Abstract: A computer-implemented method for neutralizing file-format-specific exploits contained within electronic communications may include (1) identifying an electronic communication, (2) identifying at least one file contained within the electronic communication, and then (3) neutralizing any file-format-specific exploits contained within the file. In one example, neutralizing any file-format-specific exploits contained within the file may include applying at least one file-format-conversion operation to the file. Additionally or alternatively, neutralizing any file-format-specific exploits contained within the file may include constructing a sterile version of the file that selectively omits at least a portion of any exploitable content contained within the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatus for system control includes inputs for an input device which may take the form of switches or sensors. Input device states are related to identification keys. The identification keys are communicated wirelessly or through hard-wired means to a system.

Abstract: The systems and methods described herein can be used for enhancing the security of computer passwords by electronically receiving a password, the password comprising a plurality of components, each of the components being of a type of component, storing the received password in an electronic data store, converting the stored password to a topological representation of the password by which each of the plurality of components is represented and stored as its type of component, and storing the topological representation of the password in an electronic data store.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: An optical medium containing virtual write protect information can be recorded in drives and systems without first changing the write protection from on to off by receiving valid user input. The virtual write protection may also be enabled or disabled by additional information on the disc.

Abstract: An image forming apparatus to execute user authentication includes an input unit through which user information is input, and an account management unit to manage an account information database. The account information database stores user information corresponding to functions of the image forming apparatus. The image forming apparatus further includes a user authentication unit to execute user authentication based on the user information input through the input unit by using the account information database, and a display unit to display a user interface where a function corresponding to the input user information is activated, in response to a result of the authentication.

Abstract: A mechanism for certifying that an operating system-based application has authorization to change a UEFI authenticated variable held in the system firmware is discussed. Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware. The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable. In one embodiment, the password is the system firmware password.

Abstract: A method, a computer readable medium and a system of multi-domain login and messaging are provided. The method for multi-domain login comprises inputting a local password by an agent, accessing a password vault with the local password, and retrieving at least one hidden password from the password vault, and logging the agent into at least one agent application using the at least one hidden password. The method for multi-domain messaging comprises retrieving information of an agent from a database, retrieving at least one skill group to which the agent belongs from the information, retrieving a message linked to the at least one skill group, and sending the message to the agent.

Abstract: A password authentication circuit includes a timer that measures first and second periods of a password authentication period, a control circuit that, in a first period, disables writing of a password received into a password register, in a predetermined period within a second period enables writing of a password received into the password register and outside the predetermined period within the second period disables writing of a password received into the password register; a password comparison unit that compares a password in the password register and a password expected value to perform authentication of the password; and a first period generation unit that controls variably the first period, a password last written into the password register in the predetermined period of the second period being made a target for authentication.

Abstract: A method and an apparatus are provided for unlocking an electronic device. A first input screen portion for unlocking the electronic device from a locking mode is displayed. A first input is received from a user via the first input screen portion. The first input is compared with a first user-defined information stored in the electronic device. A second input is received from the user via a second input screen portion. The second input screen portion is displayed after a determination that the first input does not match from the first user-defined information. The second input is compared with a second user-defined information stored in the electronic device. In response to the second input matches to the second user-defined information, the electronic device is unlocked from the locking mode.

Abstract: According to an embodiment, an information processing apparatus includes a first storage unit, a second storage unit, a power supply state control unit, a cryptographic key movement unit, a communications unit, an information input determination unit, a communications state determination unit, and a cryptographic key control unit. The cryptographic key movement unit is configured to move at least part of the cryptographic key data stored in the first storage unit to the second storage unit before a shift from a power-on state to another power supply state. In the other power supply state, the cryptographic key control unit returns the cryptographic key data from the second storage unit to the first storage unit if it is determined that there is an input of information which matches the information stored in the second storage unit and it is determined that communications are enabled between the communications unit and a base-station apparatus.

Abstract: Aspects of the invention provide for masking a current profile of a one-time programmable (OTP) memory. In one embodiment, a circuit includes: a first one-time programmable (OTP) memory configured to receive a data input for a plurality of address fields; and a second OTP memory configured to receive an inverse of the data input for a plurality of address fields, wherein a current profile for a programming supply for the first OTP memory and the second OTP memory is masked, such that the data input for the first OTP memory is undetectable.

Abstract: A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map.

Abstract: Disclosed is an electronic device that selects a password and encrypts it utilizing a public key of a public/private encryption key pair. The electronic device then provides the encrypted password to a client device when an access request is received from the client device. The client device proceeds to obtain an unencrypted version of the password by submitting the encrypted password to a private key server (which utilizes the private key of the public/private encryption key pair to decrypt the password) and receiving the decrypted password in return. The client device then returns the password to the electronic device which, upon receiving the decrypted password, allows access from the client device. The device generates the password once during operation or each time an access request is received.

Abstract: Methods and systems are disclosed for providing indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to control the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

Abstract: A communication control system pairs a first communication device with a second communication device, the first communication device includes a first image editing unit that edits an input image in accordance with a predetermined rule to generate a first authentication image, and a first transmission unit that transmits first authentication data representing the first authentication image and a first identifier for identifying the first communication device to a server device, the second communication device includes a second transmission unit that transmits second authentication data representing the second authentication image and a second identifier for identifying the second communication device to the server device, and the server device includes a pairing unit that pairs the first communication device with the second communication device in the case where it is determined that the first authentication data matches the second authentication data.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: Systems and methods for authenticating a user request for authentication are provided. An authentication device that may be part of such a system includes a network interface component coupled to a network and configured to receive at least one data packet having authentication information including at least a username of a user and user credentials. The device also includes a memory coupled to the network interface component and configured to store the received authentication information, one or more instructions for authenticating the user, and account information of the user. The device further includes one or more processors configured to analyze the received information, calculate a score based on the received information, determine a threshold, compare the calculated score with the determined threshold, and authenticate the user and a device from which the data packet is received if the calculated score is greater than or equal to the determined threshold.

Abstract: A computer security system comprises a secure platform adapted to receive sensitive data from an agent. The secure platform is also adapted to cooperate with a trusted platform module (TPM) to encrypt the sensitive data via a TPM storage key associated with the agent.

Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.

Abstract: A low resource mobile device, such as a smart phone or a tablet running a mobile operating system, requests a cloud computer system to inspect a mobile application for malicious content. The cloud computer system downloads the mobile application from a mobile application source, and installs the mobile application in a virtual machine sandbox. The cloud computer system inspects the mobile application for malicious content while the mobile application executes in the virtual machines sandbox. The result of the inspection is sent to the user in accordance with a setting that may be indicated in a cloud sandbox agent running on the mobile device.

Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.

Abstract: A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.

Abstract: A method for secure authentication is provided which includes having a user who wishes to gain access to a computer or computer network select from among a plurality of randomly displayed images, having different background colors, the correct image and background color which correspond to the user's computer account. In one advantageous form, in addition to selecting the correct image, the user must first enter a username and password. In an alternative form, if a user is seeking access to a computer network by using a preapproved access point or computer having an approved IP address, a user is allowed to gain access to the computer network without being prompted to select a correct image.

Abstract: Access to virtual machine inputs and outputs are controlled. Controlling access to virtual machine inputs and outputs may comprise locking inputs and outputs of a virtual machine from within the virtual machine, other than a predefined limited access input, detecting a request to unlock the inputs and outputs of the virtual machine; determining if a requester is authorized to unlock the inputs and outputs of the virtual machine and unlocking, temporarily, the inputs and outputs of the virtual machine if the requester is authorized. The predefined limited access input is configured to receive an input device with a private secret for unlocking the inputs and outputs of the virtual machine. The inputs and outputs are unlocked when an input device having a shared password is attached.

Abstract: Methods, systems, and apparatus for voice authentication and command. In an aspect, a method comprises: receiving, by a data processing apparatus that is operating in a locked mode, audio data that encodes an utterance of a user, wherein the locked mode prevents the data processing apparatus from performing at least one action; providing, while the data processing apparatus is operating in the locked mode, the audio data to a voice biometric engine and a voice action engine; receiving, while the data processing apparatus is operating in the locked mode, an indication from the voice biometric engine that the user has been biometrically authenticated; and in response to receiving the indication, triggering the voice action engine to process a voice action that is associated with the utterance.

Abstract: A popularity determination module (PDM) is described which reduces the effectiveness of statistical guessing attacks. The PDM operates by receiving a password (or other secret information item) from a user. The PDM uses a model to determine whether the password is popular among a group of users. If so, the PDM may ask the user to select another password. In one implementation, the model corresponds to a probabilistic model, such a count-min sketch model. The probabilistic model provides an upper-bound assessment of a number of times that a password has been encountered. Further, the probabilistic model provides false positives (in which passwords are falsely assessed as popular) at a rate that exceeds a prescribed minimum rate. The false positives are leveraged to reduce the effectiveness of statistical guessing attacks by malicious entities.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: The present invention relates to an apparatus and a method for managing digital rights using virtualization technique, and more particularly to an apparatus and a method for enabling a user to access a desired text file in an independent area through a virtual machine corresponding to a licensed right for accessing the text file. The present invention comprises a virtual machine (VM) management unit for controlling a user access authorization function for accessing the text file in the area to which the virtualization technique is applied.

Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.

Abstract: A method of monitoring all network login activity, which includes a real-time analysis of intercepting all network login activity, analyzing network login activity, authenticating network login activity and closing (i.e., terminating) those network login connections that are not authenticated to proceed and access the network.

Abstract: A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications.

Abstract: A method of generating a time managed challenge-response test is presented. The method identifies a geometric shape having a volume and generates an entry object of the time managed challenge-response test. The entry object is overlaid onto the geometric shape, such that the entry object is distributed over a surface of the geometric shape, and a portion of the entry object is hidden at any point in time. The geometric shape is rotated, which reveals the portion of the entry object that is hidden. A display region on a display is identified for rendering the geometric shape and the geometric shape is presented in the display region of the display.

Abstract: An authentication system, an authentication method, and a network storage appliance are provided. The authentication system includes a client electronic device, the network storage appliance having an authentication proxy, and a directory server having an authentication service module and an account database. The client electronic device selects a data access service and transmits an encrypted data and a user data to the network storage appliance. The authentication proxy packs the encrypted data and the user data into an authentication login information and transmits the authentication login information to the directory server. The authentication service module receives the authentication login information and performs decryption and comparison on the authentication login information according to a corresponding authentication protocol and a corresponding account information in the account database, so as to determine whether the authentication is successful.

Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.

Abstract: Data are accessed securely in a data storage device that includes a non-volatile solid-state storage device integrated with a magnetic storage device. An identical copy of drive security data, such as an encrypted version of a drive access password, is stored in both the non-volatile solid-state storage device and in the magnetic storage device. In response to receiving a command from a host device that results in access to the magnetic storage device, access is granted to the magnetic storage device if the copy of drive security data stored in the non-volatile solid-state storage device matches the copy of drive security data stored in the magnetic storage device. Furthermore, encrypted drive-unique identification data associated with the drive may be stored in both the non-volatile solid-state storage device and the magnetic storage device, and access is granted if both copies of the encrypted drive-unique identification data match.

Abstract: Methods, apparatus and systems for securing user-associated passwords used in transactions are disclosed. The methods include a user computing device receiving a user-associated password such as a PIN from a user, where the user-associated password is operable to authenticate an identity of a user. The user-associated password may be received in response to the user receiving a request for the user-associated password from a third party such as a merchant. The user computing device may generate a temporary password such as a one-time password, dynamic password, or the like, and encrypt the user-associated password using the temporary password. The encrypted user-associated password may then be communicated to the third party in lieu of the user-associated password received by the user.

Abstract: A system and method is presented for authentication, so as to control access to a resource. A set of objects (for example, a set of images) is established in advance between the user and the service for which the user is to be authenticated. During the authentication, the user, instead of inputting an alpha-numeric password, will be sent several sets (e.g., tables) containing the previously specified objects (e.g., images) in some arrangement (e.g., spatial pattern) among other objects (images). In order to authenticate, the user is shown additional tables, and must determine, as to each, whether it contains the same set of specified objects in the same spatial relationship as in the first table shown. After the user has correctly identified which tables reflect the specified objects in the requisite pattern, the user will be considered authenticated, and will then be granted access to the requested resource (for example, a bank account).

Abstract: Exemplary network infrastructures and methods employing a Security Gateway utilize client authentication for use of a secure connection between an application client and an application server of a protected network. Once a secure connection has been set up, a Security Gateway can start a timer for establishing a period within which a password and username are to be received from the application client before traffic is allowed to exit the Security Gateway. If a username and password are provided while the timer is running, the Security Gateway can contact a single sign on (SSO) server to check whether the username and password are correct. If the username and password are valid, the Security Gateway can start relaying traffic externally to the application server. If an invalid username and password are provided or the timer times out before receipt of a username and password, the secure connection can be terminated.

Abstract: A cellular network system comprises a device identifier comparator and a connection enable indicator. A device identifier comparator for comparing a received device identifier with one of a plurality of stored device identifiers, wherein the one of the stored plurality of stored device identifiers is associated with a stored subscriber identifier. A connection enable indicator for indicating whether a connection from a cellular device associated with the received device identifier to a data network associated with the cellular network system should be enabled.

Abstract: Provided are a method, system, and computer program product for providing multiple authentications to authenticate users with respect to a system and file systems offered through the system. A request is received from a user to access a system, wherein the system provides access to a plurality of file systems. A first authentication of the user with respect to the system is performed. In response to success of the first authentication with respect to the system, a request by the user is received to access a selected one of the file systems. A second authentication is performed of the user with respect to the selected file system. The user is allowed access to the selected file system in response to success of the second authentication.

Abstract: A verification server is configured to communicate with a usage target system via a first communication channel and an information terminal device via a second communication channel. The verification server includes: a unit for registering personal information of a user for using a usage target system; a unit for receiving, via the second communication channel, system identification information of the usage target system and a restriction code from an information terminal device owned by a use; a unit for generating an internal system password for the usage target system; a unit for receiving, via the first communication channel, a plurality of characters from the usage target system, the plurality of characters being inputted by a user into the usage target system; and a unit for determining whether the plurality of characters are legitimate based on the internal system password and the system identification information.

Abstract: A device includes a memory which stores a program, and a processor which executes, based on the program, a procedure comprising establishing a session with a request source when a request for a service, made to a second providing source, has been received from the request source, the second providing source providing the service based on data stored in a first providing source; and when an inquiry about whether to transmit the data to the second providing source has been received from the first providing source, notifying, so as to encrypt a mask range of the data, the first providing source of session information indicating the session established with the request source and notifying the request source of the session information so as to decrypt the encrypted mask range of data based on the session information.

Abstract: An approach is provided for authenticating using user actions. A prompt is initiated on a display for an input to authenticate a user. The input is received as a sequence of user actions on the display. A predetermined sequence associated with the user is retrieved. The received sequence is compared with the predetermined sequence to determine a match. The user is declared to be authenticated based on the comparison.

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting one or more portions of one or more items and that was in possession of a first user has been transferred from the first user to a second user; and marking, in response to said determining, the one or more portions of the one or more items to facilitate the computing device in returning to the one or more portions upon the computing device being at least transferred back to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user.

Abstract: A current prefix character string representing a prefix of a proposed password may be obtained from a user input device. A prediction of a most likely next character of the proposed password may be determined, based on applying a set of heuristics to the current prefix character string. A response indicating an impact on a security strength of the proposed password may be determined, based on a selection of the predicted most likely next character.

Abstract: A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.

Abstract: There is provided person oneself authenticating means for authentication of a user, which is highly secure and realizable by functions ordinarily provided by a PC, mobile phone, etc., and which is less burdensome than typical user authentication key management and authentication operations. Sound or an image is adopted as an authentication key for person oneself authentication. Authentication data is edited by combining an authentication key, which is selected by a registered user, and sound or an image that is other than the authentication key, and the authentication data is continuously reproduced in a user terminal. A time in which a user has discriminated the authentication key from the reproduced audio or video is compared with a time in which the authentication key should normally be discriminated, which is specified from the authentication data. When both times agree, the user is authenticated as a registered user.