is transmitted to the first storage device for storage. Subsequent access to the data file on the second storage device requires entry of the passkey. The passkey is only accessible to a user that has access to read the passkey image file on the first storage device.

Abstract: A method begins by a distributed storage (DS) managing unit receiving an encryption key to store. The method continues by determining an encryption method and encrypting the encryption key with the determined encryption method to produce an encrypted key. The method continues by encoding and slicing the encrypted key to produce a set of data slices; and storing the set of data slices in DSN memory. A method to retrieve the stored encryption key begins with receiving a retrieve encryption key request from a requester and continues with retrieving an encrypted key and then determining a decryption method. The method continues by decrypting the encrypted key with the determined decryption method to produce the encryption key and sending the encryption key to the requestor to decrypt one or more portions of the encrypted data.

Abstract: This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Abstract: The disclosure is directed to a system and method for establishing a secured wireless connection allowing the exchange of information between a wireless device and aircraft equipment. The secured wireless access system may require a user controlling the wireless device to interact with an onboard interface to initiate a connection. The user may be further required to enter a randomly generated security passcode to pair the mobile device to the aircraft equipment. Further security measures may be implemented, such as tiered user access levels restricting certain equipment and/or information based upon a user identity of the user requesting access.

Abstract: A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.