Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: A telecommunication system is arranged between a trusted automated interactive system and a non-secure agent. The trusted automated interactive portion is operable for bidirectional communications with a caller. The agent portion is arranged to be bridged onto a communication connection between the caller (or network chat user) and the trusted interactive system under certain conditions. Sensitive data transmitted between the system and a calling user may be blocked from being communicated to the agent even while the agent is bridged onto the connection. In one embodiment, information (such as a verification of authenticity of the caller) pertaining to the sensitive data (but not the sensitive data itself) is communicated to the agent.

Abstract: A storage device protection system including a protection control unit, a detection unit, an account/password input unit, an ID acquiring unit, and an encryption unit is provided. The detection unit determines whether a storage device and a key storage device are both coupled to a host. The account/password input unit receives an administrator ID and an administrator password. The ID acquiring unit obtains IDs of the storage device and the key storage device. The encryption unit encrypts the administrator ID, the administrator password, and the IDs of the storage device and the key storage device into encryption data. The protection control unit stores the encryption data into the key storage device and sets an access mode of the storage device as a protection status according to the administrator ID and the administrator password. Thereby, the storage device can be effectively unlocked by using the key storage device.

Abstract: Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices.

Abstract: At the time of input of authentication information, even when the hand and the input screen are seen from the third person, guess of authentication information is made difficult. A plurality of keys serving as input means are divided into a first region and a second region. Then, the first region and the second region are caused to transit between a first state and a second state distinguished from each other depending on the displayed contents. When a region where a key to be inputted for the input of authentication information is arranged is in the second state, input to the above-mentioned plurality of keys is recognized as dummy.

Abstract: A system and method for creating a document containing secured personal identification information includes a database containing personal identification information; a classifier module for collecting and classifying the personal identification information; a memory module for storing the classified personal identification information; a password generator for associating a password combination with the classified personal identification information; a controller module for receiving and sending the classified personal identification information and the password combination to a processor; an encryptor in operative communication with the processor, for encrypting the classified personal identification information using the password combination; an encoder for converting the encrypted personal identification information into machine readable code; and a data recording system for creating a document containing secured personal identification information.

Abstract: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key_MSB=AES128(base_key_1,client_ID),??(1) client_key_LSB=AES128(base_key_2,client_ID+pad),and??(2) client_key=client_key_MSB?client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

Abstract: A projector system includes an information processing apparatus and a projector. The projector includes a device connection unit which enables communication between the information processing apparatus and the projector, a password generating unit which generates a password, and an encryption unit which encrypts the password and outputs the encrypted password to the information processing apparatus through the device connection unit.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: Electronic equipment according to the present disclosure includes a writable non-volatile memory, a plurality of volatile memories, and a sequencer. The writable non-volatile memory stores an operation parameter group required to operate the electronic equipment. Respective addresses are assigned to the plurality of volatile memories. The plurality of volatile memories includes a specified volatile memory. The specified volatile memory stores a part of the operation parameters among the operation parameter group. The specified volatile memory is accessible by inputting an Enable signal. The sequencer can read and write the non-volatile memory when the Enable signal allows an operation parameter stored in the volatile memory to be written to the non-volatile memory.

Abstract: An information processing apparatus has a request determining part determining a request type for streaming contents from a communicating apparatus, a copy number managing part managing the number of copies permissible for the communicating apparatus, a stream number managing part managing the number of streams now in communication, a key-selection processing part selecting a first key corresponding to transfer of streaming contents permissible for one or more of copies or a second key corresponding to transfer of streaming contents for copies with generation management restriction or not permissible for copies, an encryption processing part generating encrypted streaming contents using the first or the second key, and a packet processing part generating a packet that includes the encrypted streaming contents and key information selected by the key-selection processing part and to include information on the number of copies to the packet when the first key is selected.

Abstract: A processor executing a password manager randomly selects a first requirement and a second requirement for creating a password from a set of requirements, wherein the second requirement is selected independently of the first requirement. The processor provides the first requirement for creating the password, receives characters for the password, determines whether the characters satisfy the first requirement, and provides information that indicates whether the characters satisfy the first requirement. Responsive to the characters satisfying the first requirement, the processor provides the second requirement for creating the password.

Abstract: Methods, apparatus, and systems are disclosed for, among other things, secure passphrase handling for computing devices. In one respect, a method is provided. The method includes receiving a plurality of passphrase elements from an input device. The method also includes performing a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value. The passphrase is verified upon completion of the sequence of secure delay processing operations. Further, initial values of respective secure delay processing operations are based on respective passphrase elements and, for each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operations.

Abstract: A method for creating a password on an electronic computing device is disclosed. On the electronic computing device, a first password is obtained. The first password comprises a string of one or more characters. A first character is appended to the first password to form a second password. A hash function is applied to the second password to generate a first hashed password. The first hashed password comprises a first bit string. A determination is made as to whether the first hashed password includes a predefined sequence of bits. When it is determined that the first hashed password includes the predefined sequence of bits, the second password is designated as an auditable password.

Abstract: A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.

Abstract: To support authentication of a mobile device, an application server obtains an application identifier and password and creates an encrypted value by encrypting a combination of the password and a lime based value. The application server transmits the application identifier and encrypted value over a communication network to the mobile device as a credential, and the mobile device sends the credential over the network to a secure server providing an application assistance service. The secure server independently computes an encrypted value by encrypting the combination of the password and the time-based value. If the encrypted value front the received credential matches the encrypted value computed by the secure server, that server grants access to the assistance service for the mobile device.

Abstract: A method, telecommunication apparatus, and electronic device for securely creating an identity data block are disclosed. A secure memory 208 may store a unique private key 326 associated with a unique public key 328. A processor 204 may generate the identity data block 332 in the secure memory 208 using the unique private key 326. The processor 204 may erase the unique private key 326 from the secure memory 208.

Abstract: One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user.

Abstract: A method and system for user authentication uses photos, pictures, images, pictures of words, logos, graphics, icons, or pictures of colors (graphical elements) as password elements (graphical password) to gain access to a secure platform, section of a platform, specific content, website, computer, mobile device or other electronic device (secure content). The Method and system provide the creation, use in authentication and maintenance of the graphical password. Graphical password creation is initiated through user selection and platform storage of a subset of one or more platform provided or user provided graphical elements (secret graphical elements). The graphical elements are photos, pictures or images that are memorable to the user and are from within one or more relevant categories, e.g. colors, playing cards, animals. A graphical user interface (GUI) having virtual dials, wheels, reels or keypads to display images is used to implement the login/authentication process.

Abstract: A method of encrypting sensor input entries for passcode entry security is disclosed. The method in one embodiment includes presenting a passcode entry interface on an electronic device for a user to input a passcode entry. The electronic device then receives an input event, which is indicative of at least part of the passcode entry by the user, from a sensor of the electronic device. The electronic device then encrypts a sensor value of the input event and transmits the encrypted sensor value to an external system over a network to cause the external system to decipher the passcode entry from the encrypted sensor value.

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: A method and system for instant personalization security are provided. The system includes a platform for a user to open applications and/or access web sites. When an application is integrated with the platform, the identification of the application can be combined with the ID of the user and encrypted into a hashed ID. The application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application only has access to a pseudonymous profile (e.g., the hashed ID, first name, last initial, small profile pictures, and/or other non-fully identifying profile information) of the user. One or more options are then provided for the user to authorize or reject the application to access the user's fully identifying profile. Upon the user's authorization, an access token is provided to the application to access a subset of the user's fully identifying profile.

Abstract: The present disclosure relates to a multi-touch method, configured to a touch panel. The method comprises: applying a first object to touch a first image on the touch panel for inputting a first password; and determining whether inputting a second password, and if not, removing the first object from the touch panel for ending a first round of password input.

Abstract: Method enabling a user to verify the operation of a personal cryptographic device, comprising the following steps: a) a user (2) enters an access request in a terminal (3) (100), d) a personal cryptographic device (1) of the user (2) calculates and displays a response (105), g) the user (2) verifies the operation of the personal cryptographic device (1) by requesting the terminal (3) to display the expected response to the challenge (110), i) the terminal (3) displays the expected response to the challenge (113), j) the user (2) compares the response displayed by the personal cryptographic device with the response displayed by the terminal.

Abstract: A system and method for troubleshooting errors that occur during token requests. An identity provider generates a session ID and uses the session ID when logging events that occur during handling of the request. Multiple servers, processes, or threads may use the same session ID. The session ID may be sent with an error message to the requester. An ID of one or more servers that processed the request may also be sent to the requester. Upon receiving the error message, the requester may provide the error information to an administrator, who uses the information to retrieve associated logged events.

Abstract: An interactive method for authentication is based on a shared secret which is in the form of an enumerated pattern of fields on a frame of reference. An instance of the frame of reference comprises an array of characters in which the characters are arranged in a random or other irregular pattern on a grid of content fields. An authentication challenge includes characters from the character set, and is delivered in- or out-of-band. The authentication response includes the enumerated position numbers on the enumerated pattern of the field locations on the grid at which the challenge characters are found.

Abstract: Method of securing a digital storage device, wherein a host is connected to the storage device, the host digitally locks the storage device so that unauthorized data access to the storage device is denied, the host sets the encryption conditions of the storage device in one of a condition wherein encryption of data on the storage device is enabled, and a condition wherein encryption of data on the storage device is disabled.

Abstract: A method is disclosed for adjusting a security interface display on an electronic device. The method comprises a user of an electronic device requesting a change in the display of an interface for entering security code information on the device. The device presents to the user a variety of options related to the manner in which the graphical elements of the security interface may be displayed. The user may select any one or more of the display options. The electronic device thereafter displays a security interface with graphical elements displayed according to the user's selection.

Abstract: A method and apparatus for setting a TV operation environment for users submitting authorizing passwords. The method of setting a user environment of a television (TV) includes displaying a plurality of icons of Identifications (IDs) for respective users, each of the IDs corresponding to an operation environment for a user. If an ID icon is selected among the displayed icons, a password corresponding to the selected ID icon is authenticated, and if a user is authenticated by the password, a preset operation mode for the user is set.

Abstract: A method of accessing an internet based service, involves using a cellular telephony device to obtain a token from the provider of the internet based service, and within the cellular telephony device, using the token to calculate a time-limited password. The time-limited password is used in combination with at least one further user identification parameter to obtain access to the internet based service.

Abstract: In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.

Abstract: A server apparatus includes an analyzer unit which analyzes log-in information for a server received from a client, determines an authentication scheme of the server, and extracts, from the log-in information, provisional authentication information in a form representative of variable information. The analyzer unit stores, in the storage device, information representative of the authentication scheme and the provisional authentication information as the variable information. The analyzer unit also stores, in the storage device, as the variable information, authentication information of a user for the server that is associated with representative authentication information of the user.

Abstract: Methods, computer program products, and systems are provided for using a single shared secured connection among all servers in a cluster by efficiently establishing and securely disseminating a shared key between the servers. In particular, this is done by using a Diffie-Hellman key agreement scheme among the servers using an ordered list of servers generated on-the-fly.

Abstract: Methods and systems provide secure functions for a mobile client. A circuit may include a memory configured to store a server access key and a first function authentication key. The circuit may also include authentication circuitry configured to access the server access key to authenticate access to a server to download a function capsule comprising a first function and to access the first function authentication key to authenticate use of the first function of the function capsule.

Abstract: A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.

Abstract: A security service determines whether to grant a user access to a resource. The service receives from the user a security term in an obscured form derived from a revealed form of the security term according to a predefined padding scheme known to the user and to the security service. The service applies the padding scheme to the received term to result in a de-padded security term and confirms that the de-padded security term matches the retrieved revealed security term. Additionally, the service confirms that the received term has not been previously employed within a predetermined frame of reference. Accordingly, if the received obscured security term is purloined and re-used within the predetermined frame of reference, the security service denies access to the resource.

Abstract: By comparing a chip unique password, certification for activating a debug function can be established on the chip unique password. Thus, even when the chip unique password is lost due to negligence, not only certification for activating debugging on other motherboards of the same model number can remain unaffected, but also risks caused by replacing a chip or by a private key leakage from a system manufacturer are eliminated.

Abstract: Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

Abstract: A method comprises detecting zapping to or from one or more services; determining whether the zapping includes termination of a password-protected service; and sending a trigger message (248, 256, 262) only if the zapping includes termination of a password-protected service (X, Y, Z). In one embodiment, the trigger message is sent to a smartcard (SC). In one embodiment, the password-protected service is password-protected for parental control. In one embodiment, the method further includes requesting a password when the zapping includes zapping to a password-protected service. In one embodiment, the password-protected service is a pincode-protected service.

Abstract: A method for entering a passcode within a mobile device begins with receiving an indication of a user attempt to access the mobile device. A passcode entry display including a plurality of touch points is generated responsive to the indication. Each of the plurality of touch points includes at least two visual identifiers associated therewith. The passcode entry display is displayed on an interface of the mobile device and the passcode is received responsive to user selection of a sequences of the plurality of touch points associated with a predetermined sequence of at least one of the visual identifiers. The arrangement of the at least two visual identifier associated with the plurality of touch points of each passcode entry display differs from an arrangement of the at least two visual identifiers in a previous and a subsequent passcode entry display.

Abstract: This invention is to provide an image processing apparatus, an image processing method, a program, and a display in which both of a secret image and a public image can be efficiently displayed with high picture quality without reducing contrast of the public image. One of output images is a secret image which displays an input secret image as one of input images in a partial area of a screen, all the output images including the secret image have a relationship to become, when a luminance value of each pixel thereof is totaled, an input public image as one of the input images; and during a period in which at least the secret image is being outputted, shutter glasses disposed between a display to which the image signals are inputted and user's eyes are set to a light transmission state.

Abstract: Various embodiments herein include at least one of systems, methods, and software to receive and process credential requests for remote support of computer applications. One embodiment includes receiving a credentials request in a first environment from a second environment in response to an incident in the first environment. This embodiment further includes processing the received credentials request within the first environment by approving the request, activating credentials, and sending the credentials to the second environment. This embodiment may further include receiving, within the first environment, a message indicating the incident is resolved and deactivating the credentials.

Abstract: An apparatus lets a user to determine a pool of images and then forms from the pool of images a set of images for user authentication and divides the set of images into two mutually exclusive subsets: a key image subset comprising images referred to as key images and a decoy image subset comprising images referred to as decoy images. The apparatus displays the key images to the user to teach the key images to the user. Then, to authenticate the user, the apparatus produces an assortment of decoy images and key images, and displays the assortment to the user. The apparatus receives from the user identification of images held as key images and verifies whether the identification of key images matched with the key images selected by the processor.

Abstract: A semiconductor memory may be provided with a built-in test mode that is accessible through a password protection scheme. This enables access to a built-in test mode after manufacturing, if desired. At the same time, the password protection prevents use of the built-in test mode to bypass security features of the memory.

Abstract: Aspects of the present invention provide a solution for verifying the integrity of a transaction. In response to receipt of a confirmed electronic transaction from a user, a one time password is forwarded to the user. The user then initiates a telephonic communication with a verifier on the user's wireless device and provides the one time password to the verifier. The verifier authenticates the mobile telephonic device based on the device's caller identification number and determines whether the one time password provided by the user matches the one forwarded to the user. After the user is authenticated, the verifier communicates the details of the transaction that were received and the user confirms whether the details match those originally entered.

Abstract: Mobile devices provide security based on geographic location. With such a technique, a mobile device may automatically check its current location against geographic information as to the location(s) in which it is permitted to operate. When the user attempts access to the device, the mobile device will prompt the user for his/her credential only if the geographic location matches an allowed location. The user gains access then by inputting information corresponding to the credential, e.g. username and password, of a valid user. In the examples, if the geographic location does not match an allowed location, the mobile device provides a warning to the user, and the user is not allowed to enter any credential information. Optionally, the mobile device may send an alert message about the device being taken outside a specified boundary, e.g. to report the situation to other personnel.

Abstract: Various methods and systems are provided for allowing a user to select a non-numeric PIN or password and use that to access content instead of a conventional numerical PIN. A series of visual, textual, and/or audio “digits” form the PIN, where each succeeding digit may be related to one or more of the preceding digits.

Abstract: A security token access device, a user device such as a computing device or communications device, and a method for managing multiple connections between multiple user devices and the access device. The access device maintains connection information, including security information, for each user device securely paired with the access device. Each time a new user device is paired with the access device, the access device transmits a notification to the user devices already paired to the user device. A user may provide instructions to the access device to terminate a pairing with one of the user devices by overwriting at least a portion of the connection information associated with the designated user device. A user device may further request a listing of all user devices currently paired with the access device.

Abstract: A centralized password repository (CPR) provides network users with a password portal through which the user can manage password access to domains and applications on the network. A subset of the domains and applications on the network may be required, by design, to maintain a separate password infrastructure. For these systems, the CPR establishes a secure and authenticated communication channel and software on the system interfaces with the password infrastructure to synchronize the password in the system password infrastructure with the password in the CPR. For other systems not required to maintain a separate password infrastructure, the CPR performs password services by responding to requests from those systems seeking to validate user IDs and passwords. The CPR enables an administrator to modify network privileges and enables a user to alter passwords on the network through a single interface.

Abstract: A server computing system receives a request to authenticate the identity of a user. The user may wish to perform an action that requires the user's identity to first be verified. In response to the request, the server computing system automatically contacts trusted associates that are listed in policy data for the user and determines whether the trusted associates validate the identity of the user. The server computing system provides one-time passwords to the user for the trusted associates that have validated the identity of the user. Subsequently, the user can combine the one-time passwords to form an authentication password, which can be used to determine whether the user is allowed to perform the action.