Abstract: A method for controlling access to an electronic device, the electronic device displays an image on a display device of the electronic device, when the electronic device is locked. The electronic device obtains a pattern according to touch signals on the displayed image using an image-recognition algorithm. Once a similarity degree between the obtained pattern and a predetermined pattern is greater than or equal to a predetermined value, the electronic device is unlocked.

Abstract: A user's required password change is postponed according to context information determined to indicate that the current password change timing is at an inconvenient time for the user. A user is permitted to extend the use of an expired password when a pre-determined password validity period ends.

Abstract: A distributed passcode verification system includes devices that each have a hardware secret and that are each able to perform a limited number of verifications using their hardware secrets. Passcode verifiers receive passcode information from a passcode information manager. The passcode information provides information usable, with a hardware secret, to verify passcodes provided to a verifier.

Abstract: A method for entering password and a portable electronic device using the same, a method for unlocking the portable electronic device and a data authenticating method are provided, wherein the portable electronic device includes a touch screen. The method includes displaying an interface for entering a somatosensory password, measuring and recording at least one angle variation of the portable electronic device on at least one dimension, and generating a somatosensory signal data set according to the at least one angle variation of the portable electronic device on the at least one dimension. The method further includes generating a user password data according to the somatosensory signal data set, encrypting the user password data according to an encryption algorithm to generate an encrypted user password data, and transmitting the encrypted user password data to an authentication unit.

Abstract: Exposure of sensitive tenant information is minimized in a multi-tenant/multi-user environment. A unique encryption key is provided for each tenant. The tenant encryption key is never stored in the clear and each copy of the tenant encryption key is protected by a user derived password. A secure folder is created for each tenant and encrypted by the tenant encryption key. Secure folders are mounted only on-demand, i.e. when an authenticated request is received for that tenant. The secure folders are mounted only for specific durations only. Otherwise, they are un-mounted. When a secure folder is mounted, any read/write operation to the secure folder is encrypted/decrypted on-the-fly. When the secure folder is un-mounted, all file contents in the secure folder, and the secure folder itself, are not visible in the file system and no application can browse to the secure folder without the tenant encryption key.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: Security is enhanced for a user of an electronic device by providing a method for managing user login behavior. When an entered password that is different from a defined password is received, the method includes identifying alternative characters for at least one character of the entered password based on a location of a key corresponding to the character of the entered password on a keyboard used to enter the password. When the alternative characters are identified, a variation of the entered password is generated by replacing a character of the entered password with an alternative character of the character. When information relating to the variation matches information relating to the defined password, the entered password is determined to be valid.

Abstract: In accordance with some embodiments, multiple blind debug passwords are provided. Each of a plurality of interested entities may have its own password and each password may unlock a specific set of features offered by an integrated circuit. In some embodiments each entity does not know the other passwords of the other entities. Potentially interested entities include an integrated circuit end customer, the original equipment manufacturer, the entity that provided the features to the integrated circuit and a conditional access provider. All debug features may be controlled solely via access to the debug tiers which are accessed by multiple debug passwords. Lower tier passwords are required in order to access higher tiers. Debug features may be separated into multiple tiers with more intrusive access requiring multiple debug passwords in order to gain access.

Abstract: A method for managing passwords for a user. A processor of an apparatus storing at least one received, incorrect password proposal receives via a user interface a further password proposal from a user; generates a hash value for the further password proposal; sends the hash value to the authentication server; receives from the authentication server a message indicative of whether the hash value corresponds to a correct password or to an incorrect password. In case the message indicates that the hash value corresponds to a correct password, the processor uses a distance function on each incorrect password proposal to obtain a distance value representative of a distance between the incorrect password proposal and the correct password; and sending to the authentication server hash values for password proposals for which the distance value is lower than or equal to a threshold value. Also provided are the apparatus and a computer program support.

Abstract: Methods, systems, and computer programs for verifying a password are disclosed. For example, the password can be verified on a mobile device to control user access to the mobile device. In some implementations, a mobile device includes a user interface, a main processor, and a co-processor. The user interface receives a submitted password value from a user. The main processor calls the co-processor to provide a hash chain input value based on the submitted password value. The main processor evaluates a hash chain based on the hash chain input value provided by the co-processor. Evaluating the hash chain generates a submitted password verification value. The submitted password verification value is compared to a stored password verification value stored on the mobile device. Access to mobile device functionality may be permitted or denied based on a result of the comparison.

Abstract: Methods and apparatus are disclosed for generating a short term password that may be used to access a data warehouse. According to aspects of the disclosure, a user may request a password after inputting a data warehouse environment, an ID name, and a reason for the password reset. A server may receive the request and determine whether the difference in time of the present request and a previous request for the same ID name and data warehouse environment is greater than a time limit. Additionally, the server may determine whether a previous user has logged in using a password for the same ID name and data warehouse environment. Thereafter, the server may generate and output a short term password that expires after the time limit.

Abstract: An embodiment provides a method, including: activating, at an information handling device, an optical sensor; initiating, using a processor, an identification sequence; receiving, at the optical sensor, a sequence of user gesture input; determining if the sequence of user gesture input matches a predetermined sequence of user gesture input stored as training data, the determining comprising comparing, using the processor, data points derived from a three dimensional limb movement of the user gesture input with the stored training data; and providing an identification result. Other aspects are described and claimed.

Abstract: A method for authentication in an electronic device is provided, comprising: receiving a touch pattern, the touch pattern including a set of points; determining, by a processor, whether the touch pattern is valid by validating a first portion of the touch pattern, the first portion not including at least one of the set of points; when the touch pattern is determined to be valid, unlocking the screen; and when the touch pattern is determined to be invalid, holding the screen locked.

Abstract: A system and method of managing applications and event notifications using a cursor-based GUI, wherein the cursor-based GUI is located adjacent to the cursor and provides a user with the ability manage and monitor a plurality of dynamically updated applications, commands and event notifications via a persistent and centralized interface. Since the cursor-based GUI is persistent in nature, the plurality of applications, commands and event notifications can be accessed regardless of the user's computer environment. The user can manage user authentication requirements and other configuration information for the cursor-based GUI.

Abstract: Various embodiments of a system and method for deterministic generation of a common content encryption key on distinct encryption units are described. Embodiments may include, for each given content item of multiple content items that represent one or more portions of a common media object, controlling a different encryption unit of multiple distinct encryption units to i) generate a content encryption key for the given content item based on: a common base secret shared by the multiple distinct encryption units, and an identifier specific to the media object, and ii) encrypt the given content item with the respective content encryption key generated for that content item in order to generate a respective encrypted content item. Each content encryption key generated for a given content item may be equivalent to each other content encryption key such that decryption of each encrypted content item requires a common decryption key.

Abstract: A method includes upon receiving a request from a user to perform an operation on a device that is running under an operating system, authenticating the user on the basis of credential data that is retrieved from a data storage unit that is associated with a lights-out management (LOM) capability of the device. If authentication of the user is successful, the user is enabled to perform the operation.

Abstract: A method & system for human interactive proof (HIP) is provided. A user is provided to respond a query linked to a logical captcha object or an analytical captcha object. Upon receiving inputs from the user, the correct information of the said captcha & the user's input is compared. If the user's input and the correct information of the captcha object matches then the user is authenticated as human, else the user is authenticated as not a human.

Abstract: The present invention is directed to an apparatus, a method, and a computer program product for authenticating a user based on a sequence of rhythmic inputs. The user via a mobile device provides one or more inputs (e.g., pushing a button, tapping a touchscreen, a biometric, or the like) to one or more sensors associated with the mobile device as an attempt of authorization. The one or more inputs may be provided in a rhythmic manner (e.g., provided in time with music). The present invention then compares the provided one or more inputs to one or more predetermined sequences of inputs that are associated with positive authentication of the user (e.g., a known password). The phone determines that the one or more provided inputs match one or more predetermined rhythmic sequences associated with positive authentication of the user and authenticates the user.

Abstract: In a particular embodiment, a method includes receiving, at a set-top box from a server, a temporary authentication token that enables access to an account accessible by one or more devices. The temporary authentication token is generated after validation by the server of a particular authentication token received at the server from a first device. The first device is distinct from the set-top box. The method further includes initiating, at the set-top box, presentation of the temporary authentication token.

Abstract: Embodiments are directed towards hiding selected dialogues and/or contacts from display on a client computer while they are in a secret chat mode (SCM). A dialogue may be selected by a user, such as through the dialogue or through a list of previous dialogues. SCM may be activated by a user setting/providing a password. Activation of SCM may hide the dialogue and/or the contacts associated with the dialogue from being displayed. SCM for a hidden dialogue may be deactivated when user-provided password matches the set password. Deactivation of SCM may cause the hidden dialogue associated with that password to be unhidden and displayed. A notification that received password is valid may be displayed on the client computer regardless of whether the received password is valid or invalid. A replacement notification may be generated and provided to the user for received messages associated with hidden dialogues in SCM.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: A processor arrangement is provided. The processor arrangement includes: a first processor; a plurality of second processors, each second processor including a bit-mask generator configured to generate a processor-specific bit-mask sequence; wherein the first processor includes a bit-mask generator configured to generate the processor-specific bit-mask sequences of the second processors; wherein the first processor is configured to bit-mask a data bit sequence to be transmitted to one second processor of the plurality of second processors using a processor-specific bit-mask sequence specific to the one second processor, to thereby generate a processor-specific bit-masked data sequence to be transmitted to the one second processor.

Abstract: A method, a system, an apparatus, and a computer program product are presented for improving a register name identifier profile within a federated computing environment such that the register name identifier profile is enhanced to be more securely binding between two federated entities within the federated computing environment, such as an identity provider and a service provider. After the first federated entity sends a register name identifier request for a principal to the second federated entity, the second federated entity performs an authentication operation for the principal. In response to successfully completing the authentication operation, the second federated entity registers or modifies a name identifier for the principal that has been extracted from the received register name identifier request.

Abstract: A mobile terminal includes a touchpad, a background system, and a MEMS gyroscope. The background system includes a control module, an indicating needle displaying module, and a divided circle displaying module. The indicating needle displaying module displays an indicating needle in the touchpad. The divided circle displaying module displays a divided circle in the touchpad. Each scale of the divided circle corresponds to a code. The divided circle rotates with the mobile terminal to enable the indicating needle to be aligned with one scale of the divided circle. The MEMS gyroscope holds the indicating needle to be unmovable. The touchpad sends the one code to the control module after sensing a click gesture. The control module unlocks the mobile terminal after determining that a plurality of codes sent by the touchpad matches predetermined codes.

Abstract: An image collection based information security method and system is disclosed. The method includes a server side receiving a first transaction data sent by a client side and generating a second transaction data with the first data. The server converts the second data into an image, and sends the image to the client. A dynamic token collects the image, pre-processes, and converts the image into a third transaction data, and displays the third data for user's confirmation. The token generates and displays a second dynamic password according to the third data. The client receives the second password input by a user and sends same to the server. The server receives the second password and generates a first dynamic password, determines whether the first password is identical to the second password; if yes, the authentication is successful and the transaction is executed; if no, the transaction is cancelled.

Abstract: Machines, systems and methods for providing an authentication challenge are provided. The method comprises analyzing data stored in a computing system equipped with a graphical user interface (GUI), wherein the data stored is related to identity and relationships among items that have a profile; and based on the analysis, issuing a challenge to authenticate access to one or more content or services available by way of the computing system, in response to a user interaction with the computing system, wherein the response to the challenge is known to a user who has personal knowledge of the identity and relationships among the items with a profile, and wherein the user successfully authenticates against the challenge by interacting with visual presentations of the items by placing the items in an order that indicates a correct relationship between at least two or more of the items.

Abstract: A biometric authentication device includes a biometric sensor that obtains an image of a biometric authentication portion of a user without contacting, a distance sensor that obtains a distance between the biometric sensor and the biometric authentication portion, and a guidance image display unit that shows a guidance image for guiding the biometric authentication portion to a distance that is appropriate for the biometric sensor to obtain the biometric authentication portion, the guidance image changing continuously or in stages according to the distance obtained by the distance sensor.

Abstract: Methods, systems, and products help users recall memories and search for content of those memories. When a user cannot recall a memory, the user is prompted with questions to help recall the memory. As the user answers the questions, a virtual recollection of the memory is synthesized from the answers to the questions. When the user is satisfied with the virtual recollection of the memory, a database of content may be searched for the virtual recollection of the memory. Video data, for example, may be retrieved that matches the virtual recollection of the memory. The video data is thus historical data documenting past events.

Abstract: A system for performing a secured transaction using a network including a server in communication with the network is provided. The server has a processor and a memory to store private account information from registered users and store commands that when executed by the processor cause the server to perform a method including: providing a login configuration to a user, including a matrix of dynamic symbols; determining an expected password for the user based on a trace pattern from the user and the symbols in the matrix; receiving a password from the user; and determining whether the password matches the expected password. A non-transitory machine-readable medium including a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above is also provided.

Abstract: A method and system for secure access to data files copied onto a second storage device from a first storage device. A computer receives data from a first storage device that is in communication with the computer. A data file is stored to a second storage device. A passkey is generated and associated with the data file. A passkey image file corresponding to the passkey is generated. The passkey image file is transmitted to the first storage device for storage. Subsequent access to the data file on the second storage device requires entry of the passkey. The passkey is only accessible to a user that has access to read the passkey image file on the first storage device.

Abstract: A method begins by a distributed storage (DS) managing unit receiving an encryption key to store. The method continues by determining an encryption method and encrypting the encryption key with the determined encryption method to produce an encrypted key. The method continues by encoding and slicing the encrypted key to produce a set of data slices; and storing the set of data slices in DSN memory. A method to retrieve the stored encryption key begins with receiving a retrieve encryption key request from a requester and continues with retrieving an encrypted key and then determining a decryption method. The method continues by decrypting the encrypted key with the determined decryption method to produce the encryption key and sending the encryption key to the requestor to decrypt one or more portions of the encrypted data.

Abstract: This disclosure describes a distributed, fault-tolerant security system that enables the secure storage and distribution of private keys. In one implementation, the security system includes a plurality of computing resources that independently store private keys provided by publishers and encrypted using a single security system public key. To protect against malicious activity, the security system private key necessary to decrypt the publication private keys is not stored at any of the computing resources. Rather portions, or shares of the security system private key are stored at each of the computing resources within the security system and multiple security systems must communicate and share partial decryptions in order to decrypt the stored private key.

Abstract: The disclosure is directed to a system and method for establishing a secured wireless connection allowing the exchange of information between a wireless device and aircraft equipment. The secured wireless access system may require a user controlling the wireless device to interact with an onboard interface to initiate a connection. The user may be further required to enter a randomly generated security passcode to pair the mobile device to the aircraft equipment. Further security measures may be implemented, such as tiered user access levels restricting certain equipment and/or information based upon a user identity of the user requesting access.

Abstract: Provided is a method in which a first device authenticates a public key of a second device. The method includes: receiving a first value generated based on the public key of the second device and a password displayed on a screen of the second device and the public key of the second device, from the second device; generating a second value based on the public key of the second device and a password input to the first device by a user of the first device according to the password displayed on the screen of the second device; and authenticating the public key of the second device based on the first value and the second value.

Abstract: A pattern password trajectory configuration system used in an electronic device with a graphics input interface and a method using the same are provided. The disclosed pattern password trajectory configuration system includes a central processing module, a pattern defining module electronically connected the central processing module for defining the graphics input interface into a central block and multiple blocks neighboring the central block and assigning different data codes to the different blocks neighboring the central block, a sliding direction defining module electronically connected to the central processing module for assigning different prime numbers to define different sliding directions moving along the blocks neighboring the central block, and a touch sequence defining module electronically connected to the central processing module for counting and recording touch sequences of sliding among the blocks neighboring the central block.

Abstract: This invention is to provide an image processing apparatus, an image processing method, a program, and a display in which both of a secret image and a public image can be efficiently displayed with high picture quality without reducing contrast of the public image. One of output images is a secret image which displays an input secret image as one of input images in a partial area of a screen, all the output images including the secret image have a relationship to become, when a luminance value of each pixel thereof is totaled, an input public image as one of the input images; and during a period in which at least the secret image is being outputted, shutter glasses disposed between a display to which the image signals are inputted and user's eyes are set to a light transmission state.

Abstract: Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.

Abstract: Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.

Abstract: A system administrator of a wireless LAN 100 manipulates a personal computer PC1 to change a WEP key. The personal computer PC1 authenticates a memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, changed setting information, as well as a previous WEP key before the change of the setting information, is written into the memory card MC. The system administrator then inserts this memory card MC into a memory card slot of a printer PRT1. The printer PRT1 authenticates the memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, the setting information is updated. This arrangement effectively relieves the user's workload in setting wireless communication devices, while ensuring the sufficiently high security.

Abstract: A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information.

Abstract: A cyber fraud phish baiting system for baiting a phishing website is disclosed. The cyber fraud phish baiting system is configured to store a plurality of URLs in a database and enter each of the URLs into a browser to view internet resources linked to the URLs. It is configured to scan the internet resources for information requests, obtain information responsive to the information requests from a database, enter responsive information into the information requests, and store the information requests and the responsive information entered into the information requests for each of the URLs. The internet resource may be a phishing website, and fake information is entered into the information requests.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: Biometric information registered for each user is held, user information being a plurality types of attribute information associated with each user is held, a possibility that the user requests authentication is predicted and a predicted value is calculated for each user by using the plurality types of attribute information contained in the held user information. When biometric information for an authentication request is accepted, the accepted biometric information is matched against the biometric information for a plurality of users determined based on calculated predicted values, and it is determined based on the result of the matching whether a person having entered the accepted biometric information is authenticated as the user.

Abstract: Enhanced security measures are provided for accessing applications or data on a client device using an encryption scheme. The client device receives authorization to access the applications or data from a server that compares a password received at the client device with a password previously stored in the server. In addition to comparing the passwords, the server may implement additional security measures such as checking geographic locations of the client device or monitoring for suspicious patterns of usage on the client device. Further, different passwords may be used depending on whether the client device has connectivity with the server. When the connectivity is not available, a longer or more complicated password may be used instead of a shorter or simple password to provide added security. When the user is authenticated, a key is made available to access applications or data on the client device.

Abstract: Provided are exemplary embodiments including a method for creating and using a personal encounter history using a communication device. The method involves the communication device receiving the transmission of a pseudo identifier from a proximal communication device where the pseudo identifier is associated with the user of the proximal communication device. Once received, the method continues with the wireless communication device requesting and receiving the actual identification of the user of the proximal communication device that is correlated with the pseudo identifier. The communication device includes a transceiver capable of communicating wirelessly with a mobile telecommunications network, a memory device and a processor. To ensure privacy, the processor is capable of receiving a pseudo identifier from a proximate communication device and then requesting an actual identification correlated with the pseudo identifier of the proximate communication device.

Abstract: A method and apparatus is provided for managing private data, such as a phone book, in a multifunction peripheral (MFP) used by multiple users. The method involves receiving user information and performing user authentication, and reading data stored in a user area allocated to the authenticated user in a storage unit divided into a number of user areas. Accordingly, when private data is managed in an MFP used by multiple users, by dividing a storage unit in which data is stored into a number of user areas, allocating the divided user areas to users, and allowing a user to access only a user area allocated to the user through an authentication process, the private data can be fully prevented from being accessed by other users, and it will be unlikely for a user to be confused because of other user data.

Abstract: According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.

Abstract: The availability of software assets on electronic devices, such as mobile devices of users, is restricted based on the time as determined by a managing server. An application that runs on the electronic devices communicates with the server to obtain information regarding which software assets are permitted to be accessed, and restricts user access accordingly. The server may use a clock, in combination with administrator-generated access restriction policies, to determine which software assets are to be made available on each electronic device at particular points in time.

Abstract: A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password.

Abstract: A Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.