Abstract: Distinctions between resources explicitly selected by a user and resources indirectly selected may be enabled by identifying an explicitly selected web page or other resource as such in the request for the web page or other resource, which may allow the web page or resource to be differentiated from web pages or other resources that are requested as a consequence of their indirect selection. Moreover, a log of web pages or other resources explicitly selected by a user may be maintained at the client and later reference by a local processor or communicated to a host process seeking to differentiate directly and indirectly selected web pages or other resources. These techniques also may allow a proxy or other server to perform processing related to parentally controlled accounts or related to accurately tracking frequently requested resources such as web pages.

Abstract: A processor-implemented method, system, and/or computer program product secures data stores. A non-contextual data object is associated with a context object to define a synthetic context-based object. The synthetic context-based object is associated with at least one specific data store in a data structure, where the specific data store contains data that is associated with data contained in the non-contextual data object and the context object. An ambiguous request is received from a user for data related to an ambiguous subject-matter. The context of the ambiguous request from the user is determined and associated with the synthetic context-based object that is associated with said a specific data store, where that specific data store contains data related to the context of a now contextual request from the user. The user is then provided access to the specific data store while blocking access to other data stores in the data structure.

Abstract: An information processing device includes: a memory having a protected area which is a data recording area in which access restriction is set; and a data processing unit that determines accessibility in response to a request for accessing the protected area from an access requesting device, wherein the data processing unit verifies a device certificate received from the access requesting device and determines accessibility to the protected area based on access control information recorded in the device certificate.

Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Abstract: A simple, customizable and intuitive virtual combination unlock method and system. More specifically, an unlock system and method is disclosed which includes a virtual combination lock, where the virtual combination lock includes several rows of user-selectable images such as pictures or icons as the virtual combination wheels. In certain embodiments, the images are accessed via the user's database. To unlock the device, the user touches and drags pre-selected images into alignment with each other. Security can be adjusted by changing the number of images that need to be aligned to unlock the device.

Abstract: A method and system of synergizing hardware, firmware, software, and useful feature(s) into a trusted, secure, and verifiable operating environment (TSVOE) that is critical for businesses and consumers that rely on information technology products and/or services. Such products provide various capabilities such as protecting the corporate infrastructure from attack, protecting the client from attack, designing a customizable operating schema, advanced validation of client authentication, establishing a clean environment within a dirty environment, etcetera. Moreover, by ensuring that operating environment security is achieved, a product can provide guarantees that modern state-of-the-art systems cannot. Finally, diversification of hardware, software, firmware, and features creates robust products.

Abstract: Authentication techniques for electronic devices can provide more seamless communication between two devices. A first device (e.g., a host device) can maintain a list of known-good devices (e.g., accessory devices) with which it can interoperate. Information identifying a second device can be added to the known-good list when the second device successfully connects to the first device and completes an authentication process. After the second device disconnects, the first device can retain the identifying information on the known-good list for a predetermined period of time, after which the information can expire. If the second device reconnects to the host before its information expires, the authentication process can be bypassed.

Abstract: A router is placed between a protected computer and devices with which the computer communicates, including peripherals and other computers. The router includes a list of authorized devices that are permitted to send data to the protected computer, against which requests to send data are checked. The router also communicates with a remote authentication service to authenticate devices requesting such permission. The authentication service may be a cloud-based identity service.

Abstract: Systems, methods, and apparatus for validating product keys. In some embodiments, a product key includes security information and identification information identifying at least one copy of a software product. The security information may include a first portion to be processed by a first validation authority using first validation information and a second portion to be processed by a second validation authority using second validation information. The second validation information may be stored separately from the first validation information and may not be accessible to the first validation authority. In some embodiments, the first validation authority randomly determines whether a product key is to be audited by the second validation authority. Alternatively, the first validation authority may determine whether to audit based on a type of the software product associated with the product key and/or a perceived level of security risk.

Abstract: A method of authorising a user in communication with a workstation is disclosed. According to the method, a system automatically determines a plurality of available user information entry devices in communication with the workstation. The system then determines predetermined user authorization methods each requiring data only from available user information entry devices. The user then selects one of the determined authorization methods for use in user authorization. Optionally, each authorization method is associated with a security level relating to user access to resources. Once the authorization method is selected, the user provides user authorization information in accordance with a determined user authorization method and registration proceeds.

Abstract: In one or more implementations, a computing device receives an indication that a device is attempting to pair with the computing device. If a user is not currently authenticated with respect to the computing device, inputs received by the device are restricted from being used by the computing device for uses other than authenticating the user.

Abstract: Inferring security decisions from trusted users, including: identifying, by a security inference module on a computing device, a candidate application to be installed on the computing device; identifying, by the security inference module, one or more trusted users; identifying, by the security inference module, trusted user installation activity associated with the candidate application; and determining, by the security inference module, whether to install the candidate application in dependence upon the trusted user installation activity associated with the candidate application.

Abstract: The present invention provides a method, system and apparatus for securely operating a computer. The method comprises: obtaining presence status of an authenticated user, the presence status indicating whether the authenticated user is present in the vicinity of the computer; and triggering security operation in response to that the presence status indicates the authenticated user is absent in the vicinity of the computer. By means of the method, current status of an authenticated user who has logged in can be easily learned, and in turn, corresponding security operation is performed; in addition, when a user is performing sensitive operation, it can be confirmed in real time whether the user is an authenticated user who previously logged in, so that security of operating the computer is improved.

Abstract: Inferring security decisions from trusted users, including: identifying, by a security inference module on a computing device, a candidate application to be installed on the computing device; identifying, by the security inference module, one or more trusted users; identifying, by the security inference module, trusted user installation activity associated with the candidate application; and determining, by the security inference module, whether to install the candidate application in dependence upon the trusted user installation activity associated with the candidate application.

Abstract: A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device.

Abstract: A computing system using a persistent, unique identifier may be used to authenticate the system that ensures software and configurations of systems are properly licensed while permitting hardware components to be replaced. The persistent, unique system identifier may be coupled to serial numbers or similar hardware identifiers of components within the computing system while permitting some of the hardware components to be deleted and changed. When components that are coupled to the persistent, unique identifier are removed or disabled, a predefined time period is provided to update the coupling of the persistent, unique identifier to alternate hardware component in the system.

Abstract: Disclosed is a method, system, and device to authenticate a product. A plurality of public parameters and a secret master key are selected. The public parameters include a hyperelliptic curve equation and a curve pairing function. A public product activation code and a private product activation code are generated based upon the public parameters and the secret master key. The public parameters and the public product activation code are stored with the product. Further, the private product activation code is associated with the product. The product is authenticated if the private product activation code entered to a client device satisfies a mathematical formula implemented with the public parameters and the public product activation code.

Abstract: A memory device is provided. The memory device includes a memory configured to store information. The memory device also includes a memory controller in communication with the memory. The memory controller is configured to encrypt the information to define a parameter and access an account on a second memory device based on the parameter to gain access to content. The content is stored in the second memory device and the memory device and the second memory device are configured to be removably coupled to a computing device.

Abstract: An information processing system includes a function unit having a plurality of functions; an execution command unit that prompts the function unit to execute one of the plurality of functions; an authentication information obtaining unit that obtains authentication information of a user; and a user authentication and function determination unit that authenticates the user based on the authentication information of the user and determines one function from the plurality of functions. The execution command unit prompts the function unit to execute the one function determined by the user authentication and function determination unit.

Abstract: The present invention discloses a verification code generation and verification method, including: displaying a verification code display region on a touch display module, where the verification code display region includes at least one user-recognizable verification code element; sensing a touch action of a user on the touch display module, and determining a position of the touch action on the touch display module; and comparing whether the position of the touch action of the user on the touch display module is the same as a position of the verification code element to determine whether a verification code is correctly input. The verification code generation and verification method in the embodiments of the present invention is convenient for the user to input a verification code for verification, and brings a good verification effect while facilitating operations. Further, the present invention discloses a verification code generation and verification apparatus.

Abstract: A lock execution method for information processing apparatus, includes performing a first authentication based on input information from a user after an application of a power source, preparing authentication information for a second authentication to be corresponded to the input information after the first authentication succeeds, performing the second authentication using the prepared authentication information, issuing a command to execute a lock operation for the information processing apparatus after the second authentication by the authentication succeeds, and invalidating at least some of content of manipulation input during a period time until the lock operation is completed after the command is issued at the issuing.

Abstract: An authentication scheme for unlocking a computing system may require a shortened password in some cases. For example, the computing system may be configured to determine a time that a user has been locked out of a computing device and to determine which of a plurality of time spans that the time falls within. The computing system may also prompt the user for a required password including a full password or a subset of the full password depending on the determined time span. The computing system may be further configured to display a visual indicator corresponding to the determined time span or a required password length on a visual display. A length of the required password for login may be progressively longer for each of the plurality of time spans as a time period that a respective time span covers increases.

Abstract: Techniques for determining whether a cellular device is suspect, i.e., perhaps serving as an activator for a device such as a bomb. One way of doing this with cellular telephones that are in the idle state is to use a baiting beacon to bait and automatically call all the cellular telephones in an area that are in the idle state. If the call to a given cellular telephone is not answered by a human voice, the cellular telephone is suspect. Another way of doing this with cellular telephones that are in the traffic state is to use surgical analysis to examine the DTX pattern for the telephone. If it indicates persistent silence, the cellular telephone is suspect. The surgical analysis may also be used to trace the DTX pattern back to another telephone that is controlling the suspect cellular device.

Abstract: In an input/output virtualization-enabled computing environment, a device, method, and system for securely handling virtual function driver communications with a physical function driver of a computing device includes maintaining communication profiles for virtual function drivers and applying the communication profiles to communications from the virtual function drivers to the physical function driver, to determine whether the communications present a security and/or performance condition. The device, method and system may disable a virtual function driver if a security and/or performance condition is detected.

Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.

Abstract: A method for authorizing a program sequence provides, despite centralization and the associated high latency and optionally faulty communication, an undisturbed program sequence accompanied by protection of base functionalities. Data of the program sequence may be maintained in various provided states, and at least one instruction of the program sequence which accesses the data is maintained in different, functionally equivalent implementations. The set of the state indices of the provided states and the multiset form a directed acyclic (multi)graph, wherein the provided states form the nodes, and the implementations of the instruction form the edges and/or multiple edges, of the graph.

Abstract: One embodiment provides an information processing apparatus equipped with a housing having a first surface and a second surface opposite thereto and with a touch screen provided on the first surface of the housing. The information processing apparatus has a first operation receiver and an authentication processor. The first operation receiver is provided on the second surface of the housing. And, the authentication processor performs an authentication process based on operation of the first operation receiver.

Abstract: A security channel interface providing device is provided. The device includes a sensor unit that comprises at least two sensors configured to sense a motion of a user, and a control unit that determines whether or not at least two sensing values sensed by the sensors satisfy a security channel interface activation condition, and activates or inactivates a security channel interface according to a result of the determination. When the security channel interface is activated, the control unit provides a security channel to the user.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting an item has been transferred from a first user to a second user; and presenting, via the computing device, one or more highlighted portions of the item, the one or more highlighted portions being highlighted in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Systems and methods for partitioning memory into multiple secure and open regions are provided. The systems enable the security level of a given region to be determined without an increase in the time needed to determine the security level. Also, systems and methods for identifying secure access violations are disclosed. A secure trap module is provided for master devices in a system-on-chip. The secure trap module generates an interrupt when an access request for a transaction generates a security error.

Abstract: A user authentication apparatus safely uses resources by forming a communication channel between a plurality of execution environments through user authentication in a portable terminal providing the plurality of execution environments based on a virtualization solution, and prevents private information from being illegally leaked by hacking by not directly exposing a PIN number or a password a user inputs using a virtual keyboard and a keyboard coordinate when authenticating the user.

Abstract: A system and method for processor-based security is provided, for on-chip security and trusted computing services for software applications. A processor is provided having a processor core, a cache memory, a plurality of registers for storing at least one hash value and at least one encryption key, a memory interface, and at least one on-chip instruction for creating a secure memory area in a memory external to the processor, and a hypervisor program executed by the processor. The hypervisor program instructs the processor to execute the at least one on-chip instruction to create a secure memory area for a software area for a software module, and the processor encrypts data written to, and decrypts data read from, the external memory using the at least one encryption key and the verifying data read from the external memory using the at least one hash value. Secure module interactions are provided, as well as the generation of a power-on key which can be used to protect memory in the event of a re-boot event.

Abstract: The invention provides a method and system for presenting information in a web document using a program applet to restrict further copying or redistribution. The web document includes a first region in which a graphical element or other information is displayed, and a second region covering the first region in which a program applet is invoked by a server for the web document. The program applet is dynamically created upon access, and assigned a serial number. The program applet contacts the server for permission to display the graphical element or other information; thus, the server can control, by granting or denying permission, when and if the program applet displays the graphical or other information.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting one or more portions of one or more items and that was in possession of a first user has been transferred from the first user to a second user; and marking, in response to said determining, the one or more portions of the one or more items to facilitate the computing device in returning to the one or more portions upon the computing device being at least transferred back to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Systems, devices, and techniques for providing shortcuts to applications of a computing device are described. In one example, a method includes outputting, for display at a screen, a plurality of input nodes while the computing device is in a locked state and receiving an indication of a selection of a set of the plurality of input nodes in a defined order. The method may also include determining that the selection matches a predetermined selection order of the input nodes, the predetermined selection order being associated with the computing device. The method may also include, responsive to the determining, outputting, for display in place of at least one of the plurality of input nodes at the screen, an icon representative of an operation executable by the computing device, receiving an indication of a selection of the icon, and responsive to receiving the indication, executing the operation.

Abstract: Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device.

Abstract: End-to-end authentication capability based on public-key certificates is combined with the Session Initiation Protocol (SIP) to allow a SIP node that receives a SIP request message to authenticate the sender of request. The SIP request message is sent with a digital signature generated with a private key of the sender and may include a certificate of the sender. The SIP request message my also be encrypted with a public key of the recipient. After receiving the SIP request, the receiving SIP node obtains a certificate of the sender and authenticates the sender based on the digital signature. The digital signature may be included in an Authorization header of the SIP request, or in a multipart message body constructed according to the S/MIME standard.

Abstract: A method for imputing different usernames and passwords using an input device with a display to use different protected assets that requires the inputting of a preselected username into a username enter box and the inputting of a preselected password into a password entry box immediately prior to use. The method includes the steps of designating two or more username keys on said input device, each said username key being assigned with a unique letter or number located on said input device and to a unique username made of a plurality of alpha-number characters, designating two or more password keys on the input device each being assigned with a letter or number located on said input device and to a unique password made of a plurality of alpha-number characters. Next the protected asset is then accessed and the username key and keyword key assigned to the asset is imputed.

Abstract: In one embodiment, the present invention includes a system on a chip (SoC) that has a first agent with an intellectual property (IP) logic, an interface to a fabric including a target interface, a master interface and a sideband interface, and an access control plug-in unit to handle access control policy for the first agent with respect to incoming and outgoing transactions. This access control plug-in unit can be incorporated into the SoC at integration time and without any modification to the IP logic. Other embodiments are described and claimed.

Abstract: A method for authenticating a computing device or hardware component includes computer-implemented process steps for assigning a unique identifier to the hardware component, generating a baseline fingerprint for the hardware component using algorithm-processing characteristic configuration data determined from the hardware component as input, wherein the baseline fingerprint is capable of being regenerated from the hardware component so long as configuration of the hardware component is not changed, transmitting the identifier in association with the baseline fingerprint for storage in a computer-readable data structure, and generating a data signal, in response to a query comprising the assigned identifier, indicating whether the stored baseline fingerprint for the assigned identifier matches a second fingerprint regenerated from the hardware component at a time after the baseline fingerprint is generated.

Abstract: A system and a method are disclosed for a computer implemented method to unlock a mobile computing device and access applications (including services) on a mobile computing device through a launcher. The configuration includes mapping one or more applications with a guest access code. The configuration receives, through a display screen of a mobile computing device, an access code, and determines whether the received access code corresponds with the guest access code. The configuration identifies the mapped applications corresponding to the guest access code and provides for display, on a screen of the mobile computing device, the identified applications.

Abstract: Various embodiments disclosed herein are directed to gaming devices having a secured basic input/output system (BIOS) and methods for determining the validity of the gaming device's BIOS. According to one embodiment, the gaming device includes a secured module for authenticating the BIOS of the gaming device. During the boot-up process, the secured module issues a challenge to the BIOS. The BIOS generates a response to the challenge, and the secured module determines whether the BIOS response matches the calculated response of the secured module. If the BIOS response matches the secured module response, the gaming device continues the boot process. Otherwise, the boot process is halted by the gaming device.

Abstract: Methods and systems to authenticate and load a plurality of boot logic modules in corresponding access protected memory regions of memory, and to maintain the access protections in run-time environments. Access protection may be implemented with access control list (ACL) policies expressed in terms of page boundaries to distinguish between read, write, and execute access requests.

Abstract: A computationally implemented method includes, but is not limited to: determining which of a plurality of users detected in proximate vicinity of a computing device has primary control of the computing device, the computing device designed for presenting one or more items; ascertaining one or more particular formats for formatting the one or more items based, at least in part, on said determining; and presenting, via the computing device, the one or more items in the one or more particular formats. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Methods, apparatuses and storage medium associated with securely provisioning a digital content protection scheme are disclosed. In various embodiments, a method may include forming a trust relationship between a media application within an application execution environment of a device and a security controller of the device. The application execution environment may include an operating system, and the operating system may control resources within the application execution environment. Additionally, the security controller may be outside the application execution environment, enabling components of the security controller to be secured from components of the operating system. Further, the method may include the security controller in enabling a digital content protection scheme for the media application to provide digital content to a digital content protection enabled transmitter within the application execution environment for provision to a digital content protection enabled receiver.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting an item has been transferred from a first user to a second user; and presenting, via the computing device, one or more highlighted portions of the item, the one or more highlighted portions being highlighted in response, at least in part, to said determining. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.

Abstract: Particular embodiments of a computing device associated with a user may detect an event using a sensor of the computing device. The event may be a lock-triggering event or an unlock-triggering event. The computing device may assess a state of the device. The computing device may also access further information associated with the user. The computing device may also monitor activity on the computing device to detect further events if such further monitoring is warranted. Based on the gathered information, the computing device may update a lock status of the device to lock or unlock access interfaces of the computing device, functionality of the computing device, or content accessible from the computing device. If the event comprised the computing device detecting an attempt by a third party to use the device, the device may attempt to identify the third party to determine if they are authorized to use the device.

Abstract: An image processing apparatus includes a request determining unit receiving an operation event indicating a request to use an image processing function and determining whether the request is from a guest user based on the received operation event; a guest login processing unit generating guest login information including a guest user identifier and access right information of the guest user if the request is from the guest user and sending a login request to request a login process for the guest user based on the guest login information; an access control unit disabling access control on the image processing function in response to the login request based on the access right information in the guest login information; and a usage history recording unit recording a usage history of the image processing function in association with the guest user based on the guest user identifier in the guest login information.

Abstract: Methods and systems for dynamically bundling portions into secured destination files are provided. Example embodiments provide a Dynamic Digital Rights Bundling System (“DDRBS”), which dynamically bundles a set of portions each variously containing digital rights management components, user interface controls, and content, into a secured destination file in response to a designated content request. In one embodiment, the DDRBS comprises a bundling engine, a translation engine, a merging engine, and an assortment of data repositories. These components cooperate to dynamically assemble and provide customized secured destination files comprising the requested content together with specialized user interface and digital rights management controls. This abstract is provided to comply with rules requiring an abstract, and it is submitted with the intention that it will not be used to interpret or limit the scope or meaning of the claims.