Abstract: Provided is a method in which a first device authenticates a public key of a second device. The method includes: receiving a first value generated based on the public key of the second device and a password displayed on a screen of the second device and the public key of the second device, from the second device; generating a second value based on the public key of the second device and a password input to the first device by a user of the first device according to the password displayed on the screen of the second device; and authenticating the public key of the second device based on the first value and the second value.

Abstract: A system administrator of a wireless LAN 100 manipulates a personal computer PC1 to change a WEP key. The personal computer PC1 authenticates a memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, changed setting information, as well as a previous WEP key before the change of the setting information, is written into the memory card MC. The system administrator then inserts this memory card MC into a memory card slot of a printer PRT1. The printer PRT1 authenticates the memory card MC as genuine under management of the system administrator. In the case of the authenticated memory card MC, the setting information is updated. This arrangement effectively relieves the user's workload in setting wireless communication devices, while ensuring the sufficiently high security.

Abstract: Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.

Abstract: A pattern password trajectory configuration system used in an electronic device with a graphics input interface and a method using the same are provided. The disclosed pattern password trajectory configuration system includes a central processing module, a pattern defining module electronically connected the central processing module for defining the graphics input interface into a central block and multiple blocks neighboring the central block and assigning different data codes to the different blocks neighboring the central block, a sliding direction defining module electronically connected to the central processing module for assigning different prime numbers to define different sliding directions moving along the blocks neighboring the central block, and a touch sequence defining module electronically connected to the central processing module for counting and recording touch sequences of sliding among the blocks neighboring the central block.

Abstract: This invention is to provide an image processing apparatus, an image processing method, a program, and a display in which both of a secret image and a public image can be efficiently displayed with high picture quality without reducing contrast of the public image. One of output images is a secret image which displays an input secret image as one of input images in a partial area of a screen, all the output images including the secret image have a relationship to become, when a luminance value of each pixel thereof is totaled, an input public image as one of the input images; and during a period in which at least the secret image is being outputted, shutter glasses disposed between a display to which the image signals are inputted and user's eyes are set to a light transmission state.

Abstract: Data is secured on a device in communication with a remote location using a password and content protection key. The device stores data encrypted using a content protection key, which itself may be stored in encrypted form using the password and a key encryption key. The remote location receives a public key from the device. The remote location uses the public key and a stored private key to generate a further public key. The further public key is sent to the device. The device uses the further public key to generate a key encryption key, which is then used to decrypt the encrypted content protection key. A new content encryption key may then be created.

Abstract: A cyber fraud phish baiting system for baiting a phishing website is disclosed. The cyber fraud phish baiting system is configured to store a plurality of URLs in a database and enter each of the URLs into a browser to view internet resources linked to the URLs. It is configured to scan the internet resources for information requests, obtain information responsive to the information requests from a database, enter responsive information into the information requests, and store the information requests and the responsive information entered into the information requests for each of the URLs. The internet resource may be a phishing website, and fake information is entered into the information requests.

Abstract: A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information.

Abstract: The present disclosure provides methods and systems for secure logon. One or more method includes: determining, via authentication information provided by a user of an electronic device, that the user is authorized to access an online account provided by the online account provider; providing the user with a selectable option to enable an expedited logon process by which the user can access the online account by solely providing a particular authentication item of the user; receiving a verification credential in response to a next logon attempt using the expedited logon process; and verifying that the received verification credential matches an assigned verification credential provided to the user for use in conjunction with the next logon attempt using the expedited logon process.

Abstract: Biometric information registered for each user is held, user information being a plurality types of attribute information associated with each user is held, a possibility that the user requests authentication is predicted and a predicted value is calculated for each user by using the plurality types of attribute information contained in the held user information. When biometric information for an authentication request is accepted, the accepted biometric information is matched against the biometric information for a plurality of users determined based on calculated predicted values, and it is determined based on the result of the matching whether a person having entered the accepted biometric information is authenticated as the user.

Abstract: Enhanced security measures are provided for accessing applications or data on a client device using an encryption scheme. The client device receives authorization to access the applications or data from a server that compares a password received at the client device with a password previously stored in the server. In addition to comparing the passwords, the server may implement additional security measures such as checking geographic locations of the client device or monitoring for suspicious patterns of usage on the client device. Further, different passwords may be used depending on whether the client device has connectivity with the server. When the connectivity is not available, a longer or more complicated password may be used instead of a shorter or simple password to provide added security. When the user is authenticated, a key is made available to access applications or data on the client device.

Abstract: A method and apparatus is provided for managing private data, such as a phone book, in a multifunction peripheral (MFP) used by multiple users. The method involves receiving user information and performing user authentication, and reading data stored in a user area allocated to the authenticated user in a storage unit divided into a number of user areas. Accordingly, when private data is managed in an MFP used by multiple users, by dividing a storage unit in which data is stored into a number of user areas, allocating the divided user areas to users, and allowing a user to access only a user area allocated to the user through an authentication process, the private data can be fully prevented from being accessed by other users, and it will be unlikely for a user to be confused because of other user data.

Abstract: Provided are exemplary embodiments including a method for creating and using a personal encounter history using a communication device. The method involves the communication device receiving the transmission of a pseudo identifier from a proximal communication device where the pseudo identifier is associated with the user of the proximal communication device. Once received, the method continues with the wireless communication device requesting and receiving the actual identification of the user of the proximal communication device that is correlated with the pseudo identifier. The communication device includes a transceiver capable of communicating wirelessly with a mobile telecommunications network, a memory device and a processor. To ensure privacy, the processor is capable of receiving a pseudo identifier from a proximate communication device and then requesting an actual identification correlated with the pseudo identifier of the proximate communication device.

Abstract: A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password.

Abstract: The availability of software assets on electronic devices, such as mobile devices of users, is restricted based on the time as determined by a managing server. An application that runs on the electronic devices communicates with the server to obtain information regarding which software assets are permitted to be accessed, and restricts user access accordingly. The server may use a clock, in combination with administrator-generated access restriction policies, to determine which software assets are to be made available on each electronic device at particular points in time.

Abstract: According to one embodiment, an electronic apparatus comprises a communication module and a connection control module. The communication module is configured to execute close proximity wireless transfer. The connection control module is configured to start an operation of establishing a connection between the communication module and an external device which is in close proximity to the communication module if an identifier of the external device wirelessly transmitted from the external device is included in a connection permission list. The connection control module is configured to display a password entry screen if the identifier is not included in the connection permission list, and to add, if a password entered on the password entry screen matches with a registered password, the identifier to the connection permission list and start the operation of establishing the connection between the communication module and the external device.

Abstract: A computer-implemented method for neutralizing file-format-specific exploits contained within electronic communications may include (1) identifying an electronic communication, (2) identifying at least one file contained within the electronic communication, and then (3) neutralizing any file-format-specific exploits contained within the file. In one example, neutralizing any file-format-specific exploits contained within the file may include applying at least one file-format-conversion operation to the file. Additionally or alternatively, neutralizing any file-format-specific exploits contained within the file may include constructing a sterile version of the file that selectively omits at least a portion of any exploitable content contained within the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatus for system control includes inputs for an input device which may take the form of switches or sensors. Input device states are related to identification keys. The identification keys are communicated wirelessly or through hard-wired means to a system.

Abstract: The systems and methods described herein can be used for enhancing the security of computer passwords by electronically receiving a password, the password comprising a plurality of components, each of the components being of a type of component, storing the received password in an electronic data store, converting the stored password to a topological representation of the password by which each of the plurality of components is represented and stored as its type of component, and storing the topological representation of the password in an electronic data store.

Abstract: An image forming apparatus to execute user authentication includes an input unit through which user information is input, and an account management unit to manage an account information database. The account information database stores user information corresponding to functions of the image forming apparatus. The image forming apparatus further includes a user authentication unit to execute user authentication based on the user information input through the input unit by using the account information database, and a display unit to display a user interface where a function corresponding to the input user information is activated, in response to a result of the authentication.

Abstract: A method for controlling an analysis system is presented. The method comprises receiving, by an encryption unit, authentication data of a user. In the case of a successful authentication, a user-specific security code is generated by the encryption unit. The security code is outputted by the encryption unit to the authenticated user. The security code and the user-ID are received by an authentication unit coupled to the analysis system via a user-interface coupled to the authentication unit. The security code is decrypted by the authentication unit. If the decrypted security code matches with the user-ID, the user is authenticated at the authentication unit and an authentication signal is generated by the authentication unit for permitting the user to initialize at least one function of the analysis system.

Abstract: An optical medium containing virtual write protect information can be recorded in drives and systems without first changing the write protection from on to off by receiving valid user input. The virtual write protection may also be enabled or disabled by additional information on the disc.

Abstract: A mechanism for certifying that an operating system-based application has authorization to change a UEFI authenticated variable held in the system firmware is discussed. Embodiments of the present invention receive with the system firmware a request from an operating system-based application to change a UEFI authenticated variable. The request includes an authentication descriptor header with a timestamp and pre-determined GUID. The request also includes a hash calculated using a password known to the firmware. The system firmware certifies that the caller has authorization to change an authenticated variable by first verifying the information in the header and then creating a new hash using the password. The new hash is compared to the received hash and must match in order for the system firmware to allow the alteration of the UEFI authenticated variable. In one embodiment, the password is the system firmware password.

Abstract: Aspects of the invention provide for masking a current profile of a one-time programmable (OTP) memory. In one embodiment, a circuit includes: a first one-time programmable (OTP) memory configured to receive a data input for a plurality of address fields; and a second OTP memory configured to receive an inverse of the data input for a plurality of address fields, wherein a current profile for a programming supply for the first OTP memory and the second OTP memory is masked, such that the data input for the first OTP memory is undetectable.

Abstract: A method, a computer readable medium and a system of multi-domain login and messaging are provided. The method for multi-domain login comprises inputting a local password by an agent, accessing a password vault with the local password, and retrieving at least one hidden password from the password vault, and logging the agent into at least one agent application using the at least one hidden password. The method for multi-domain messaging comprises retrieving information of an agent from a database, retrieving at least one skill group to which the agent belongs from the information, retrieving a message linked to the at least one skill group, and sending the message to the agent.

Abstract: According to an embodiment, an information processing apparatus includes a first storage unit, a second storage unit, a power supply state control unit, a cryptographic key movement unit, a communications unit, an information input determination unit, a communications state determination unit, and a cryptographic key control unit. The cryptographic key movement unit is configured to move at least part of the cryptographic key data stored in the first storage unit to the second storage unit before a shift from a power-on state to another power supply state. In the other power supply state, the cryptographic key control unit returns the cryptographic key data from the second storage unit to the first storage unit if it is determined that there is an input of information which matches the information stored in the second storage unit and it is determined that communications are enabled between the communications unit and a base-station apparatus.

Abstract: A password authentication circuit includes a timer that measures first and second periods of a password authentication period, a control circuit that, in a first period, disables writing of a password received into a password register, in a predetermined period within a second period enables writing of a password received into the password register and outside the predetermined period within the second period disables writing of a password received into the password register; a password comparison unit that compares a password in the password register and a password expected value to perform authentication of the password; and a first period generation unit that controls variably the first period, a password last written into the password register in the predetermined period of the second period being made a target for authentication.

Abstract: A method and an apparatus are provided for unlocking an electronic device. A first input screen portion for unlocking the electronic device from a locking mode is displayed. A first input is received from a user via the first input screen portion. The first input is compared with a first user-defined information stored in the electronic device. A second input is received from the user via a second input screen portion. The second input screen portion is displayed after a determination that the first input does not match from the first user-defined information. The second input is compared with a second user-defined information stored in the electronic device. In response to the second input matches to the second user-defined information, the electronic device is unlocked from the locking mode.

Abstract: Disclosed is an electronic device that selects a password and encrypts it utilizing a public key of a public/private encryption key pair. The electronic device then provides the encrypted password to a client device when an access request is received from the client device. The client device proceeds to obtain an unencrypted version of the password by submitting the encrypted password to a private key server (which utilizes the private key of the public/private encryption key pair to decrypt the password) and receiving the decrypted password in return. The client device then returns the password to the electronic device which, upon receiving the decrypted password, allows access from the client device. The device generates the password once during operation or each time an access request is received.

Abstract: A method and apparatus for generating a password in real time by creating at least one password map during creation of an account associated with a user, and generating and providing a random password hint sequence grid to the user in real time, authenticating the user for accessing the account using a password created by the user, where the password is created by the user using the random password hint sequence grid and the at least one password map.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: A communication control system pairs a first communication device with a second communication device, the first communication device includes a first image editing unit that edits an input image in accordance with a predetermined rule to generate a first authentication image, and a first transmission unit that transmits first authentication data representing the first authentication image and a first identifier for identifying the first communication device to a server device, the second communication device includes a second transmission unit that transmits second authentication data representing the second authentication image and a second identifier for identifying the second communication device to the server device, and the server device includes a pairing unit that pairs the first communication device with the second communication device in the case where it is determined that the first authentication data matches the second authentication data.

Abstract: Methods and systems are disclosed for providing indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to control the connection between the thin client terminals and the virtual desktops and the virtual desktops and the IT infrastructure and business applications.

Abstract: A computer security system comprises a secure platform adapted to receive sensitive data from an agent. The secure platform is also adapted to cooperate with a trusted platform module (TPM) to encrypt the sensitive data via a TPM storage key associated with the agent.

Abstract: Systems and methods for authenticating a user request for authentication are provided. An authentication device that may be part of such a system includes a network interface component coupled to a network and configured to receive at least one data packet having authentication information including at least a username of a user and user credentials. The device also includes a memory coupled to the network interface component and configured to store the received authentication information, one or more instructions for authenticating the user, and account information of the user. The device further includes one or more processors configured to analyze the received information, calculate a score based on the received information, determine a threshold, compare the calculated score with the determined threshold, and authenticate the user and a device from which the data packet is received if the calculated score is greater than or equal to the determined threshold.

Abstract: A low resource mobile device, such as a smart phone or a tablet running a mobile operating system, requests a cloud computer system to inspect a mobile application for malicious content. The cloud computer system downloads the mobile application from a mobile application source, and installs the mobile application in a virtual machine sandbox. The cloud computer system inspects the mobile application for malicious content while the mobile application executes in the virtual machines sandbox. The result of the inspection is sent to the user in accordance with a setting that may be indicated in a cloud sandbox agent running on the mobile device.

Abstract: In a system for disconnected authentication, verification records corresponding to given authentication token outputs over a predetermined period of time, sequence of events, and/or set of challenges are downloaded to a verifier. The records include encrypted or hashed information for the given authentication token outputs. In one embodiment using time intervals, for each time interval, token output data, a salt value, and a pepper value, are hashed and compared with the verification record for the time interval. After a successful comparison, a user can access the computer. A PIN value can also be provided as an input the hash function. A portion of the hash function output can be used as a key to decrypt an encrypted (Windows) password, or other sensitive information.

Abstract: A distributed operation is performed using at least one first and second computer-based object, wherein control information is used to influence or determine a property, a function of the first and/or second computer-based objects. The control information includes details of a parameter identifier, a value associated with the parameter identifier, a range of validity and a remote access attribute. The control information is provided in a retrievable manner, according to the included range of validity, in a memory organized according to ranges of validity and is associated with the first computer-based object. During a function or service call for performing the distributed operation, which is sent from the first computer-based object to the second, the control information is transmitted to the second computer-based object, provided in a retrievable manner in the memory organized according to the ranges of validity and associated with the second computer-based object.

Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.

Abstract: Access to virtual machine inputs and outputs are controlled. Controlling access to virtual machine inputs and outputs may comprise locking inputs and outputs of a virtual machine from within the virtual machine, other than a predefined limited access input, detecting a request to unlock the inputs and outputs of the virtual machine; determining if a requester is authorized to unlock the inputs and outputs of the virtual machine and unlocking, temporarily, the inputs and outputs of the virtual machine if the requester is authorized. The predefined limited access input is configured to receive an input device with a private secret for unlocking the inputs and outputs of the virtual machine. The inputs and outputs are unlocked when an input device having a shared password is attached.

Abstract: A popularity determination module (PDM) is described which reduces the effectiveness of statistical guessing attacks. The PDM operates by receiving a password (or other secret information item) from a user. The PDM uses a model to determine whether the password is popular among a group of users. If so, the PDM may ask the user to select another password. In one implementation, the model corresponds to a probabilistic model, such a count-min sketch model. The probabilistic model provides an upper-bound assessment of a number of times that a password has been encountered. Further, the probabilistic model provides false positives (in which passwords are falsely assessed as popular) at a rate that exceeds a prescribed minimum rate. The false positives are leveraged to reduce the effectiveness of statistical guessing attacks by malicious entities.

Abstract: A method for secure authentication is provided which includes having a user who wishes to gain access to a computer or computer network select from among a plurality of randomly displayed images, having different background colors, the correct image and background color which correspond to the user's computer account. In one advantageous form, in addition to selecting the correct image, the user must first enter a username and password. In an alternative form, if a user is seeking access to a computer network by using a preapproved access point or computer having an approved IP address, a user is allowed to gain access to the computer network without being prompted to select a correct image.

Abstract: Methods, systems, and apparatus for voice authentication and command. In an aspect, a method comprises: receiving, by a data processing apparatus that is operating in a locked mode, audio data that encodes an utterance of a user, wherein the locked mode prevents the data processing apparatus from performing at least one action; providing, while the data processing apparatus is operating in the locked mode, the audio data to a voice biometric engine and a voice action engine; receiving, while the data processing apparatus is operating in the locked mode, an indication from the voice biometric engine that the user has been biometrically authenticated; and in response to receiving the indication, triggering the voice action engine to process a voice action that is associated with the utterance.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.

Abstract: An authentication system, an authentication method, and a network storage appliance are provided. The authentication system includes a client electronic device, the network storage appliance having an authentication proxy, and a directory server having an authentication service module and an account database. The client electronic device selects a data access service and transmits an encrypted data and a user data to the network storage appliance. The authentication proxy packs the encrypted data and the user data into an authentication login information and transmits the authentication login information to the directory server. The authentication service module receives the authentication login information and performs decryption and comparison on the authentication login information according to a corresponding authentication protocol and a corresponding account information in the account database, so as to determine whether the authentication is successful.

Abstract: A method of monitoring all network login activity, which includes a real-time analysis of intercepting all network login activity, analyzing network login activity, authenticating network login activity and closing (i.e., terminating) those network login connections that are not authenticated to proceed and access the network.

Abstract: The present invention relates to an apparatus and a method for managing digital rights using virtualization technique, and more particularly to an apparatus and a method for enabling a user to access a desired text file in an independent area through a virtual machine corresponding to a licensed right for accessing the text file. The present invention comprises a virtual machine (VM) management unit for controlling a user access authorization function for accessing the text file in the area to which the virtualization technique is applied.

Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.

Abstract: A method and apparatus are provided to allow a user of a communications device to utilize one-time password generators for two-way authentication of users and servers, i.e., proving to users that servers are genuine and proving to servers that users are genuine. The present invention removes the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods, e.g., telephone, web interfaces, automatic teller machines (ATMs), etc. Also, the present invention may be utilized in consumer and enterprise applications.