Abstract: Disclosed embodiments relate to systems and methods for identifying computing processes on automation servers and authorizing computing processes to grant access to secure resources. Techniques include receiving an access request, obtaining process data, identifying a cryptographic key, generating a digital signature, sending the digital signature, and receiving authorization data from a security server. Further techniques include receiving process data, receiving a digital signature, accessing a cryptographic key, validating the signature with the key, verifying the process, and transmitting authorization data to an automation server to complete an authentication process.

Abstract: Disclosed are examples of searching for content associated with multiple applications. In various examples, a first application can obtain a search query and maintain a list of applications available to provide content. The first application can send a request to a second application identified in the list, the request including a key that indicates the first application is authorized to request the second application to search for content. The first application can obtain a search result from the second application based on the request and present the search result in a user interface in the first application.

Abstract: This disclosure relates to anonymous transactions based on ring signatures. In one aspect, a method includes receiving a remittance transaction. The remittance transaction is generated by a client device of a remitter by assembling unspent assets in an account corresponding to the remitter and masked assets in an account corresponding to a masked participant. Key images are obtained from a linkable spontaneous anonymous group (LSAG) signature of the remittance transaction. Values of the key-images are based on a private key, a public key, and unspent assets of the remitter. The LSAG signature is verified. The LSAG signature is generated by the client device of the remitter based on the private key and the public key of the remitter, and a second public key of the masked participant. The remittance transaction is executed when a transaction execution condition is met.

Abstract: Computer-implemented methods for privacy attribute based credentials include issuing a privacy-preserving attribute-based credential, which is signed with a private key and has a unique credential handle; updating an accumulator in a tamperproof log to incorporate the credential handle; and facilitating providing access to a service in response to a zero-knowledge proof that the accumulator contains the credential handle. The methods also include generating revocation conditions and initial revocation information; submitting the initial revocation information and the revocation conditions to the tamperproof log; revoking a credential by adding a credential handle of the credential to the initial revocation information; and submitting the updated revocation information to the tamperproof log. Further, the methods include writing to the tamperproof log an audit token that contains an encrypted credential handle, which is encrypted by an auditor's public key that is published on the tamperproof log.

Abstract: A technique for use by a first system of computers sharing a common IP address, the technique including the following operations: (i) transferring a first software bundle of files to a public repository (PR); (ii) requesting a current version of the first file list from the PR; (iii) receiving the current version of the first file list from the PR; (iv) generating a current version file list file (CVFLF) based on the current version of the first file list; and (v) storing the CVFLF at a first storage location from which the CVFLF can be downloaded.

Abstract: Technical solutions are described for securing data by a communication apparatus. An example computer-implemented method includes receiving, by an encryption engine, a request to apply cryptography to input data. The computer-implemented method also includes generating metadata for the input data, where the metadata identifies characteristics of content included in the input data. The method further includes applying a cryptographic technique to the input data to generate output data, and outputting the output data and metadata in response to the request.

Abstract: This application describes systems and methods for using a physical unclonable function (PUF) to authenticate a device, which may include circuitry for generating PUF values that may uniquely identify the device. According to one aspect, the device may provide enrollment PUF values to an authentication device. The device may later be authenticated if PUF values generated by the device are within a threshold distance of the enrollment PUF values. Since the PUF values are compared using a distance, it may not necessary to apply an error correcting code to the PUF values. The enrollment values and/or the calculated distance may be adjusted to compensate for time variations in the PUF values due to circuit aging. Systems and methods are also described herein for authenticating the device without revealing new PUF values to any second party, for example using a cryptographic technique known as a garbled circuit.

Abstract: In one embodiment, an apparatus includes: a bioimpedance sensor to generate bioimpedance information based on bioimpedance sample information from at least some of a plurality of electrodes to be adapted about a portion of a person; at least one biometric sensor to generate biometric information based on biometric sample information from at least some of the plurality of electrodes; at least one environmental sensor to generate environmental context data; and an integration circuit to receive the bioimpedance information, the biometric information and the environmental context data and to adjust the bioimpedance information based at least in part on a value of one or more of the biometric information and the environmental context data. Other embodiments are described and claimed.

Abstract: Device, system, and method of accessing electronic mail. For example, a computerized method includes: receiving an identifier of an email account, and a password; if the password matches a first reference password previously stored in association with said email account, then authorizing a substantially full access to said email account; if the password matches a second reference password previously stored in association with said email account, then authorizing a restricted access to said email account.

Abstract: A disclosed managing apparatus and image forming apparatus management system ensure confidentiality of information in an image forming apparatus while usability is maintained. An image forming apparatus acquires IC card identifying information with an IC card reader. A management server acquires a user ID associated with the acquired IC card identifying information and use limit information concerning use of the image forming apparatus. A process is performed in the image forming apparatus in accordance with the use limit information.

Abstract: A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.

Abstract: Various embodiments are directed to securely generating and managing passwords using a near-field communication (NFC) enabled contactless smart card. For example, a secure password may be generated by generating a random number via a random number generator of the contactless smart card and converting the random number to one or more human-readable characters. In another example, a secure cryptographic hash function of the contactless smart card may generate a hash output value, which may be converted to one or more human-readable characters. The human-readable characters may be used as the secure password or it may be transformed to add more layers of security and complexity.

Abstract: Provided are a client system authentication method, a client device, and an authentication server. The client system authentication method includes acquiring a shared key to be shared between a client system and an authentication server in cooperation with the authentication server, generating a virtual address of the client system using identification information of the client system and the shared key, transmitting registration request information including the virtual address to the authentication server, and receiving an authentication key for the client system from the authentication server.

Abstract: Disclosed is an electronic document, a body of which includes an inlay, a part of which forms a spotface of a cavity, and which includes a connection land formed on the part forming the spotface, and a module of which includes an electrical circuit that includes both a first subcircuit configured to electrically connect a port of a chip to the connection land and a second subcircuit configured to electrically connect the connection land to an external electrical contact land of a carrier of the module.

Abstract: A communication device may receive a specific signal from a first external device; after the specific signal has been received from the first external device, cause an output unit of the communication device to output specific information obtained by using a public key; after the specific information has been outputted, receive an authentication request in which the public key is used from the first external device; in a case where the authentication request is received from the first external device, send an authentication response to the first external device; after the authentication response has been sent to the first external device, receive connection information from the first external device; and in a case where the connection information is received from the first external device, establish, by using the connection information, a wireless connection between the communication device and a second external device.

Abstract: In accordance with one embodiment, an access control system is disclosed. The access control system comprises an access control panel including a touchable surface, a multi-dimensional touch sensor under the touchable surface, and a processor coupled to the multi-dimensional touch sensor. The multi-dimensional touch sensor captures a multi-dimensional motion signal including a micro-motion signal component representing neuro-mechanical micro-motions of a user touching the multi-dimensional touch sensor. The processor performs signal processing of the multi-dimensional motion signal to obtain the micro-motion signal component; and extracts unique values of predetermined features from the micro-motion signal component to form a neuro-fingerprint (NFP) that uniquely identifies the user. The NFP can be used as a gatekeeper to control entry into homes, offices, buildings, or other real properly typically protected by access control.

Abstract: A scalable configurable universal full spectrum cyberspace identity verification test for determining whether or not one specific tested person if the same person as one specific known person.

Abstract: A method of operating a security token to authenticate a user in a multi-factor authentication system is disclosed. The method includes: monitoring user custody of the token, the token having an identifying characteristic representing a possession factor for use through possession factor authentication; during a period of continuous user custody of the token based on the monitoring, obtaining a knowledge factor from a user having the continuous user custody; caching the knowledge factor in a memory of the token; and in response to a second authentication request, retrieving the knowledge factor from the memory to demonstrate to an authentication system knowledge of the knowledge factor, during the period of continuous user custody.

Abstract: An information processing apparatus includes: a non-volatile memory; and a hardware processor that controls the non-volatile memory, wherein the hardware processor determines whether communication speed of a communication path to the non-volatile memory is equal to or less than a threshold value and encrypts the data transmitted to the non-volatile memory when the communication speed is determined to be equal to or less than the threshold value.

Abstract: One example method of operation may include receiving a request, from an entity, for one or more tokens based on one or more attributes, encrypting and masking the one or more attributes, adding the encrypted and masked one or more attributes to the one or more tokens, and transmitting the one or more tokens to the entity.

Abstract: The present invention relates to a method for distributing digital keys. The method includes the steps of a first database storing a plurality of keys relating to a plurality of products; for each product, transferring keys from the first database to a corresponding cache in a second database; in response to a request for a key for a product, retrieving and distributing a key from the corresponding cache; and refreshing the corresponding cache by transferring further keys from the first database to the corresponding cache. A system for distributing digital keys is also disclosed.

Abstract: Described herein is a system and universal access control device that may be installed in proximity to, or within, an access control system to enable a user to use a user device to gain access to a secure area or resource. In some embodiments, a user may submit a request for access to a remote server and may be provided with an access token. The user may relay the received access token to the universal access device via a wireless transmission means on his or her user device. The universal access device may verify the authenticity of the access token by relaying the access token information to the remote server. Once the access token has been authenticated, the universal access control device may retrieve a credential stored in memory and provide that credential to the access control system to enable the user to gain entry to a secure area.

Abstract: A system, method and one or more wireless earpieces for authenticating functionality of one or more wireless earpieces. A request that requires authentication is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether the user is authorized for the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric readings performed by the one or more wireless earpieces authorize fulfillment of the request.

Abstract: Techniques for automatically generating an integrity check hash value for a content asset served by a third-party server when the content asset is added to a template in a user interface. The techniques include displaying, by the user interface, a visual layout of web content, the UI configured to receive modifications to a component of the web content. The component comprising a template for generating hypertext markup language (HTML) embodying the component. The techniques further include receiving a modification to the component of the web content, wherein the modification includes instructions to include a content asset in the component of the web content and detecting that the content asset is hosted on a third-party server. Additionally, the techniques include generating HTML for the web content, the HTML including an integrity hash value for the content asset based on the template.

Abstract: A portable electronic device, a wearable device and methods for operating the same are provided. The portable electronic device includes a display; a communication interface configured to communicate with a wearable device using wireless short-range communication; a processor; and a memory storing instructions, which when executed by the processor, cause the portable electronic device to establish, via the communication interface, a connection between the portable electronic device and the wearable device, identify a security status of the connected wearable device, limit access to at least one predefined setting item among a plurality of setting items and control the display to display an indication of the identified security status if the identified security status corresponds to a lock status, wherein the at least one predefined setting item relates to a passcode, and allow access to the at least one predefined setting item if the identified security status corresponds to an unlock status.

Abstract: An agent inserts one or more hooks into a sub-execution runtime environment that is configured to include a script and/or targeted to include the script. The agent including the one or more hooks monitors a behavior of the sub-execution runtime environment and/or the script. The agent subsequently obtains context information regarding the sub-execution runtime environment and/or the script so that it can control the runtime of at least the sub-execution runtime environment. Related systems, methods, and articles of manufacture are also disclosed.

Abstract: Systems and techniques are provided for restricted accounts on a mobile platform. A request to create a restricted account may be received. The restricted account may be a user account with a restriction. Credentials for the restricted account may be received. A restriction for the restricted account may be received. The restriction may include an access restriction or a lifetime restriction. An access restriction may prevent an application from accessing the restricted account and a lifetime restriction may limit the lifetime of the restricted account. The restricted account may be stored with the credentials and the restriction. A request may be received for a list of user accounts from an application. The restricted account may be determined to include an access restriction that prevents the application from accessing the restricted account. The list of user accounts may be sent to the application and without an identifier for the restricted account.

Abstract: A method providing use of an application may include providing a session for a user of the application, wherein the session is provided based on a credential for the user. While providing the session, image data for the session may be obtained, and responsive to the image data for the session, authentication may be performed based on a determination whether the image data for the session includes a facial image that matches the user credential. Responsive to success of the authentication based on the image data for the session, the session for the user of the application may continue to be provided. Related devices and computer program products are also discussed.

Abstract: An embedded modem for an unattended host device that provides improved cellular communications capabilities to the unattended host device. The embedded modem detects the occurrence of a signal effectiveness event reflective of the reliability of a cellular communication session, and upon detecting the occurrence of a signal effectiveness event, issues commands to improve the reliability of the cellular communications. The signal effectiveness event data can be communicated by the embedded modem on channel that is different from a channel provided for the host device to communicate its own data with an associated remote computer system.

Abstract: Trusted, privacy-protected systems and method are disclosed for processing, handling, and performing tests on human genomic and other information. According to some embodiments, a system is disclosed that is a cloud-based system for the trusted storage and analysis of genetic and other information. Some embodiments of the system may include or support some or all of authenticated and certified data sources; authenticated and certified diagnostic tests; and policy-based access to data.

Abstract: Example implementations relate to configuration based operation modes. In some examples, a mobile computing device may include an integrated physical keyboard and an integrated display. The mobile computing device may include a memory resource comprising executable instructions to determine a configuration of the mobile computing device. The mobile computing device may include a memory resource comprising executable instructions to disable the integrated display and enable an operation mode permitting utilization of the physical keyboard with a non-integrated display based on the configuration.

Abstract: A key fob includes: communicator(s), a battery, memory, and processor(s) configured to: find signal strengths of received polls; determine, based on the signal strengths, that the received polls have: (a) increased, (b) decreased, (c) leveled off; and if (a), issue a poll response; if (c), not issue the poll response.

Abstract: A method for optimizing and preventing failure of Sender Policy Framework (SPF) lookups by dynamically generating and returning flattened SPF records, recorded on computer-readable medium and capable of execution by a computer, the method comprising the steps of: requesting a regular SPF Record; receiving a SPF Record that includes an entry that points to a Proxy Server; the SPF Proxy server looking up a canonical SPF record optionally containing many included domains; and the SPF Proxy server flattening the canonical record into IP addresses and optionally sub records depending on the length of the flattened response.

Abstract: A technique for secure network storage includes generating, by a trusted execution environment in a first device, an encryption key and a certificate for a document, wherein the certificate comprises expiry information for the document and the encryption key, encrypting, by a general execution environment in the first device, the document with the encryption key, transmitting the encryption key to a remote key manager, and transmitting the document to a remote network storage device, wherein a second device is allowed to decrypt the document based on the expiry information.

Abstract: Continuous sensitive content authentication is described. In one example, a request to open content, such as a photograph, spreadsheet, or text-based document, among other types of content, is received. Based on a sensitivity level or access profile rule associated with the content, an individual can be prompted to perform an authentication procedure before the content is displayed. The content can be displayed in response to a verification using the authentication procedure or removed (or not displayed) in response to a rejection using the authentication procedure. Additionally, the authentication procedure can be continuously polled to confirm the verification while the content is displayed. While the content is being displayed, the content can be removed from display at any time if the authentication procedure no longer produces the verification result. In some cases, the content can also be deleted after a rejection is detected using the authentication procedure.

Abstract: In accordance with an embodiment, described herein is a system and method for use with a digital media content environment, such as a music streaming service, for providing real-time media consumption data. As users interact with the digital media content environment using media devices, usage data that describes the characteristics of media content being streamed for playing by the media devices, is collected by a counter processor, and associated with buckets indicative of periods of time within a plurality of time windows. The usage data associated with each time window can be processed, for example to generate real-time rankings, or other type of media consumption data, for use by a reporting server. The real-time media consumption data which is reported can be used, for example, by artists, managers, media content publishers, or other type of content providers, to evaluate fast-changing media consumption trends.

Abstract: In an example of a system and method for time-based local authentication, an Information Handling System (IHS) may include a processor and a memory coupled to the processor. The memory may have program instructions stored thereon that, upon execution, cause the IHS to generate a first time token and to transmit the first time token to a secondary IHS via a local network, where the secondary IHS is configured to generate a second time token and to transmit the second time token to the IHS via the local network. The IHS may receive the second time token from the secondary IHS and it may determine whether the first time token matches the second time token. In response to the first time token matching the second time token, the IHS may receive access to a protected resource.

Abstract: Disclosed is a file security method for reinforcing file security, which includes: by a first communication device, detecting an access to a file stored in a virtual drive; by the first communication device, requesting a decryption key of the file to a second communication device and receiving the decryption key; and by the first communication device, decrypting the access-detected file by using the decryption key.

Abstract: Present invention provides a method, system and application for providing authentication of a mobile device user, based on the measurement of electromagnetic fields modified by a pre-established movement of a specific magnetic token associated to the user. This univocal process will be able to obtain new authentication factors, including something that the user owns (i.e., the token), something that the user knows (i.e., the interaction between the token and the device), and somewhere that the user is (i.e., where the interaction takes place).

Abstract: Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.

Abstract: Aspects of the embodiments include performing, by a personal computing device, a secure handshake with a secure server accessible through an identity provider to log into the secure server. A temporary identity (TID) token can be received at the personal computing device a from an identity provider system over a telecommunications network. The TID token can be encrypted using a cryptographic key stored in a hardware storage element of the personal computing device. The encrypted TID token can be transmitted to a connected wearable device across a Bluetooth connection or other connection protocol. When a user wishes to log into a network location accessible through the identity provider, the wearable device can provide the encrypted TID token to the computing device. The personal computing device can decrypt the encrypted TID token and use the decrypted TID to access the network location.

Abstract: A method and apparatus that securely obtains services in response to a request for a service while concealing personally identifiable information (PII) includes a software package having a user identification (ID) and network protection module that runs on a third party system and an anonymizer module that runs on a user system. The user system sends the request for the service via an API that invokes the user ID and network protection module to validate the request. In response to receiving validation, the anonymizer module modifies the request for the service to conceal at least part of the PII and sends the modified request to the service provider. In one embodiment, the third party system may be an application program configured to run on the user system. Thus, no PII or data to identify the unique individual is transmitted to the service provider.

Abstract: A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

Abstract: An identification, authentication and authorization method in a laboratory system is presented. The system comprises at least one laboratory device. The method comprises receiving identification data identifying a user; receiving identity confirmation data to authenticate the user; and generating authentication data upon successful authentication of the user. The authentication data is configured to enable authentication of the user based on only the identification data during a validity time period without repeated receipt of the identity confirmation data. The method further comprises receiving the identification data by an identification unit; validating the authentication data corresponding to the identification data comprising the step of verifying non-expiry of the validity time period; and granting authorization to the user for the laboratory device upon successful validation of the authentication data.

Abstract: A management system includes a reception unit configured to receive identification information for identifying an account, allocated by an authentication apparatus, corresponding to a terminal, the terminal being authenticated by the authentication apparatus, and a management unit configured to determine whether a function provided by the management system can be used by the terminal based on the identification information received by the reception unit.

Abstract: There is provided, in accordance with some embodiments, a method comprising using one or more hardware processors for receiving a behavioral biometric model that characterizes a human user according to pointing device data of the human user, where the pointing device data comprises screen coordinate and time stamp pairs. The method comprises an action of monitoring an input data stream from a pointing device in real time, wherein the input data stream covers two or more spatial regions of a display screen, and an action of segregating the input data stream into one or more subset streams that is restricted to one of the plurality of spatial regions. The method comprises an action of computing a similarity score based on one or more comparisons of the behavioral biometric model and the one or more subset streams, and an action of sending the similarity score to a user authorization system.

Abstract: A system that includes a threat management server configured to store a device log identifying device information for endpoint devices that have passed authentication. The threat management server is configured to identify an endpoint device from the device log file and to identify a switch connected the endpoint device. The threat management server is further configured to send a device information request to the switch requesting device information for the endpoint device. The threat management server is configured to compare the received information to the information in the device log file. The threat management server is configured to block the endpoint device from accessing a communications network in response to determining the received device information does not match the information in the device log file.

Abstract: A Pushlet IM method for pushing a message from a first client device to a second client device includes the steps of: providing a Java-based web service; receiving a message from the first client device, the message including information of a recipient entity; verifying identity of a sender entity who intends to send the message to the recipient entity using the first client device; and creating a thread according to the information of the recipient entity for pushing the message to the second client device that is associated with the recipient entity.

Abstract: An unlocking control method is applied in a wearable device and a lockable electronic device. The wearable device communicates with the electronic device and can be bound to it. The wearable device can produce an unlocking setting instruction to set an unlocking mode of the electronic device, and can send the unlocking setting instruction to the bound electronic device. The wearable device can set the unlocking mode of the electronic device and produce an unlocking control instruction, sending the unlocking control instruction to the electronic device. The electronic device receives the unlocking control instruction, and is controlled to unlock itself according to the received unlocking control instruction and the unlocking mode of the electronic device.

Abstract: Disclosed is a method and apparatus for preventing cross-site request forgery. The recommendation method comprises storing a first environment fingerprint associated with a client, wherein the first environment fingerprint uniquely identifies the client based on local terminal information associated with the client; receiving an access request message from the client, the access request message including at least one operation and a second environment fingerprint generated by the client; determining whether the second environment fingerprint matches the first environmental fingerprint; rejecting the access request message if it is determined that the second environment fingerprint does not match the first environment fingerprint; and executing the operation included with the access request message if it is determined that the second environment fingerprint matches the first environment fingerprint.