Abstract: The present invention relates to gaming apparatus (100) and methods (300) applicable to gaming apparatuses and systems. In particular a password entry method (300) and system (600) for authenticating a player's identity is disclosed in which a user's password can be defined using a set of elements (402) including a plurality of images (404) such as symbols or pictures.

Abstract: In an exchange of data between a client terminal (1) and a secure database server (2) the data is encoded using positional information generated by a combination generator (7) in a separate security server (3). The positional information is used to produce an image specific to a communication event which is accessed by the client terminal (1) and is the basis for the entry of sensitive data at the client terminal (1). The three-way communication link between the client terminal, database server and security server greatly increases the difficulty of successfully intercepting and decoding the data entered at the client terminal. This method of secure data communication is particularly suited to the communication of password data for example in the banking industry.

Abstract: A system and method is introduced for combining a secure device with a non secure user machine for using and sharing secure data seamlessly through the non secure user machine. The secure device runs in a separate, “parallel world” to the user machine so that the user machine cannot access secure data while it is being used. Even if the user machine is already compromised, the secure data and its usage remain protected from the likes of key logging and screen captures. The secure device authenticates secure data handling to the user so that the user is able to differentiate between a secure and a non secure data usage, as well as identify false imitations of the secure environment.

Abstract: A system and method is introduced for combining a secure device with a non secure user machine for using and sharing secure data seamlessly through the non secure user machine. The secure device runs in a separate, “parallel world” to the user machine so that the user machine cannot access secure data while it is being used. Even if the user machine is already compromised, the secure data and its usage remain protected from the likes of key logging and screen captures. The secure device authenticates secure data handling to the user so that the user is able to differentiate between a secure and a non secure data usage, as well as identify false imitations of the secure environment.

Abstract: A method for authenticating an OTP (one time password) and an instrument therefor, in which the method includes determining whether the OTP token is authenticated successfully, if the OTP token is not authenticated successfully, setting size of an authentication window to be a first predetermined time length and authenticating the obtained OTP according to the authentication window; if the OTP token is authenticated successfully, determining whether the interval between the authentication success time and the current system time is longer than a second predetermined time length, if yes, setting size of the authentication window to be a third predetermined time length and authenticating the obtained OTP according to the authentication window and the authentication success time, in which the third predetermined time length is shorter than the first predetermined time length; otherwise, setting size of the authentication window to be a fourth predetermined time length and authenticating the obtained OTP accordin

Abstract: A comprehensive authentication and identity system and method are disclosed. A central profile is created for a user which includes user information that can be passed back or otherwise utilized by websites (e.g. for registrations, logins, etc.) The user information may include the user's username, password, contact information, personal information, marketing preferences, financial information, etc. For website registrations, the user may provide a mobile communication number that is utilized to perform a type of mobile communication device verification process. As part of a website login, the user may provide identifiable information (e.g. a username) that is looked up by the system or website to determine a mobile communication number for the user, which is used for a verification process. If the verification process is completed successfully, the user may be logged into the website. For accessing the system directly, a user may go through a mobile communication device verification process.

Abstract: The invention discloses, inter alia, a computer executable method for controlling user's access to transaction data in the context of a service in a multitenant data management system comprising data of a first organization, a second organization providing at least one service, at least one user representing the second organization, and a transaction associable by its content with the first organization. The method comprises steps for receiving a request for a user representing the second organization to access the transaction associable with the first organization in the context of a service, verifying the secondary stakeholder status of the second organization regarding the transaction, verifying the validity of a chain of trust between the user of the request and the second organization in the context, and conditional to the validity of the secondary stakeholder status and the chain of trust, authorizing the user representing the second organization to access the transaction in the context of the service.

Abstract: Techniques are provided for entering, verifying, and saving a gesture on a touch-sensitive display device. In one embodiment, the device displays a gesture entry screen where a user enters a gesture. The device estimates the entered gesture and displays the estimated gesture on a gesture replay screen. The estimated gesture may be replayed repeatedly until stopped, and the device may display a gesture verification screen where the user may reenter the gesture. The device verifies if the re-entered gesture is substantially the same as the original estimated gesture. Some embodiments include a visible trace following a user's touch on the touch-sensitive display, where the trace may change in color and/or length depending on the speed, duration, and/or complexity of an entered gesture. Some embodiments include display indicator(s) (e.g., a strength bar, color change, timer, etc.) to indicate the strength and/or elapsed time during an entry or replay of a gesture.

Abstract: The invention prevents robots from browsing a Web site beyond a welcome page. When an initial request from an undefined originator is received, the Web site responds to it with a welcome page including a challenge. Then, on receiving a further request from the undefined originator, the Web site can check whether the challenge is fulfilled or not. If fulfilled, the undefined originator is assumed to be a human being and authorized to go on. If the challenge is not fulfilled, the undefined originator is assumed to be a robot, in which case site access is further denied. The invention prevents Web site contents from being investigated by robots while not requiring users to have to log on.

Abstract: A user generates a pattern in a matrix (or two-dimensional grid) and enters a user name and an associated password. This username, password and pattern are stored locally on a computing device or are transmitted to a remote computer server for later authentication. Upon authentication, an input matrix is displayed. The user enters the password into the matrix in the form of the pattern, and also enters the username. The computer retrieves the previously stored pattern and password with the username. The previously stored pattern is used to read the input password from the input matrix. A match with the stored password indicates authentication. Alternatively, the input matrix only includes the pattern and password is entered separately. The input matrix may also be filled with random characters to improve security. The stored pattern is compared to the input pattern using image analysis or by comparing a set of coordinates.

Abstract: A secure fob that enables a user to pay for an item or items without needing to present a mobile device. A secure fob may include a proximity capability to ensure that a mobile device is within a particular range, thereby eliminating the risk of fraudulent charges on a stolen fob. In such an embodiment, a fob may be disabled if the fob is not paired with the mobile device by virtue of being disconnected and/or physically separated from the mobile device. The secure fob also may include enhanced features to authorize transactions and locate the mobile device and/or the secure fob.

Abstract: An aspect of the disclosed technology is a general-purpose platform that may be used to provide resilient cloud services. Tasks may be written as procedures in general-purpose programming languages that directly manipulate resources via control interfaces. In one implementation, resource states, such as router configurations and virtual machine states, associated with a cloud customer that provides communications services, may be abstracted into tables in a relational or semi-structured database. State changes that have been written to the database tables are automatically propagated by the database to appropriate customer physical devices, such as network elements, thereby implementing various customer network operations.

Abstract: A system and method for preventing an administrator impersonating a user from accessing sensitive resources on a target system is provided. The method comprises receiving a first request from a user to change the user's password on a target system to be changed, sending a “change password” request for the user to the target system, storing the user's new password, receiving a second request from the target system on behalf of the user for access to a sensitive resource, wherein the second request contains information about the user's password, and denying the second request if the information about the user's password is not consistent with the user's stored new password.

Abstract: A method includes displaying a base image and a secondary image overlying the base image on a display, detecting an alignment of a first element of the base image with a second element of the secondary image, and when the first element and the second element are pre-selected elements for a user, authenticating the user.

Abstract: In a method for logging in to a computer, a log-in display is carried out on a terminal unit when the terminal unit is connected to a system management apparatus. A display is carried out to urge an operator to carry out a physical operation when a log-in starting operation is carried out to the terminal unit in response to the log-in display. An operation detection signal is sent when detecting the physical operation carried out to an operating panel. The computer enters a logged-in state when the operation detection signal is detected.

Abstract: A processing device comprises a processor coupled to a memory and implements an obligation management system for information technology infrastructure, with the obligation management system being configured to process a plurality of obligations on behalf of a relying party to verify implementation of corresponding controls in information technology infrastructure of a claimant. A given one of the obligations has an associated obligation fulfiller that is inserted or otherwise deployed as a component within the information technology infrastructure of the claimant and is configured to provide evidence of the implementation of one or more of the controls responsive to an obligation assertion so as to establish an associated trust aspect of the claimant. The information technology infrastructure may comprise distributed virtual infrastructure of a cloud service provider. The claimant may comprise the cloud service provider and the relying party may comprise a tenant of the cloud service provider.

Abstract: An information handling system includes a host mapped general purpose input output (GPIO), a shared memory, a board management controller, and a cryptography engine. The host mapped GPIO includes a plurality of registers. The board management controller is in communication with the host mapped GPIO and with the shared memory, and is configured to control accessibility to the plurality of registers in the GPIO, and to control write accessibility of the shared memory based on a private key received from a basic input output system requesting accessibility to the plurality of registers and write accessibility of the shared memory. The cryptography engine is in communication with the board memory controller, and is configured to authenticate the private key received from the board management controller.

Abstract: Certain embodiments herein relate to authenticating access to an operating system by a user before the operating system is booted. Such authentication may be performed by processing information received from a wireless communication token via Near Field Communication (NFC), in one embodiment. The received information may be processed to determine credentials for accessing the operating system, which if validated, may be sent to a Basic Input Output System (BIOS) which may boot the operating system in response. The BIOS may also perform various other functions if authentication is successful, such as decrypting a hard disk on which an operating system is installed before booting the operating system. According to this configuration, a decryption key may be received from the wireless communication token and subsequently sent to the BIOS to enable the decryption and subsequent booting of the operating system.

Abstract: A method for estimating the strength of a graphicalpassword comprising two or more segments is disclosed. In some embodiments, this advantageous solution is achieved by implementing a multi-step process. In one step, the data processing system applies a first operation on a first segment to produce a transformed segment. In another step, the data processing system performs a comparison operation between the transformed segment and a second segment. In another step, the data processing system performs a penalty operation with respect to the first segment based on an outcome of the comparison operation. The penalty operation includes one or more of (1) calculating a penalty value, wherein the penalty value may be used in calculating a value representing the strength of the graphicalpassword; and (2) disregarding the first or the second segment when calculating the value representing the strength of the graphical password.

Abstract: A content data reproducing method includes: decrypting encrypted data to generate plain-text data; dividing the plain-text data into decrypted content data and reproduction management information; sending the reproduction management information to a user space; storing the decrypted content data in a secret buffer; obtaining the decrypted content data as reproduction target data from the secret buffer and transmitting the reproduction target data to a decoder; and decoding the reproduction target data by the decoder.

Abstract: An electronic lock in which new passcodes can be added and/or deleted without specifying the user slot to which the new passcode should be assigned. A circuit in the electronic lock determines whether the new passcode to be added is unique compared to existing passcodes stored in memory. If so, the circuit searches for an available user slot for which no authorized passcodes are associated and associates the new passcode with an available user slot.

Abstract: Context captured with sensors of an information handling system is applied to selectively lock access to currently unlocked information, with conditions for locking access based upon the context. Nervous states enforce locking of selected information based upon the confidence of the security of the information under sensed external conditions. Increased sensitivity for locking access includes reduced timeouts to a lock command, increased response to sensed conditions, and more rapid response where unlocked access is to sensitive information.

Abstract: Techniques for dynamic generation and management of password dictionaries are presented. Passwords are parsed for recognizable terms. The terms are housed in dictionaries or databases. Statistics associated with the terms are maintained and managed. The statistics are used to provide strength values to the passwords and determine when passwords are acceptable and unacceptable.

Abstract: An access request authentication method, an authorization information generation method, an access request authentication system, and a hardware device. The access request authentication method includes: obtaining the current clock information; receiving a first access request, where the first access request includes a first input code; and determining whether to authorize the first access request based on the current clock information and the first input code.

Abstract: An avatar in a virtual world is provided with credentials for access to various parts of the virtual world by embedding information derived from avatar identification and authorized credential information in the form of a graphic image associated with the avatar. The embedded information is preferably encrypted.

Abstract: A pattern password trajectory configuration system used in an electronic device with a graphics input interface and a method using the same are provided. The disclosed pattern password trajectory configuration system includes a central processing module, a pattern defining module electronically connected the central processing module for defining the graphics input interface into a central block and multiple blocks neighboring the central block and assigning different data codes to the different blocks neighboring the central block, a sliding direction defining module electronically connected to the central processing module for assigning different prime numbers to define different sliding directions moving along the blocks neighboring the central block, and a touch sequence defining module electronically connected to the central processing module for counting and recording touch sequences of sliding among the blocks neighboring the central block.

Abstract: There is provided a method that includes (a) including in a dataset, data indicative of a time, (b) executing a hash function on the dataset to yield a hash value, and (c) employing the hash value as a password for a user to access a device. There is also provided a method that includes (a) including in a dataset, data indicative of a time, (b) executing a hash function on the dataset to yield a hash value, (c) determining that the hash value matches a password from a user, and (d) granting to the user, access to a device. There are also provided systems that perform the methods and storage devices that contain instructions for causing processors to perform the methods.

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract: A system 100 for increasing data security comprises predetermined system data 104 to be protected. A cryptographic unit 108 is used for cryptographic processing of respective blocks of the content data in dependence on respective keys. A key provider 106 determines the respective key used for the processing of a respective block of the content data in dependence on a respective portion 112 of the predetermined system data 104, the portion not including all the predetermined system data, wherein different respective portions of the predetermined system data are selected for the respective blocks of content data. A server system 200 for increasing data security comprises an output 202 for providing processed content data 110 to a client system 100, the client system comprising predetermined system data 104 to be protected. The server system 200 also comprises a cryptographic unit 208 and a key provider 206.

Abstract: A display apparatus includes a display panel, a display condition setting unit that defines a specified display point in a specific screen as a display point of a one-time password for a specified user and sets a display condition for the one-time password, and a password display unit that displays, to the specified user, the one-time password at a display point included in the display condition based on the display condition set by the display condition setting unit when the specific screen is displayed in the display panel.

Abstract: An authentication method using a password of an electronic device is provided. The method includes receiving a password. The method also includes determining whether the received password coincides with a password stored in advance. The method further includes determining whether an input condition at the time of password input coincides with a password input condition stored in advance when the received password coincides with the password stored in advance. The method includes executing a function when the input condition at the time of password input coincides with the password input condition stored in advance.

Abstract: A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.

Abstract: A mobile platform security apparatus and method is provided. The apparatus may perform a security setting by generating a first authentication key, a second authentication key, and a third authentication key for each function called by an application program. The apparatus may store the first authentication key and an identifier for identifying the application program in a first storage unit, the second authentication key and the identifier in a secret domain of a second storage unit, and register the third authentication key and the identifier as a function parameter in the application program. Subsequently, if the function is called by the application program, the apparatus may determine values for the first authentication key, the second authentication key, and the third authentication key corresponding to the called function, and may perform authentication processing using the three authentication key values.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for privacy protection. In one aspect, a method includes accessing personally identifiable information (PII) type definitions that characterize PII types; identifying PII type information included in content of a web page, the PII type information being information matching at least one PII type definition; identifying secondary information included in the content of the web page, the secondary information being information that is predefined as being associated with PII type information; determining a risk score from the PII type information and the secondary information; and classifying the web page as a personal information exposure risk if the risk score meets a confidentiality threshold, wherein the personal information exposure risk is indicative of the web page including personally identifiable information.

Abstract: When user information to be registered for SNMP authentication is input, an information processing apparatus confirms whether or not user information for MFP authentication is already managed for a user to be registered who is indicated by the input user information. In the case where the user information for MFP authentication is not managed for the user to be registered, the information processing apparatus registers the input user information as user information for SNMP authentication. In the case where the user information for MFP authentication is managed for the user, the information processing apparatus registers information specific to SNMP authentication, i.e. information other than an authentication password, out of the input user information.

Abstract: A computer-implemented method for generating secure passwords may include 1) displaying a user interface for entering a textual password, 2) receiving user input via the user interface to select a color for at least one character of the textual password, 3) displaying the entered textual password via the user interface by displaying the character in the selected color and by displaying at least one additional character in at least one additional color, and 4) generating a modified textual password by encoding the textual password with information relating the selected color to the character. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: A portable data or information carrier in the form of a smart card with partially or fully virtualized components. To maximize the confidentiality of information stored in the carrier, and more specifically to limit the amount of information available to a potential defrauder, electronic components such as circuits, I/O, cryptographic, memory and dummy objects are built, modified or influenced on demand from physical characteristics of an eligible person or device. Digitized unique biometric or hardware identifiers are read upon start-up and runtime of the device and, in case of an eligible person or device, subsequently supply all values necessary for determination of the characteristics of the user specific virtual smart cards objects, their placement and connections. By multi-factor authentication, the end-user or device will retain sole control of its keys and use them for authentication, signature or encryption purposes as if he had a physical smart card in his hand.

Abstract: A system for correlating communication packets across different communication networks includes a first monitoring agent in a first network for collecting local identifying information of a communication packet at a communication node. The first monitoring agent pairs the local identifying information with a public identifying information of the packet for a second network. The first monitoring agent further adds a timestamp to the collected information. A second monitoring agent in the second network receives a communication packet from the communication node and collects public identifying information of the packet. The second monitoring agent adds a time-stamp to the collected information. A third monitoring agent in the second network receives the information collected by the first and the second monitoring agents and correlates packets based on the received information.

Abstract: An authentication processing device receives biometric data to be checked from a biometric measuring device; transforms the biometric data that is input from the biometric measuring device by using a checking transformation parameter that is different from a registration transformation parameter; and creates checking biometric data. Then, the authentication processing device performs a differential transformation process on the created checking biometric data by using a differential parameter by which a transformation state transformed by the checking transformation parameter and a transformation state transformed by the registration transformation parameter have the same state. Thereafter, the authentication processing device checks the transformed checking biometric data against the registration biometric data stored in a transformation registration data DB and performs authentication.

Abstract: An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user's password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user.

Abstract: Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool.

Abstract: Cross Site Request Forgery (CSRF) and other types of fraudulent submission can be mitigated using state information that typically is already maintained for various users. Each submission requiring authentication can include a state identifier (ID). The state ID can be compared to a corresponding secure state ID stored in a secure location, such as in a secure token or cookie or in a variable on a page that can only be accessed by code executing in the same security context as the site to which the request is made. If the received state ID is valid and matches the secure state ID, the submission is processed. Otherwise, an interstitial element is generated to prompt the user to confirm the prior submission. A subsequent confirmation submission confirming the prior submission and containing the proper state ID can be processed. If no such confirmation is received, the submission is not processed.

Abstract: Automatic authorization of users and configuration of a software development environment can include selecting a task defined within a project plan of a software system under development, wherein the task specifies a development tool and a user, and automatically authorizing, using a centralized data processing system, the user to access the development tool.

Abstract: A secure processor such as a TPM generates one-time-passwords used to authenticate a communication device to a service provider. In some embodiments the TPM maintains one-time-password data and performs the one-time-password algorithm within a secure boundary associated with the TPM. In some embodiments the TPM generates one-time-password data structures and associated parent keys and manages the parent keys in the same manner it manages standard TPM keys.

Abstract: An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold.

Abstract: An authentication apparatus includes an accepting unit and an instructing unit. The accepting unit accepts a request, which requests to issue an authentication medium for a second user, from a first user who is authenticated. The instructing unit instructs to issue the authentication medium for the second user.

Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.

Abstract: In a service providing system, a client includes a transmitting unit configured to transmit specification information associated with specifications of the client to the management server, a receiving unit configured to receive registration completion information from a management server, a transmitting unit configured to transmit a request for service information to a service providing server, and a service prohibition unit configured to prevent receipt of the service information from the service providing server until the registration completion information is received after transmission of the specification information.

Abstract: Embodiments of the invention relate to collecting keystroke timing data of samples of a phrase input by a user on an input device during different user sessions, and creating a biometric user template based on the timing data collected during the different sessions. Once a sufficient number of samples are collected, the template may be used to authenticate the user.