Abstract: A method, system and computer program product for retaining trust. A computer receives a correct password for administrative access. The computer sets a trust to a maximum level. The computer detects at least one period of inactivity. The computer adjusts a trust based on the at least one period of inactivity. The computer receives a request to access an privileged function. The computer, responsive to receiving the request, determines that the trust is below a trust threshold. The computer, responsive to determining that the trust is below the trust threshold, challenges the user to authenticate. The computer receives a authentication attempt. The computer determines whether the authentication attempt is correct. The computer, responsive to a determination that the authentication attempt is correct, grants access to the administrative function.

Abstract: A processor-based system, including systems without keyboards, may receive user inputs prior to booting. This may done using the graphics controller to generate a window which allows the user to input information. The system firmware may then compare any user inputs, such as passwords, and may determine whether or not to actually initiate system booting.

Abstract: An electronic device includes a touch screen. When the electronic device wakes up and works in a locked state, a notification interface including a predetermined unlocking area is displayed on the touch screen. A user pattern formed by at least two fingers of a user located within the predetermined unlocking area is detected. The electronic device is unlocked if the user pattern matches a predetermined unlocking pattern.

Abstract: A contact sensor capable of inputting a character by tracing a character with user's finger is arranged in a region of a ten-key unit of a mobile telephone. When registering a password to release a key lock, a user traces a shape of a line, a character, a number, or other symbol on the contact sensor with his/her finger so that the shape is inputted and stored in a memory, thereby completing registration of a password. When releasing the key lock, the user traces the registered shape on the contact sensor with his/her finger so that the key lock is released. The input is easy. Even if the password input operation is observed by a third person, the password will not be easily known to the third person.

Abstract: A method and apparatus for password authentication. The password authentication method, includes: generating a group of sequential candidate characters according to a user's operations to a keyboard, at least one key on the keyboard being associated with at least two characters, wherein the user's single operation of any one key results in characters associated with that key being selected as candidate characters with the same ranking; and authenticating whether a character string formed by the sequential candidate characters matches the password of the user. The password authentication apparatus for accomplishing the same.

Abstract: Machines, systems and methods for providing an authentication challenge are provided. The method comprises analyzing data stored in a computing system equipped with a graphical user interface (GUI), wherein the data stored is related to identity and relationships among items that have a profile; and based on the analysis, issuing a challenge to authenticate access to one or more content or services available by way of the computing system, in response to a user interaction with the computing system, wherein the response to the challenge is known to a user who has personal knowledge of the identity and relationships among the items with a profile, and wherein the user successfully authenticates against the challenge by interacting with visual presentations of the items by placing the items in an order that indicates a correct relationship between at least two or more of the items.

Abstract: A secure media device preferably includes a Universal Serial Bus (USB) Mass Storage Class (MSC) interface. A storage media area is also preferably provided. The storage media is preferably divided into a first and second area by arranging the storage media into multiple Logical Units (LUNs). The second area is preferably accessed in a conventional manner using a host USB MSC driver through the USB MSC interface on the storage device. A password dialog application can be located in the second area of the storage device.

Abstract: A user can make a symbol with their hand, or other such gesture, at a distance from a computing device that can be captured by at least one imaging element of the device. The captured information can be analyzed to attempt to determine the location of distinguishing features of the symbol in the image information. The image information is then compared to hand gesture information stored in, for example, a library of hand gestures for the user. Upon identifying a match, an input to an application executing on the computing device is provided when the image information contains information matching at least one hand gesture with at least a minimum level of certainty. The hand gesture could include a single “static” gesture, such as a specific letter in sign language, for example, or include two or more “static” gestures. The gesture could also include motion, such as hand movement.

Abstract: Concepts and technologies are disclosed herein for management of application access. A security management application can be configured to set access controls and/or other security settings relating to application programs. Additionally, or alternatively, particular functions and/or functionality associated with application programs may be individually configured. Settings reflecting the access controls and/or other security settings can be stored and can be applied at the user device. The security management application also can be configured to determine if security settings and/or access controls are to be overridden. Data can be collected from various sensors and/or other sources to use in determining if particular application programs and/or application program functionality is to be allowed. Thus, normally disallowed activities can be allowed in emergency conditions, when in a business location associated with a particular device, and/or at other times and/or under other circumstances.

Abstract: An information processing apparatus includes: a program executing unit which interprets and executes codes of a computer program created in a procedural language in an environment with a tamper resistant performance, wherein a security attribute and an authentication key are provided in units of functions in the computer program executed by the program executing unit, and wherein the program executing unit executes authentication processing with the authentication key for executing the function, which makes it possible to execute the function based on the security attribute.

Abstract: A device to detect biometric information of a user, identify the user based on the biometric information, identify an active application of the device and identify metadata of the active application associated with the user, and modify personalization data of the active application with the metadata associated with the user.

Abstract: A method and computer program product for managing and controlling direct access of an administrator to a computer system. At least one computer program on the computer system receives from the administrator a request for the direct access to the managed computer system directly from the system console and requests a service management system to search open tickets. In response to that the open tickets are found, the at least one computer program requests the administrator to choose at least one ticket from the open tickets and grants the administrator the direct access to the computer system in response to determining that the at least one ticket is valid.

Abstract: A method, comprising: acquiring candidate data in association with a request for accessing a resource, the candidate data comprising first data and second data; processing the first data with a first key in an attempt to effect decryption of the first data, thereby to obtain first processed data; processing the second data with a second key in an attempt to effect decryption of the second data, thereby to obtain second processed data; and granting the request if a pre-determined portion of the first processed data is derivable from the second processed data. The method may further comprise extracting from the first processed data a group identifier and the pre-determined portion of the first processed data, and effecting a comparison of the group identifier to a reference group identifier in order to conclude whether the first data has been successfully decrypted based on an outcome of the comparison.

Abstract: An authentication string, such as a password, consists of characters. Each of the characters in the authentication string is randomly associated with a defined location on a device. For example, an area on a touch screen can be associated with a character in the authentication string. When a user selects a location associated with the character, feedback is provided that identifies the character. When the user selects a location that is not associated with the character, feedback is provided that does not identify the character. If the user responds by indicating that the associated location matches the character, the character is authenticated. If the user responds by indicating that a location not associated with the character is a match, the character is not authenticated. This process is then repeated for each character in the authentication string.

Abstract: A method and system for protection of and secure access to a computer system or computer network. The method includes the steps of receiving a first login account identifier, such as a user name from a user in communication with the computer system or network. A determination is made if the user is recognized and enrolled from the first login account from the first login account identifier. If the user is recognized, a grid of randomly generated visual images is displayed including one visual image from an image category which has been preselected by the user upon enrollment. An image category identifier is randomly assigned to each visual image in the grid. An image category identifier, second login account identifier, such as a password, is entered and received. If the login account identifier and the image category is validated, access is permitted to the computer system or network.

Abstract: According to an embodiment, a system is provided comprising a memory and a processor. The memory may be operable to store a master image associated with a user account. The master image may comprise an image of a physical, non-living object. The processor may be coupled to the memory and may be operable to receive a request to perform a transaction associated with the user account. The processor may be further operable to receive an image that is scanned in real-time in conjunction with the request to perform the transaction. The processor may be further operable to compare the scanned image with the master image associated with the user account and to perform the transaction if the scanned image is substantially similar to the master image.

Abstract: A password-less method for authenticating a user includes capturing one or more images of a face of the user and comparing the one or more images with a previously collected face template. Randomly selected colored light and randomized blinking patterns are used to capture the images of the user. Such captured images are compared to previously collected face templates, thereby thwarting spoof attacks. A secret image, known only to the user and the device, is moved from one area of the display to another randomly selected area, using the movements of the user's head or face, thereby providing a Turing based challenge. Protected audio video path (PAVP) enabled devices and components are used to protect the challenge from malware attacks.

Abstract: A method for biometric authentication of a user of a mobile device, and a case for performing the method is provided. The method includes, by the case, coupling the mobile device to the case, receiving from the mobile device biometric data of the user of the mobile device that was captured by the mobile device, storing the biometric data, receiving a request from the mobile device for authenticating the user of the mobile device, the request including biometric data captured by the mobile device, comparing the biometric data stored in the case and the biometric data included in the request, and sending to the mobile device a response to the request for authenticating the user of the mobile device based on a result of the comparison, wherein the response to the request is for use by the mobile device to perform an operation based on the authentication of the user.

Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Abstract: Embodiments of the present invention provide an approach for graphical object-based user authentication for computerized/electronic devices (e.g., touch screen devices, cell phones, computerized tablets, handheld devices, etc.). In a typical embodiment, when a user attempts to access a computerized device, the user will be presented with a plurality of graphical objects (e.g., icons, shortcuts, shapes, patterns, etc.). The user may then select a particular graphical object (e.g., via a touch screen) and perform one or more user interactions therewith. Such user interactions may include (but are not limited to) physical manipulations of the graphical object, and/or audio/video manipulations made in conjunction with the selection of the graphical object. The graphical object(s) selected and the user interaction performed will then be compared to previously stored authentication information to determine whether the access to the computerized device should be granted to the user.

Abstract: In a verification method for use in an electronic device, a user input is received and a biologic feature data is captured while the user input is received. Then, the electronic device is prohibited from performing an operation corresponding to the user input based on a determination that the biologic feature data does not conform to a reference biologic feature data.

Abstract: An information processing system including an information processing device connected to a first communication network, a terminal device connected to the first communication network, and a server device connected to a second communication network. The server device includes a receiving unit, a first request unit, and a providing unit. The receiving unit receives an instruction from the terminal device to provide the information processing device with a predetermined service. The first request unit presents a test to the information processing device to authenticate whether or not the information processing device is being operated by a human. The providing unit provides the information processing device with the service in accordance with the instruction. The terminal device includes an instruction unit and a response unit. The instruction unit sends the instruction to the server device. The response unit makes a response to the test on behalf of the information processing device.

Abstract: In a case where a plurality of users are made correspondent to one IC card, user changeover is performed without a logout process. When the IC card is passed over a card reader while a user is logging in, it is judged whether or not the passed card is the IC card used in a login process of the user who is logging in. If NO, a logout process of the user who is logging in is performed, and a user login process using the newly passed IC card is performed. On the other hand, if YES, it is further judged whether or not the plurality of users are made correspondent to the passed IC card. If YES, selection of the user who intends to newly log in is accepted.

Abstract: A verification method including a set flow and the identification flow is provided. The set flow includes: displaying an original outline pattern; executing a coloring operation on the original outline pattern in response to a user encryption coloring event to generate and display a colored outline pattern; storing the colored outline pattern. The identification flow includes: displaying an original outline pattern; executing a coloring operation on the original outline pattern in response to a user verification coloring event to generate and display a to-be identified colored outline pattern; determining whether the to-be identified colored outline pattern is equal to the colored outline pattern; if yes, triggering the verification pass event; if not, triggering the verification fail event.

Abstract: An electronic device includes a base and a cover rotatably attached to the base. An identification unit is located on the cover. The identification unit is used to sense a gesture to rotate the cover relative to the base. The disclosure further offers a control method for the electronic device.

Abstract: An apparatus and method for a two phase password input mechanism are provided. The method includes resetting a password entry, displaying a password entry screen, inputting a password element of a plurality of password elements, determining whether the entered password is complete, determining whether the entered password is correct when the entered password is complete, and if the entered password is correct, unlocking the mobile device. The plurality of password elements include at least two elements that cannot be observed from a same viewpoint.

Abstract: An access control system and method with location validation are provided. The method can include receiving a request from an authentication factor, identifying a location module associated with the authentication factor, identifying a location of the location module, and determining whether the location module is within a predetermined distance from the authentication factor or a control system, including an access panel of the control system, that received the request from the authentication factor. When the location module is within the predetermined distance from the authentication factor or the control system that received the request from the authentication factor, the method can include granting the request received from the authentication factor.

Abstract: The disclosed embodiments provide a convenient way for users to access segregated work spaces on mobile devices. A game-like multi-level interactive approach is used to prompt users for input to verify their identity. Multiple identity verification attributes can be collected at each level of interaction. Authentication is achieved when a settable level of user identification confidence is reached. This can potentially reduce the amount of interaction needed as compared to requiring a user to type in a long, cryptic password.

Abstract: A gesture-based method is disclosed for authenticating a user. More specifically, the user of an information handling system is prompted to enter a passcode finger tap sequence input gesture via a touch-sensitive device. The finger tap sequence input gesture is processed to generate a passcode finger tap sequence. The passcode finger tap sequence is then compared to a previously-generated authentication finger tap sequence. If the two finger tap sequences match, then the user is authenticated.

Abstract: A method for unlocking a screen of a device, including: detecting an inputting operation on the device for inputting an unlock password, the inputting operation causing one character to be inputted to the device; performing, in response to the detecting, a comparison to determine whether all input characters corresponding to a password indicator displayed on the screen match a preset password; and unlocking the screen of the device if it is determined that all the input characters corresponding to the password indicator match the preset password.

Abstract: An authentication system is disclosed. The system comprises means for receiving an authentication request associated with the transaction wherein the request comprises data identifying a communication device associated with a user authorised to perform the transaction; means for sending a Mobile Application Part, MAP, protocol request message in response to the authentication request; means for receiving, in response to the MAP protocol request, data indicative of whether a communication sent to the communication device will be forwarded to a different communication device. The received data indicative of whether a communication sent to the communication device will be forwarded to a different communication device is used in determining whether to authenticate the transaction.

Abstract: The invention is directed to systems, methods and computer program products for adapting content and monitoring user behavior based on facial recognition. An exemplary method comprises: receiving, at a first device, image data from a second device; determining whether the image data substantially matches second image data in a database of image data; in response to determining the image data substantially matches the second image data, determining an account associated with the image data; determining a first set of data associated with the account; and transmitting the first set of data to the second device, wherein the first set of data is used to configure an application being executed on the second device.

Abstract: The present invention relates to using authorization information provided by an asserting agent to control insight-related interactions between a receiving agent and an insight agent. The insight may be information that relates to an entity with whom or a device with which the asserting agent is associated. Such insight is generally referred to as insight of the asserting agent. An insight source maintains the insight of the asserting agent, and the insight agent provides controlled access to the insight by the receiving agent through the insight-related interactions. For others to gain access to at least certain of the asserting agent's insight, the asserting agent must authorize the insight agent to provide the asserting agent's insight to the receiving agent. Upon obtaining the proper authorization, the insight agent will interact with the receiving agent and distribute the asserting agent's insight to the receiving agent.

Abstract: An image forming apparatus which performs a log-in through an identification with respect to a user includes a non-volatility memory which previously stores discrimination information of the user as registration discrimination information. A discrimination information obtaining section obtains an identified discrimination information from the user. An identifying section compares the identified discrimination information and the registration discrimination information to determine whether the identification is authenticated. An inputting section which receives a process request input by the user. A process executing section executes the process request from the inputting section. A log-in section logs in for the user when the identification is authenticated. A log-out processing section logs out following an end of the input of the process request. The process executing section executes the requested process together with log-out.

Abstract: A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information.

Abstract: System and method for providing reciprocity in a reputation system are described.

Abstract: Single sign-on process allowing a mobile user with a mobile phone or with a laptop to remote-access a remote server, comprising the steps of: (1) sending a first authenticator over a first communication layer to a first intermediate equipment between said mobile equipment and said remote server, (2) verifying in said first intermediate equipment said first authenticator sent by said mobile equipment, (3) if said first authenticator is accepted by said first intermediate equipment, completing the communication layer between said mobile equipment and said intermediate equipment, (4) repeating steps (1) to (3) with a plurality of successive intermediate equipment and over a plurality of successive communication layers, until a communication has been completed at the last requested communication layer between said mobile equipment and said remote server, wherein at least a plurality of said authenticators are furnished by a smart-card in said mobile equipment.

Abstract: Protecting a fragment of a document includes automatically detecting the fragment without user intervention based on the content of the fragment and/or the context of the fragment within a set of documents, selectively encrypting the fragment to prevent unauthorized access, and providing an alternative view of the fragment that prevents viewing and access of content corresponding to the fragment unless a decryption password is provided. Automatically detecting the fragment may include detecting numbers and alphanumeric sequences of sufficient length that do not represent commonly known abbreviations, detecting generic terms, detecting proper names, detecting terms signifying a type of content, detecting mutual location of terms and sensitive content, and/or detecting user defined terms. The generic terms may correspond to password, passcode, credentials, user name, account, ID, login, confidential, and/or sensitive. The proper names may be names of financial organizations and security organizations.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a user interface and a processor communicatively coupled to the user interface. The user interface may comprise a touch sensor configured to detect biometric fingerprint data of a human interacting within a user-interactive area of the user interface. The processor may be configured to receive biometric fingerprint data from the user interface inputted via the user interface during the human's natural interaction with the user interface. The processor may be further configured to determine if the biometric fingerprint data is that of an authorized user of the information handling system. The processor may also be configured to restrict access to the information handling system in response to determining that the biometric fingerprint data is not that of an authorized user of the information handling system.

Abstract: Systems and methods to secure authorized access are disclosed. A method includes receiving, an electronic device, a request to generate function-authorization settings including function-access data associated with a particular function of the electronic device to be protected. The method also includes prompting for and receiving function-access data. The received function-access data includes first function-access data that specifies access credentials of a first user to access the particular function and second function-access data that specifies access credentials of a second user to access the particular function. The method also includes associating the received function-access data with the particular function and storing the function-authorization settings including the received function-access data at a memory of the electronic device.

Abstract: One or more online configuration settings are received prior to deployment and execution of a software appliance. Once the configuration settings have been received, the online configuration settings can be utilized to configure a software appliance image prior to executing the image at a host computer. Once the application of the configuration settings to the image has been completed, the image may executed at a host computer.

Abstract: A method of providing restricted access to computer application information via a computing device includes: displaying a limited-access icon on a display of the computing device, the limited-access icon including a function indicator and code-entry segments that can be selected by a user of the computing device, each of the code-entry segments including a visual indicator; receiving a selection sequence of user selections of selected ones of the code-entry segments; and performing a limited-access function corresponding to the function indicator in response to the selection sequence corresponding to an authorized sequence.

Abstract: Provided are method and apparatus for authenticating a password of a user terminal. The method includes: pre-setting, by a user, a password and an identification image for identifying the password; moving a keypad window or an image window realized on a screen of the user terminal according to an action of the user; determining, when a plurality of images included in the image window and a plurality of keys included in the keypad window sequentially overlap with each other, whether a plurality of keys and the identification image corresponding to the password sequentially overlap; and authenticating the password when the plurality of keys and the identification image corresponding to the password sequentially overlap. Accordingly, password information may be protected from a third person observation as the user inputs a pre-set password in an indirect method without having to directly input the pre-set password through an authentication interface.

Abstract: A method for fast activating applications of an electronic device having a touch screen displays a predetermined unlocking interface on the touch screen when the electronic device wakes from an idle state. The predetermined unlocking interface includes a plurality of pattern drawing regions. Each pattern drawing region corresponds to a predetermined application of the electronic device. When a pattern drawn by the user within any of the pattern drawing regions is the same as a preset unlocking pattern, the electronic device is unlocked. Then, an application of the electronic device corresponding to one of the pattern drawing regions in which the pattern is drawn is activated.

Abstract: Provided are method and apparatus for authenticating a password of a user terminal by using a password icon. The method includes: method of authenticating a password of a user terminal, the method including: pre-setting, by a user, a password icon corresponding to a password and a moving direction of the password icon; sequentially moving the icon according to actions of the user at a screen of the user terminal; when the icon is sequentially moved, determining whether the pre-set password icon and the pre-set moving direction of the password icon are matched; and authenticating the password when the password icon and the moving direction of the password icon is sequentially matched.

Abstract: This invention is directed to an electronic device with an embedded authentication system for restricting access to device resources. The authentication system may include one or more sensors operative to detect biometric information of a user. The sensors may be positioned in the device such that the sensors may detect appropriate biometric information as the user operates the device, without requiring the user to perform a step for providing the biometric information (e.g., embedding a fingerprint sensor in an input mechanism instead of providing a fingerprint sensor in a separate part of the device housing). In some embodiments, the authentication system may be operative to detect a visual or temporal pattern of inputs to authenticate a user. In response to authenticating, a user may access restricted files, applications (e.g., applications purchased by the user), or settings (e.g., application settings such as contacts or saved game profile).

Abstract: Methods, computer-readable storage medium, and systems described herein facilitate enabling access to a virtual desktop of a host computing device. An authentication system receives one of an authentication token and a reference to the authentication token, wherein the authentication token is indicative of whether a user successfully logged in to an authentication portal using a client computing device. The authentication system generates a private key, a digital certificate, and a personal identification number (PIN) for the user in response to receiving the one of the authentication token and the reference to the authentication token. The private key, the digital certificate, and the PIN are stored in a virtual smartcard, and the client computing device is authorized to log into a virtual desktop using the virtual smartcard.

Abstract: A simple, customizable and intuitive virtual combination unlock method and system. More specifically, an unlock system and method is disclosed which includes a virtual combination lock, where the virtual combination lock includes several rows of user-selectable images such as pictures or icons as the virtual combination wheels. In certain embodiments, the images are accessed via the user's database. To unlock the device, the user touches and drags pre-selected images into alignment with each other. Security can be adjusted by changing the number of images that need to be aligned to unlock the device.

Abstract: A method for real-time verification of live person presence at a network location comprises the following steps: receiving a verification request at a network location; generating a real-time security indicia; displaying the real-time security indicia on a display screen at the network location; capturing with a back-facing camera at the network location, a real-time image of the field of view (FOV) in front of the display screen displaying the security indicia; detecting a human face in the FOV image; detecting an eye region of the human face in the FOV image; and detecting a reflected image of the security indicia in the eye region in the FOV image. If the reflected image of the security indicia is not detected in the eye region of the FOV image, the verification attempt is deemed unsuccessful, whereas if the reflected image of the security indicia is detected, the verification attempt is deemed successful.