Abstract: An image processing apparatus capable of managing easily secret information even with detachably attaching an external memorizing device, includes an ID (plug and play ID) retrieving unit for retrieving ID from the connected memory, a user information storing unit for storing user information, an active memory information storing unit for storing the retrieved ID with corresponding to the respective users, a memory use judging unit for judging as to whether the memory is usable based on the ID retrieved from the connected memory and on the ID stored in the active memory information storing unit, and a data writing controlling unit for writing data to the memory judged as usable.

Abstract: A distributed networked physical security access control system for controlling a plurality of security access devices includes access server appliances in communication with a primary network. At least one access server appliance includes an appliance management module accessible through a web browser in communication with the primary network. The appliance management module configures the access server appliances to a user specified security configuration. The access server appliances are in peer-to-peer communication on the primary network to bridge the access server appliances for providing consistency in each of the access server appliances.

Abstract: The invention relates to a method of securing a changing scene composed of at least one element and intended to be played back on a terminal. According to the invention, such a method comprises the following steps: creation (10) of at least one security rule, defining at least one authorization to modify said scene and/or at least one element of said scene and/or an authorization to execute at least one command in a context of playing back said scene on said terminal; allocation (10) of a security policy, comprising at least one of said security rules, to said scene and/or to at least one of said elements of said scene.

Abstract: Architecture for natively authenticating a client application to a web server via HTTP authentication. The Web Services Architecture, and more specifically, Web Services Security, is leveraged to enable legacy applications to access web services transparently to the existing legacy applications. A security support provider (SSP) is created that employs WS-* protocol to at least emulate ws-trust and ws-mex thereby enabling policy exchange via an HTTP protocol stack. Policy can be exchanged via a WWW-Authenticate header enabling legacy applications to use the WS-* family of protocols without modifying the client application. The WS-* protocols are abstracted into a generic programming interface for native client application use.

Abstract: An information processing apparatus displays, on a display device, personal information including person-identifying information based on which a person can be identified and non-person-identifying information based on which a person cannot be identified. First, the information processing apparatus determines whether or not authentication of a user has succeeded based on an input by the user and authentication information stored in storage means of the information processing apparatus. Then, the information processing apparatus prohibits display of the person-identifying information of the personal information stored in the storage means when it is determined that authentication has failed.

Abstract: An information handling system includes a host mapped general purpose input output (GPIO), a shared memory, a board management controller, and a cryptography engine. The host mapped GPIO includes a plurality of registers. The board management controller is in communication with the host mapped GPIO and with the shared memory, and is configured to control accessibility to the plurality of registers in the GPIO, and to control write accessibility of the shared memory based on a private key received from a basic input output system requesting accessibility to the plurality of registers and write accessibility of the shared memory. The cryptography engine is in communication with the board memory controller, and is configured to authenticate the private key received from the board management controller.

Abstract: The authenticity of a website is determined using a unique string of characters known only to the user and the website on each page of the website that is displayed to the user, with a false site being incapable of displaying this unique string of characters, thereby putting the user on notice that the current site is not the authentic one the user desires to access. Voice methods for conveying one-time pass codes to users and for permitting customer institutions to select authentication rules are also disclosed.

Abstract: An information processing apparatus includes an allowable output amount storage unit that stores allowable output amounts of respective combinations of a user and a predetermined totalization period; a total output amount recording unit that records total output amounts of the respective combinations of a user and a predetermined totalization period; and a processing unit that receives, from a user, an instruction that designates image forming information and an instruction to perform image formation on the basis of the designated image forming information, and performs image-formation-related processing for the designated image forming information if a value obtained by adding together an output amount of the image-formation-instructed image forming information, a sum of total output amounts of the user, and a sum of output amounts of pieces of particular image forming information specified by the user is smaller than or equal to an allowable output amount of the user.

Abstract: A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. The modified overlay image comprises a plurality of numbers. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response to the base image reference point on the modified base image being aligned, in sequence, with two or more numbers from the overlay image that equal a pre-selected algebraic result when one or more algebraic operator is apply to the numbers.

Abstract: The APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM (“SRAP PLATFORM”) provides a secure supporting infrastructure within a corporate network framework and applications based thereon for use and placement of corporate resources. A non-trusted device may be authorized to access and use corporate resources, and the corporate network server may manage the placement of resources via the SRAP PLATFORM.

Abstract: A method, system, and computer usable program product for avoiding redundant printing are provided in the illustrative embodiments. An application executing in a data processing system receives a request to print a document. A determination is made whether a valid shared print of the document is available, the valid shared print being a hard-copy of the document that is currently within a validity period and is available for sharing among multiple entities. The shared valid print is requested from a current owner of the shared valid print. If the request is successful, possession of the shared valid print is changed in a prints repository from the current owner to a new owner and a new printing of the document according to the request to print the document is suspended.

Abstract: An access request authentication method, an authorization information generation method, an access request authentication system, and a hardware device. The access request authentication method includes: obtaining the current clock information; receiving a first access request, where the first access request includes a first input code; and determining whether to authorize the first access request based on the current clock information and the first input code.

Abstract: Systems, methods, and computer program products are provided for user authentication required for conducting online financial institution transactions. The disclosed embodiments leverage the capabilities of platforms other than conventional personal computers and laptops, such as gaming consoles and wireless devices. Unique intrinsic user activities, such as controller motions or activities, built-in hardware signatures or other input data are used as the authentication mechanism, so as to provide a higher degree of security in the overall authentication process by lessening the likelihood of password replication or interception during network communication.

Abstract: A device for maintaining an address translation table, placed in series between a user terminal and a third-party entity of a telecommunications network, is disclosed. The device is adapted to verify the existence in the address translation table of an entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity and, if there is no entry specific to the exchange of application signaling messages using said protocol between the terminal and the third-party entity, to create a specific entry in the address translation table associating with a private address and a private port of the terminal in a private network connecting it to said device a public address and a public port of the terminal in the telecommunications network and an indication of the validity of the entry, this validity indication taking into account the first reception time.

Abstract: A system for authentication comprises a mobile unit and a smart card reader. The mobile unit includes a security application that prevents access to functionalities and data stored thereon and further includes an authentication application that securely stores an authentication token. The smart card reader communicatively connects to a smart card. The smart card includes authentication data. The authentication application transmits the authentication token to the smart card reader to verify the smart card. The authentication application shares the authentication token with the security application when the verification is successful. The authentication token indicates to the security application to grant access to the functionalities and the data.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for storing a password recovery secret on a peripheral such as a power adapter by receiving a password recovery secret at the power adapter via an interface with the computing device, and storing the password recovery secret on a memory in the power adapter. The password recovery secret can be recovered by requesting the password recovery secret from the power adapter, wherein the password recovery secret is associated with a computing device, receiving the password recovery secret from the memory of the power adapter, and recovering a password based on the password recovery secret. The power adapter can include an electrical source interface, an electronic device interface, an intermediate module to adapt electricity between the interfaces, a memory, and a memory interface through which a password recovery secret is received for storage in the memory.

Abstract: A computer-implemented subsystem and method is disclosed for receiving user qualification data, comparing that data to certification criteria, and providing user certification according thereto, in the context of a system for designing a structure. A variety of users may be certified, including architects, designers, component and service providers, permitting authorities, builders, financers, future tenants, etc. A wide variety of certifications may be provided including by trade, by attributes of the structure, by intended use of the design system, etc. Certification may be based on general experience, references, time spent with the design system, training completed, examination passed, other certifications, etc. Certification may be stand-alone or may be part of an ongoing continuing education process. The design system may limit actions a user may perform on a design based on certification and certification level.

Abstract: Systems and methods for authenticating electronic transactions are provided. The authentication methods employ a combination of security features and communication channels. These security features can be based, for example, on unique knowledge of the person being authenticated, a unique thing that the person has, unique personal features and attributes of the person, the ability of the person to respond, and to do so in a fashion that a machine cannot, and so forth. Methods for enrolling the person prior to authentication are also provided, as well as systems for enrollment and authentication.

Abstract: Methods and apparatus for determining user authorization from motion of a gesture-based control unit are disclosed. An example method to determine user authorization from motion of a gesture-based control unit disclosed herein comprises detecting motion of the gesture-based control unit, the motion caused by a user, determining a detected gesture from a sequence of one or more detected motions of the gesture-based control unit, and identifying the user from the detected gesture to determine an authorization for use by the gesture-based control unit.

Abstract: A system and a method automatically generate video-based tests to distinguish human users from computer software agents. The system comprises a CAPTCHA generation engine, a CAPTCHA serving engine, a video clips database, and a video tests database. The CAPTCHA generation engine selects a video clip from the video clips database, and segments the video clip into multiple video segments. For each video segment, the CAPTCHA generation engine associates a plurality of related queries with the video segment, generates a video test based on the association, and stores in the video tests database. A CAPTCHA serving engine selects a video test for a user, maintaining a user trial counter for each user taking the video test. Based on the user trial counter information and the response to the selected video test, the CAPTCHA serving engine determines whether the user is a human user.

Abstract: A credential store provides for secure storage of credentials. A credential stored in the credential store is encrypted with the public key of a user owning the credential. A first user may provide a credential owned by the first user to a second user. The first user may add credentials owned by the first user to the credential store. An administrator may manage users of the credential store without having the ability to provide credentials to those users.

Abstract: Apparatus, methods, and computer program products are disclosed that present a delegated-right to a delegation system by a service-application provisioned with the delegation system. The delegated-right enables the service-application to perform an operation/access on behalf of a delegator-user. The method then attempts to perform the operation/access.

Abstract: A user of a device may be uniquely identified using a metric that is contingent upon the user using the device for its intended purpose without the user having to perform a separate step, function, or operation for the express purpose of identifying the user. Context sensitive content may be provided to or from the device based on the user's patterns of use of the device without requiring the user's personal information. The context sensitive content depends on the user's identity.

Abstract: An image forming apparatus includes a display unit, a login information storage unit, a login information reception unit, a login authentication unit, an authorization limitation information storage unit, an execution instruction reception unit, a control unit and an execution permission determination unit. The authorization limitation information storage unit stores functions permitted to be executed by the logged-in user and a default user, who is a non-logged-in user. The control unit executes a function in accordance with an execution instruction received by the execution instruction reception unit. The execution permission determination unit determines whether the function indicated in the received execution instruction is a default function that is permitted to be executed by the default user, causes the control unit to execute the function if the function is the default function, and displays the login screen on the display unit if the function is not the default function.

Abstract: A method of providing secure authentication of a service user at a self-service terminal is described. The method comprises: detecting attempted access by the service user to a restricted function on the self-service terminal and ascertaining if a predefined operating system account is present on the terminal. In the event that the predefined operating system account is not present, then the method comprises permitting access to the restricted function by the service user. In the event that the predefined operating system account is present, then the method comprises requesting the service user to provide login credentials and authenticating the login credentials using the operating system account. If the login credentials are not authenticated, access to the restricted function is denied; whereas, if the login credentials are authenticated, access to the restricted function is permitted.

Abstract: A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid.

Abstract: In one or more embodiments, one or more methods and/or systems described can perform displaying, on a handheld device, multiple icons associated with multiple segments; receiving first user input indicating a first segment of the multiple segments; executing a first virtual machine associated with the first segment on the handheld device; executing a first application on the first virtual machine; receiving second user input indicating a second segment of the multiple segments; executing a second virtual machine associated with the second segment on the handheld device; and executing a second application on the second virtual machine. In one or more embodiments, one or more methods and/or systems described can further perform before executing the second virtual machine, receiving authentication information and determining that the user is authenticated. In one or more embodiments, the authentication information can include at least one of a user name, a password, and/or biometric information.

Abstract: An Internet Protocol (IP) controlled modem receives a single modem command packet from a user IP system. The modem command packet indicates a destination IP address, a destination IP port number, and a modem command to initiate a voice call. The IP controlled modem determines if the destination IP address and the destination IP port number are authorized for modem control. If the destination IP address and the destination IP port number are authorized for modem control, then the IP controlled modem processes the modem command to wirelessly transfer call set-up signaling to a wireless communication network to initiate the voice call. The IP controlled modem receives a user data packet from the user IP system and wirelessly transfers the user data packet over the voice call.

Abstract: The present invention discloses methods, devices, and systems for unobtrusively recognizing a user of a mobile device. Methods including the steps of: unobtrusively collecting motion data from the mobile device during normal device usage by monitoring standard authorized-user interaction with the device, without any form of challenge or device-specified action; demarcating the motion data into user motion-sequences based on changes in a motion-state or an elapsed time-period without an occurrence of the changes, wherein the motion-state refers to a placement and speed of the mobile device at a point in time; calculating user motion-characteristics from the user motion-sequences; and generating a motion-repertoire from the user motion-characteristics, whereby the motion-repertoire enables unobtrusive recognition of the user.

Abstract: A computer-implemented method for data-loss prevention may include: 1) identifying data associated with a user, 2) determining that the data is subject to a data-loss-prevention scan, 3) identifying a data-loss-prevention reputation associated with the user, and then 4) performing a data-loss-prevention operation based at least in part on the data-loss-prevention reputation associated with the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An Internet appliance has added hardware and software functionality to allow communication where a dialing action request is authorization is verified using a personal identification means (PIM). A user first selects a communication access number by requesting a dialing action on a actual or a virtual keypad or by clicking a “hot spot” on a Web page. Selecting an access number (e.g., dialing of a telephone number), alerts the user of the Internet appliance of the selection process whether the user instigates or the selection is attempted from a remote device using the Internet appliance facilities. Either method will trigger software commands that prompt the user to enter a PIM either to authorize his own use or another one's use of the Internet appliance. The PIM may comprise, but is not limited to, keying in a personal identification number (PIN), a biometric identification, or a smart card stored number.

Abstract: A method for protecting a password of a computer having a non-volatile memory is disclosed. A password is stored in a non-volatile memory of a computer. The computer is then transitioned to a power saving state. In response to a detection of an unauthorized access to the non-volatile memory during the power saving state transition, a password input is requested from a user. The computer returns to a power-on state from the power saving state when there is a success in authentication of the input password.

Abstract: Illustrated is a system and method to receiving input at a soft bar, the input received at a middle position on the soft bar equal distance from a first position and a second position on the soft bar. The system and method also including a traversing of the soft bar from the middle position to one of the first or second position, using the input, a plurality of times to generate a candidate password, each traversal to generate a position value that is part of the candidate password. Further, the system and method to include unlocking a Graphical User Interface (GUI) for use, the unlocking to occur where the candidate password is equivalent to a stored password.

Abstract: A device receives protected content and a license for the content, unprotects the content using an input key and retrieves a rule associated with the input key. The device then processes the content to create new content, retrieves at least one output key associated with the input key in the retrieved rule, protects the content using the output key and sends the newly protected content and the corresponding license. It is thus possible to impose a work flow as it is necessary for a device to store a particular key in order to access the content and as the rule imposes a particular output key depending on the input key. In a preferred embodiment, the content is scrambled using a symmetrical key that is encrypted by an asymmetrical key in the license. An alternate embodiment uses watermarking techniques instead of encryption. The invention finds particular use in video processing.

Abstract: Determining execution rights for a process. A user selects a process for execution. A driver intercepts the execution and communicates with a service or its remote agent. Configuration data is accessed to determine an execution role specifying whether the process should be denied execution or should execute with particular rights to access or modify system resources. The execution role is provided to the driver, and the driver allows or denies execution of the process in accordance with the provided execution role.

Abstract: The present invention discloses an information processing device and the switching method for the password input mode thereof. The information processing device includes a usage scene monitoring unit configured to monitor the usage scene or the usage environment of the information processing device and a password input switching unit, configured to judge the usage scene or the usage environment of the information processing device 1 based on the output of the usage scene monitoring unit and to determine whether the password input mode should be switched based on the judgment result.

Abstract: A method for authenticating an identity involves a computing device receiving a first credential over a first communications channel, and determining a second communications channel from a comparison between the first received credential and a first reference credential provisionally associated with the first credential. The computing device opens the second communications channel and receives second credential over the second communications channel, and the identity is authenticated based on a verification of the second credential. The computing device authenticates the identity by generating a first identity proof score from a correlation between the first received credential and the first reference credential, generating a second identity proof score from a correlation between the second received credential and a second reference credential, and generating an ultimate identity proof score from the first identity proof score and the second identity proof score.

Abstract: A composite customer ID (CCID) is stored in the OTP memory of integrated circuit chipsets used by a number of different customers. The CCID includes individual customer IDs (CIDs) at defined index positions, each corresponding to a different customer. Each chipset allows or disallows software booting, based reading a certificate index value from a given customer's certificate, reading an OTP CID from OTP, as pointed to the by certificate index value, and evaluating the OTP CID with a certificate CID read from the certificate. Thus, while CCID carries information for a plurality of customers, each customer's certificate points only to that customer's OTP CID, which can be changed to revoke that customer's certificate without revoking the other customers' certificates. The CCID also may include a version number, where the chipsets allow or disallow software booting based on evaluating the certificate version number in view of the CCID version number.

Abstract: A method for granting secure network access comprising requesting, by a mobile device, access to a network via an access point; receiving a passcode from the access point; sending a message including the passcode and an indicia back to the access point; and generating, by the access point, a secure key based on the indicia, the secure key providing network access to the mobile device.

Abstract: System and method configured to provide an access management system configuration that provides the benefits of single sign-on while reducing internal hardware and administration maintenance costs. The system is reconfigured to provide an access control module that directs authentication network traffic such that access management agents are not required to be installed on the application server for each protected application. The system provides a redirection of a login request from the application server to an external security gateway that authenticates the user via policy and sends authenticated user credentials on a back channel to the access control module to obtain a session cookie which is redirected back to the user so the user can establish a session with the application. The solution reduces the plethora of agents to be maintained and upgraded in order to remain compatible with the evolving hosting software, reducing both hardware and administration maintenance costs.

Abstract: A method to reduce bandwidth necessary for renewal of subscriptions for reception of broadcast services including: defining a plurality of sets of subscriber identification numbers, each set being associated with a product; splitting a set of subscriber identification numbers into groups of subscribers; searching for an available subscriber identification number related to the desired product at the time of initialization of a new subscriber; confirming that an inhibit duration has elapsed between the end of the previous subscription and the start of the new subscription; sending an initialization message to the new subscriber addressed with his unique identification address and containing the subscriber identification number of, and rights to, his product; preparing a group rights renewal message for the product to the group containing the subscriber identification number, this message comprising the group header containing this subscriber and a compressed bitmap allowing to individually address each of the

Abstract: A method for restricting access to an electronic device using basic input output system (BIOS) password comprises: generating a first window on a display to receive a first user input in response to a password pre-setting input via an input module; formatting the first user input into American Standard Code for Information Interchange (ASCII); and writing the ASCII into a BIOS chip as the preset password. The electronic device is also provided.

Abstract: Disclosed are apparatus and methodology for providing secure control over stored metrology parameters. A random number key is generated and associated with identifiable information such as a serial number associated with a device. The random number and identification information are stored in a database separate and remote from the device. Alteration of the stored metrology parameters are permitted only upon use of the random number as a key to unlock the device.

Abstract: Embodiments relate to a method, program product and an information processing device for handling lock functions. The device includes a lock function for restricting user operations and a lock setting unit responsive to the lock function for transitioning the information processing device to a locked state after a period of inactivity. It also includes a lock releasing unit responsive to the lock setting unit for releasing the locked state in response to the input of a predetermined first password and a changing unit responsive to the lock releasing unit for changing the number of characters to be inputted in the first password to release the locked state.

Abstract: A method of securing a software application on a mobile device is described. The method includes configuring the mobile device with a management server to allow the mobile device to communicate wirelessly over a wireless network. A listing of applications is transmitted to the management server over the wireless network. The management server generates user credentials data to associate at least one user with an authorization to access at least one application residing on the mobile device. The management server transmits the user credentials data to the mobile device over the wireless network. The mobile device accesses the user credentials data when a user attempts to access the software application on the mobile device. The user is permitted to execute the software application when the user credentials data indicates that the user is authorized to access the software application.

Abstract: A self-service system and method for credential reset permits an administrator to customize policies for credential reset based on any user or group of users. Administrators may choose to set a more stringent policy for credential reset for users or groups that have higher-level permissions to access sensitive information within the resource protected by the credential. Customizable, plug-in gates are provided to permit administrators fine grained control over reset policy definition. When the user initiates a credential reset, the reset policy applicable to that user is invoked, and the user is presented with gates to pass pursuant to the applicable reset policy. The user's responses are compared to responses presented by the user at registration. If the responses meet the reset policy's threshold for accuracy, the user is permitted to reset the credential.

Abstract: In wireless networking, such as per the IEEE 802.11 standard, a technique automatically republishes an authentication credential to a global credential repository. A station can have a first credential, as is created when the station connects to a first access node of a wireless network. Upon trying and failing to connect to a second access node of the wireless network, the station can have a second credential created and published to the global credential repository. In some situations, the station then roams back to the first access node using the first credential. Efficiently, when the station uses the first credential at the first access node, the first credential can be automatically republished as a global credential. The automatic republishing of the first credential can ensure that the station is able to access the wireless network via various access nodes when roaming.

Abstract: A method for using multiple channels to access a resource, wherein a first user requests a resource that requires an indication of approval from a second user, a token value is transmitted to the first user on the first channel, and the second user transmits the token value and a second authentication parameter over a second channel. The token value is used to associate the first authentication parameter to the second authentication parameter, whereby the first user is allowed access to the resource on the first. The first and second user may be independently authenticated in some implementations and not independently authenticated in other implementations.

Abstract: An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold.

Abstract: Techniques for creating and using credentials for blinded intended audiences are provided. A principal desires access to a target service. An identity associated with the target service is hidden from an identity service via a random identifier. The identity service supplies an assertion with credentials and the random identifier. The principal sends the assertion and an access message, which also includes the random identifier to the target service. The target service compares the identifier included with the message to the identifier in the assertion and when a match occurs access is permitted to the target service, assuming other credentials associated with the assertion are satisfied as well.