Abstract: A method of generating a time managed challenge-response test is presented. The method identifies a geometric shape having a volume and generates an entry object of the time managed challenge-response test. The entry object is overlaid onto the geometric shape, such that the entry object is distributed over a surface of the geometric shape, and a portion of the entry object is hidden at any point in time. The geometric shape is rotated, which reveals the portion of the entry object that is hidden. A display region on a display is identified for rendering the geometric shape and the geometric shape is presented in the display region of the display.

Abstract: Data are accessed securely in a data storage device that includes a non-volatile solid-state storage device integrated with a magnetic storage device. An identical copy of drive security data, such as an encrypted version of a drive access password, is stored in both the non-volatile solid-state storage device and in the magnetic storage device. In response to receiving a command from a host device that results in access to the magnetic storage device, access is granted to the magnetic storage device if the copy of drive security data stored in the non-volatile solid-state storage device matches the copy of drive security data stored in the magnetic storage device. Furthermore, encrypted drive-unique identification data associated with the drive may be stored in both the non-volatile solid-state storage device and the magnetic storage device, and access is granted if both copies of the encrypted drive-unique identification data match.

Abstract: Methods, apparatus and systems for securing user-associated passwords used in transactions are disclosed. The methods include a user computing device receiving a user-associated password such as a PIN from a user, where the user-associated password is operable to authenticate an identity of a user. The user-associated password may be received in response to the user receiving a request for the user-associated password from a third party such as a merchant. The user computing device may generate a temporary password such as a one-time password, dynamic password, or the like, and encrypt the user-associated password using the temporary password. The encrypted user-associated password may then be communicated to the third party in lieu of the user-associated password received by the user.

Abstract: Exemplary network infrastructures and methods employing a Security Gateway utilize client authentication for use of a secure connection between an application client and an application server of a protected network. Once a secure connection has been set up, a Security Gateway can start a timer for establishing a period within which a password and username are to be received from the application client before traffic is allowed to exit the Security Gateway. If a username and password are provided while the timer is running, the Security Gateway can contact a single sign on (SSO) server to check whether the username and password are correct. If the username and password are valid, the Security Gateway can start relaying traffic externally to the application server. If an invalid username and password are provided or the timer times out before receipt of a username and password, the secure connection can be terminated.

Abstract: A system and method is presented for authentication, so as to control access to a resource. A set of objects (for example, a set of images) is established in advance between the user and the service for which the user is to be authenticated. During the authentication, the user, instead of inputting an alpha-numeric password, will be sent several sets (e.g., tables) containing the previously specified objects (e.g., images) in some arrangement (e.g., spatial pattern) among other objects (images). In order to authenticate, the user is shown additional tables, and must determine, as to each, whether it contains the same set of specified objects in the same spatial relationship as in the first table shown. After the user has correctly identified which tables reflect the specified objects in the requisite pattern, the user will be considered authenticated, and will then be granted access to the requested resource (for example, a bank account).

Abstract: A cellular network system comprises a device identifier comparator and a connection enable indicator. A device identifier comparator for comparing a received device identifier with one of a plurality of stored device identifiers, wherein the one of the stored plurality of stored device identifiers is associated with a stored subscriber identifier. A connection enable indicator for indicating whether a connection from a cellular device associated with the received device identifier to a data network associated with the cellular network system should be enabled.

Abstract: Provided are a method, system, and computer program product for providing multiple authentications to authenticate users with respect to a system and file systems offered through the system. A request is received from a user to access a system, wherein the system provides access to a plurality of file systems. A first authentication of the user with respect to the system is performed. In response to success of the first authentication with respect to the system, a request by the user is received to access a selected one of the file systems. A second authentication is performed of the user with respect to the selected file system. The user is allowed access to the selected file system in response to success of the second authentication.

Abstract: A verification server is configured to communicate with a usage target system via a first communication channel and an information terminal device via a second communication channel. The verification server includes: a unit for registering personal information of a user for using a usage target system; a unit for receiving, via the second communication channel, system identification information of the usage target system and a restriction code from an information terminal device owned by a use; a unit for generating an internal system password for the usage target system; a unit for receiving, via the first communication channel, a plurality of characters from the usage target system, the plurality of characters being inputted by a user into the usage target system; and a unit for determining whether the plurality of characters are legitimate based on the internal system password and the system identification information.

Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: A device includes a memory which stores a program, and a processor which executes, based on the program, a procedure comprising establishing a session with a request source when a request for a service, made to a second providing source, has been received from the request source, the second providing source providing the service based on data stored in a first providing source; and when an inquiry about whether to transmit the data to the second providing source has been received from the first providing source, notifying, so as to encrypt a mask range of the data, the first providing source of session information indicating the session established with the request source and notifying the request source of the session information so as to decrypt the encrypted mask range of data based on the session information.

Abstract: An approach is provided for authenticating using user actions. A prompt is initiated on a display for an input to authenticate a user. The input is received as a sequence of user actions on the display. A predetermined sequence associated with the user is retrieved. The received sequence is compared with the predetermined sequence to determine a match. The user is declared to be authenticated based on the comparison.

Abstract: A current prefix character string representing a prefix of a proposed password may be obtained from a user input device. A prediction of a most likely next character of the proposed password may be determined, based on applying a set of heuristics to the current prefix character string. A response indicating an impact on a security strength of the proposed password may be determined, based on a selection of the predicted most likely next character.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting one or more portions of one or more items and that was in possession of a first user has been transferred from the first user to a second user; and marking, in response to said determining, the one or more portions of the one or more items to facilitate the computing device in returning to the one or more portions upon the computing device being at least transferred back to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user.

Abstract: A telecommunication system is arranged between a trusted automated interactive system and a non-secure agent. The trusted automated interactive portion is operable for bidirectional communications with a caller. The agent portion is arranged to be bridged onto a communication connection between the caller (or network chat user) and the trusted interactive system under certain conditions. Sensitive data transmitted between the system and a calling user may be blocked from being communicated to the agent even while the agent is bridged onto the connection. In one embodiment, information (such as a verification of authenticity of the caller) pertaining to the sensitive data (but not the sensitive data itself) is communicated to the agent.

Abstract: There is provided person oneself authenticating means for authentication of a user, which is highly secure and realizable by functions ordinarily provided by a PC, mobile phone, etc., and which is less burdensome than typical user authentication key management and authentication operations. Sound or an image is adopted as an authentication key for person oneself authentication. Authentication data is edited by combining an authentication key, which is selected by a registered user, and sound or an image that is other than the authentication key, and the authentication data is continuously reproduced in a user terminal. A time in which a user has discriminated the authentication key from the reproduced audio or video is compared with a time in which the authentication key should normally be discriminated, which is specified from the authentication data. When both times agree, the user is authenticated as a registered user.

Abstract: A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.

Abstract: A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack.

Abstract: A storage device protection system including a protection control unit, a detection unit, an account/password input unit, an ID acquiring unit, and an encryption unit is provided. The detection unit determines whether a storage device and a key storage device are both coupled to a host. The account/password input unit receives an administrator ID and an administrator password. The ID acquiring unit obtains IDs of the storage device and the key storage device. The encryption unit encrypts the administrator ID, the administrator password, and the IDs of the storage device and the key storage device into encryption data. The protection control unit stores the encryption data into the key storage device and sets an access mode of the storage device as a protection status according to the administrator ID and the administrator password. Thereby, the storage device can be effectively unlocked by using the key storage device.

Abstract: Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices.

Abstract: At the time of input of authentication information, even when the hand and the input screen are seen from the third person, guess of authentication information is made difficult. A plurality of keys serving as input means are divided into a first region and a second region. Then, the first region and the second region are caused to transit between a first state and a second state distinguished from each other depending on the displayed contents. When a region where a key to be inputted for the input of authentication information is arranged is in the second state, input to the above-mentioned plurality of keys is recognized as dummy.

Abstract: A system and method for creating a document containing secured personal identification information includes a database containing personal identification information; a classifier module for collecting and classifying the personal identification information; a memory module for storing the classified personal identification information; a password generator for associating a password combination with the classified personal identification information; a controller module for receiving and sending the classified personal identification information and the password combination to a processor; an encryptor in operative communication with the processor, for encrypting the classified personal identification information using the password combination; an encoder for converting the encrypted personal identification information into machine readable code; and a data recording system for creating a document containing secured personal identification information.

Abstract: Both end-to-end security and traffic visibility may be achieved by a system using a controller that derives a cryptographic key that is different for each client based on a derivation key and a client identifier that is conveyed in each data packet. The controller distributes the derivation key to information technology monitoring devices and a server to provide traffic visibility. For large key sizes, the key may be derived using a derivation formula as follows: client_key_MSB=AES128(base_key_1,client_ID),??(1) client_key_LSB=AES128(base_key_2,client_ID+pad),and??(2) client_key=client_key_MSB?client_key_LSB, where (1) and (2) are executed in parallel. The client key and a client identifier may be used so that end-to-end security may be achieved.

Abstract: Methods, apparatus, and systems are disclosed for, among other things, secure passphrase handling for computing devices. In one respect, a method is provided. The method includes receiving a plurality of passphrase elements from an input device. The method also includes performing a sequence of secure delay processing operations, each operation generating a delayed output value from an initial value. The passphrase is verified upon completion of the sequence of secure delay processing operations. Further, initial values of respective secure delay processing operations are based on respective passphrase elements and, for each secure delay processing operation after a first secure delay processing operation, a delayed output value from at least one other secure delay processing operations.

Abstract: Systems and methods for authentication generate keys from secret credentials shared between authenticating parties and authenticators. Generation of the keys may involve utilizing specialized information in the form of parameters that are used to specialize keys. Keys and/or information derived from keys held by multiple authorities may be used to generate other keys such that signatures requiring such keys and/or information can be verified without access to the keys. Keys may also be derived to form a hierarchy of keys that are distributed such that a key holder's ability to decrypt data depends on the key's position in the hierarchy relative to the position of a key used to encrypt the data. Key hierarchies may also be used to distribute key sets to content processing devices to enable the devices to decrypt content such that sources or potential sources of unauthorized content are identifiable from the decrypted content.

Abstract: A projector system includes an information processing apparatus and a projector. The projector includes a device connection unit which enables communication between the information processing apparatus and the projector, a password generating unit which generates a password, and an encryption unit which encrypts the password and outputs the encrypted password to the information processing apparatus through the device connection unit.

Abstract: A method for creating a password on an electronic computing device is disclosed. On the electronic computing device, a first password is obtained. The first password comprises a string of one or more characters. A first character is appended to the first password to form a second password. A hash function is applied to the second password to generate a first hashed password. The first hashed password comprises a first bit string. A determination is made as to whether the first hashed password includes a predefined sequence of bits. When it is determined that the first hashed password includes the predefined sequence of bits, the second password is designated as an auditable password.

Abstract: An information processing apparatus has a request determining part determining a request type for streaming contents from a communicating apparatus, a copy number managing part managing the number of copies permissible for the communicating apparatus, a stream number managing part managing the number of streams now in communication, a key-selection processing part selecting a first key corresponding to transfer of streaming contents permissible for one or more of copies or a second key corresponding to transfer of streaming contents for copies with generation management restriction or not permissible for copies, an encryption processing part generating encrypted streaming contents using the first or the second key, and a packet processing part generating a packet that includes the encrypted streaming contents and key information selected by the key-selection processing part and to include information on the number of copies to the packet when the first key is selected.

Abstract: A processor executing a password manager randomly selects a first requirement and a second requirement for creating a password from a set of requirements, wherein the second requirement is selected independently of the first requirement. The processor provides the first requirement for creating the password, receives characters for the password, determines whether the characters satisfy the first requirement, and provides information that indicates whether the characters satisfy the first requirement. Responsive to the characters satisfying the first requirement, the processor provides the second requirement for creating the password.

Abstract: Electronic equipment according to the present disclosure includes a writable non-volatile memory, a plurality of volatile memories, and a sequencer. The writable non-volatile memory stores an operation parameter group required to operate the electronic equipment. Respective addresses are assigned to the plurality of volatile memories. The plurality of volatile memories includes a specified volatile memory. The specified volatile memory stores a part of the operation parameters among the operation parameter group. The specified volatile memory is accessible by inputting an Enable signal. The sequencer can read and write the non-volatile memory when the Enable signal allows an operation parameter stored in the volatile memory to be written to the non-volatile memory.

Abstract: A method and a device are provided for accessing data files of a secure file server, wherein a user or a process is authenticated; wherein access to the data files of the secure file server takes place by way of an encryption module of the secure file server; wherein the encryption module comprises an encryption agreement of a centralized security application; and wherein the access of the authenticated user or process to the secure file server takes place by way of an encrypted protocol taking into consideration the encryption agreement. Such a device may be included in a corresponding computer network.

Abstract: To support authentication of a mobile device, an application server obtains an application identifier and password and creates an encrypted value by encrypting a combination of the password and a lime based value. The application server transmits the application identifier and encrypted value over a communication network to the mobile device as a credential, and the mobile device sends the credential over the network to a secure server providing an application assistance service. The secure server independently computes an encrypted value by encrypting the combination of the password and the time-based value. If the encrypted value front the received credential matches the encrypted value computed by the secure server, that server grants access to the assistance service for the mobile device.

Abstract: One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user.

Abstract: A method, telecommunication apparatus, and electronic device for securely creating an identity data block are disclosed. A secure memory 208 may store a unique private key 326 associated with a unique public key 328. A processor 204 may generate the identity data block 332 in the secure memory 208 using the unique private key 326. The processor 204 may erase the unique private key 326 from the secure memory 208.

Abstract: A method and system for user authentication uses photos, pictures, images, pictures of words, logos, graphics, icons, or pictures of colors (graphical elements) as password elements (graphical password) to gain access to a secure platform, section of a platform, specific content, website, computer, mobile device or other electronic device (secure content). The Method and system provide the creation, use in authentication and maintenance of the graphical password. Graphical password creation is initiated through user selection and platform storage of a subset of one or more platform provided or user provided graphical elements (secret graphical elements). The graphical elements are photos, pictures or images that are memorable to the user and are from within one or more relevant categories, e.g. colors, playing cards, animals. A graphical user interface (GUI) having virtual dials, wheels, reels or keypads to display images is used to implement the login/authentication process.

Abstract: A method of encrypting sensor input entries for passcode entry security is disclosed. The method in one embodiment includes presenting a passcode entry interface on an electronic device for a user to input a passcode entry. The electronic device then receives an input event, which is indicative of at least part of the passcode entry by the user, from a sensor of the electronic device. The electronic device then encrypts a sensor value of the input event and transmits the encrypted sensor value to an external system over a network to cause the external system to decipher the passcode entry from the encrypted sensor value.

Abstract: This document describes tools that constrain a login to a subset of access rights. In one embodiment, the tools generate a constrained password by executing a cryptographic algorithm on a user ID, general password, and one or more desired constraints. The constrained password is used in place of the general password to gain access rights that are a subset of the access rights that would be granted if the general password were used instead.

Abstract: A method and system for instant personalization security are provided. The system includes a platform for a user to open applications and/or access web sites. When an application is integrated with the platform, the identification of the application can be combined with the ID of the user and encrypted into a hashed ID. The application does not have access to the user's fully identifying profile (e.g., UID or other public information). Instead, the application only has access to a pseudonymous profile (e.g., the hashed ID, first name, last initial, small profile pictures, and/or other non-fully identifying profile information) of the user. One or more options are then provided for the user to authorize or reject the application to access the user's fully identifying profile. Upon the user's authorization, an access token is provided to the application to access a subset of the user's fully identifying profile.

Abstract: The present disclosure relates to a multi-touch method, configured to a touch panel. The method comprises: applying a first object to touch a first image on the touch panel for inputting a first password; and determining whether inputting a second password, and if not, removing the first object from the touch panel for ending a first round of password input.

Abstract: Method enabling a user to verify the operation of a personal cryptographic device, comprising the following steps: a) a user (2) enters an access request in a terminal (3) (100), d) a personal cryptographic device (1) of the user (2) calculates and displays a response (105), g) the user (2) verifies the operation of the personal cryptographic device (1) by requesting the terminal (3) to display the expected response to the challenge (110), i) the terminal (3) displays the expected response to the challenge (113), j) the user (2) compares the response displayed by the personal cryptographic device with the response displayed by the terminal.

Abstract: Method of securing a digital storage device, wherein a host is connected to the storage device, the host digitally locks the storage device so that unauthorized data access to the storage device is denied, the host sets the encryption conditions of the storage device in one of a condition wherein encryption of data on the storage device is enabled, and a condition wherein encryption of data on the storage device is disabled.

Abstract: A method of accessing an internet based service, involves using a cellular telephony device to obtain a token from the provider of the internet based service, and within the cellular telephony device, using the token to calculate a time-limited password. The time-limited password is used in combination with at least one further user identification parameter to obtain access to the internet based service.

Abstract: A system and method for troubleshooting errors that occur during token requests. An identity provider generates a session ID and uses the session ID when logging events that occur during handling of the request. Multiple servers, processes, or threads may use the same session ID. The session ID may be sent with an error message to the requester. An ID of one or more servers that processed the request may also be sent to the requester. Upon receiving the error message, the requester may provide the error information to an administrator, who uses the information to retrieve associated logged events.

Abstract: A method is disclosed for adjusting a security interface display on an electronic device. The method comprises a user of an electronic device requesting a change in the display of an interface for entering security code information on the device. The device presents to the user a variety of options related to the manner in which the graphical elements of the security interface may be displayed. The user may select any one or more of the display options. The electronic device thereafter displays a security interface with graphical elements displayed according to the user's selection.

Abstract: An interactive method for authentication is based on a shared secret which is in the form of an enumerated pattern of fields on a frame of reference. An instance of the frame of reference comprises an array of characters in which the characters are arranged in a random or other irregular pattern on a grid of content fields. An authentication challenge includes characters from the character set, and is delivered in- or out-of-band. The authentication response includes the enumerated position numbers on the enumerated pattern of the field locations on the grid at which the challenge characters are found.

Abstract: A method and apparatus for setting a TV operation environment for users submitting authorizing passwords. The method of setting a user environment of a television (TV) includes displaying a plurality of icons of Identifications (IDs) for respective users, each of the IDs corresponding to an operation environment for a user. If an ID icon is selected among the displayed icons, a password corresponding to the selected ID icon is authenticated, and if a user is authenticated by the password, a preset operation mode for the user is set.

Abstract: A server apparatus includes an analyzer unit which analyzes log-in information for a server received from a client, determines an authentication scheme of the server, and extracts, from the log-in information, provisional authentication information in a form representative of variable information. The analyzer unit stores, in the storage device, information representative of the authentication scheme and the provisional authentication information as the variable information. The analyzer unit also stores, in the storage device, as the variable information, authentication information of a user for the server that is associated with representative authentication information of the user.

Abstract: In one aspect, systems and methods for three-factor authentication include receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP), encrypting the OTP, and encoding the encrypted OTP in a two-dimensional barcode. The two-dimensional barcode of the encrypted OTP is transmitted to a computing device of the user, and an image of the two-dimensional barcode of the encrypted OTP displayed on the user's computing device is captured using the user's mobile device. The two-dimensional barcode of the encrypted OTP is decoded using the user's mobile device to obtain the encrypted OTP. The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.

Abstract: A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.

Abstract: A security service determines whether to grant a user access to a resource. The service receives from the user a security term in an obscured form derived from a revealed form of the security term according to a predefined padding scheme known to the user and to the security service. The service applies the padding scheme to the received term to result in a de-padded security term and confirms that the de-padded security term matches the retrieved revealed security term. Additionally, the service confirms that the received term has not been previously employed within a predetermined frame of reference. Accordingly, if the received obscured security term is purloined and re-used within the predetermined frame of reference, the security service denies access to the resource.