Abstract: According to an example computer-implemented method, a password management server receives an access request message from a login computer at which a resource requiring vaulted credentials has been requested. The access request message identifies the requested resource and the login computer. A session identifier (ID) is generated for enabling release of the vaulted credentials. The session ID is linked to the login computer and to the requested resource. The session ID is transmitted to the login computer. Responsive to receiving a value indicative of the session ID from a mobile computing device, the password management server transmits the vaulted credentials to the login computer or to the mobile computing device.

Abstract: A mobile device includes a session maintainer application, a native application and a shell application and a link to a web application. If a user is seeking to access a native application, and an active session has not been established, user login credential is obtained, a session token is obtained upon verification of the user login credential, and the obtained session token is provided to the native application. If the user is seeking to access a web application, and an active session has not been established, a session token is obtained upon verification of the user login credential and the obtained session token is provided to the shell application. If an active session has been established then the obtained session token is automatically provided to the native or shell application when the user subsequently seeks access to the respective application.

Abstract: There is provided a user identification module configured for use in a mobile communication device. An exemplary user identification module comprises a first data item being accessible for reading a value of a parameter used in the operation of the user identification module. The exemplary user identification module also comprises at least two second data items, the second data items being unmodifiable and each second data item including a value of the parameter. The first data item includes a modifiable reference addressing one second data item.

Abstract: A system and method that includes receiving a first device profile and associating the first device profile with a first application instance that is assigned as an authentication device of a first account; receiving a second device profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second device profile to the first device profile; and completing the request of the second application instance according to results of comparing the second device profile and the first device profile.

Abstract: A system and method that includes receiving a first biometric profile and associating the first biometric profile with a first application instance that is assigned as an authentication device of a first account; receiving a second biometric profile for a second application instance, wherein the second application instance is making a request on behalf of the first account; comparing the second biometric profile to the first biometric profile; and completing the request of the second application instance according to results of comparing the second biometric profile to the first biometric profile.

Abstract: A system comprises: a management unit which manages, in an authentication server, user identification information and a mail address; a send unit which sends authorization information including identification information of the user from an authentication server if a user is authenticated; a reception unit which, upon receiving a request of the service together with the authorization information at an service server, receives a mail send request associated with the service and the identification information included in the authorization information from the service server at a mail send server; a specifying unit which, in response to reception of the mail send request associated with the service, specifies a mail address associated with the identification information included in the authorization information by inquiring of the authentication server; and a mail send unit which sends mail to the specified mail address.

Abstract: In some embodiments, the instant invention provides for a central identification management computer system that includes at least: a computer programmed with software instructions that at least include: code to receive a user registration request from a user who desires to establish a user identification profile; code to independently verify profile information of the user; code to register the user identification profile with the central identification management computer system; code to receive an identification request; code to generate a timed unique alpha-numeric identifier where the at least one first timed unique alpha-numeric identifier is associated with the user identification profile stored in the database of the central identification management system; code to transmit the timed unique alpha-numeric identifier in response to identification request; and code to record, in a permanent identification usage log, the timed unique alpha-numeric identifier, and a timestamp related to the identification

Abstract: An information processing apparatus includes a storage unit capable of storing authentication information corresponding to a web service. Information is output in a web page corresponding to a first web service so as to cause a display unit to display, via a web browser, an indicator to receive an instruction to delete the authentication information stored in the storage unit. Upon receiving the instruction by the output indicator, deletion processing of authentication information corresponding to a second web service different from the first web service is executed in the storage unit.

Abstract: Methods, systems and devices for generating an authentication key are provided. Two or more communications devices can generate an authentication key by monitoring a physical stimulus that is experienced by both devices (e.g., a common physical stimulus). Each device can then use an identical, predetermined algorithm to generate a common authentication key based on the stimulus. The devices can use the common authentication key to establish a secure network.

Abstract: Apparatus which control modification of passwords by implementing a procedure by which end user designates, in advance, a universe of social media contacts such as friends on social media web sites such as Facebook and Linkedln. Contacts so identified are used as a set of potential identity verifiers. In order to enable a reset or modification of an account password, a subset of the universe is required to assert that they have verified the identity of the user requesting to reset a password. Such verification can be accomplished by varying means by those to whom an inquiry has been directed. Te apparatus may be in the form of a computer system or a computer readable storage medium.

Abstract: The present disclosure discloses an upper-order computer, a lower-order computer, a monitoring system and a monitoring method, so as to eliminate the disadvantages of low standardization level and small scale in manually setting and adjusting performance parameters. The upper-order computer includes a central control module and an information interacting module, the information interacting module including a human-computer interacting unit, and the central control module including a processing unit, a display control unit and a parameter configuring unit, wherein the processing unit is adapted for controlling a lower-order computer by sending control commands; the display control unit is adapted for processing effective operating data acquired from the lower-order computer, and is adapted for instructing the human-computer interacting unit to perform presenting; and the parameter configuring unit is adapted for configuring parameters of the lower-order computer by sending parameter configuring commands.

Abstract: A computer-implemented method may include providing authentication code for an existing web-based application. The authentication code may be programmed to modify functionality of the existing web-based application as the existing web-based application executes while leaving a binary of the existing web-based application unchanged. The method may also include establishing strong authentication for the existing web-based application by 1) identifying, via the authentication code, a request to bind an authentication credential to a profile of a user, the request being received via a browser through which the existing web-based application is accessed, 2) directing, via the authentication code and in response to the request, the browser to an external authentication site that is not part of the existing web-based application, and 3) at the external authentication site, enabling the user to bind the authentication credential to the profile.

Abstract: A token used when a first device authenticates itself to a third device may be associated with a token issue timestamp. Upon receipt of an indication that all previously issued tokens are to be revoked, a second device may store a revocation timestamp. Upon receiving, from the second device, a request for establishing conditions for a file transfer, from the first device, and an indication of a token issue timestamp associated with the request, the second device may compare the token issue timestamp to the revocation timestamp. Responsive to determining, based on the comparing, that the token issue timestamp precedes the revocation timestamp, the second device may deny the request.

Abstract: Techniques to allow a security policy language to accommodate anonymous credentials are described. A policy statement in a security policy language can reference an anonymous credential. When the policy statement is evaluated to decide whether to grant access to a resource mediated by the policy statement, the anonymous credential is used. The policy language can be implemented to allow one anonymous credential to delegate access-granting rights to another anonymous credential. Furthermore, an anonymous credential can be re-randomized to avoid linkage between uses of the anonymous credential, which can compromise anonymity.

Abstract: Methods and systems for facilitating sign-on procedures in connection with a converged system are provided. An authentication plug-in operates to receive authentication credentials in connection with a request to access an application by a client. The authentication plug-in is capable of operating in different contexts in a converged system. After an initial sign-on, subsequent sign-on requests can be fulfilled by accessing authentication credentials stored in a cache.

Abstract: Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid.

Abstract: A method which controls modification of passwords. An end user designates, in advance, a universe of social media contacts such as friends on social media web sites such as Facebook and LinkedIn. Contacts so identified are used as a set of potential identity verifiers. In order to enable a reset or modification of an account password, a subset of the universe is required to assert that they have verified the identity of the user requesting to reset a password. Such verification can be accomplished by varying means by those to whom an inquiry has been directed.

Abstract: Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The authentication optionally comprises an event-based authentication. The mobile device does not have to contain token generating material.

Abstract: A first server is configured to receive a first token from a user device, determine whether the first token is valid, request the user device to provide a set of credentials to a second server, based on determining that the first token is invalid, and receive a first response from the user device. The first response may include information identifying whether the user device is authenticated to communicate with the first server. The first server is further configured to send the first response to a third server. The third server may generate a second response to indicate authentication of the user device to communicate with the first server. The first server is further configured to receive the second response from the third server, generate a second token, based on receiving the second response, and send the second token to the user device.

Abstract: Methods and systems for disrupting password attacks using compression are described. A user password may be stored on a mobile computing device. The password may be compressed, for example, using a Huffman compression algorithm, and may be subsequently encrypted using a short secret as a key. The user password may be stored as the compressed and encrypted key. The compressed and encrypted password may be stored such that a brute force password attack, for example, using every possible short secret, would reveal too may possible matches to allow an attacker to select the real password.

Abstract: In a computing device that includes a host operating system and a management engine separate from the host operating system, if the primary operating system is not operating, a management engine may obtain from a credential server via a first network connection logon information for a secured network and the management engine connects to the secure network through a secured connection using the logon information. If the operating system is operating the operating system provides the logon information to the management engine. Certificate verification may be performed by a remote server on behalf of the management engine. Other embodiments are disclosed and claimed.

Abstract: A method for creating a unique and secure mobile internet protocol version 4 connection for a packet data network is provided. The method includes generating an extended master session key to create a mobile internet protocol root key. The method also includes creating a mobile internet protocol security parameter index based on the mobile internet protocol root key and an access point name. The method further includes deriving a mobile node home agent key based on the access point name. Furthermore the method includes associating the derived mobile node home agent key to the created security parameter index. Moreover the method includes providing the unique and secure mobile internet protocol version 4 connection to transfer data for the packet data network connectivity.

Abstract: A system and a computer-implemented methods for email management are disclosed. The method includes storing messages for electronic mail accounts provided by remote electronic mail server systems. The method further includes determining that the remote electronic mail server systems each have a different hostname than the others of the remote electronic mail server systems. The method further includes displaying messages from a first one of the electronic mail accounts and displaying a hostname of a first remote electronic mail server system providing the first one of the electronic mail accounts. The method further includes receiving a request to view messages from a second one of the electronic mail accounts. The method further includes displaying messages from the second one of the electronic mail accounts and displaying a hostname of a second remote electronic mail server system providing the second one of the electronic mail accounts.

Abstract: A method, system, and medium are provided for operating a computing device and a mobile device to access computer software with a secure access and to access a packet network, and for operating a computer software on a mobile device with different computing devices. A mobile device is used to authenticate a user's access to computer software. The computer software may reside on the mobile device, the user's computing device, or another computing device. A unique identifier is stored in the mobile device associated with the computer software to enable the authentication.

Abstract: In one embodiment, a management device in a computer network determines when nodes of the computer network join any one of a plurality of field area routers (FARs), which requires a shared-media mesh security key for that joined FAR. The management device also maintains a database that indicates to which FAR each node in the computer network is currently joined, and to which FARs, if any, each node had previously joined, where the nodes are configured to maintain the mesh security key for one or more previously joined FARs in order to return to those previously joined FARs with the maintained mesh security key. Accordingly, in response to an updated mesh security key for a particular FAR of the plurality of FARs, the management node initiates distribution of the updated mesh security key to nodes having previously joined that particular FAR that are not currently joined to that particular FAR.

Abstract: A system or method of remotely managing security certificates on a mobile device is provided. Certificates on a mobile device may be added to, deleted from, or updated by a server that manages certificates on one or more mobile devices. The server may retrieve new certificates from a certificate authority and push the certificate to the mobile device where it is stored for subsequent use. The management of security certificates on a mobile device may be governed by one or more certificate-management rules that are enforced by the remote server and/or the mobile device.

Abstract: The present invention relates to a system and method for issuing an authentication key for authenticating a user in a CPNS environment. The system comprises a user terminal, a gateway and a CPNS device. The user terminal is equipped with a short-range wireless communication function, requests the gateway to register terminal information including an ID and password, encrypts the terminal information including the ID and password using the password, transmits an authentication request signal including the encrypted terminal information to the gateway, and receives an authentication key generated by a CPNS device. The CPNS device stores the terminal information, performs user authentication by decrypting the encrypted terminal information in response to the authentication request, generates an authentication key for the CPNS when a user is authenticated, encrypts the generated authentication key using the password, and transmits the encrypted authentication key to the user terminal through the gateway.

Abstract: A method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication are described. The computer-implemented method comprising detecting launch of a security code generation application on a wireless communications device, generating a first unique security code upon launching the application, displaying the first security code on the wireless communications device, determining based on time whether to generate a new unique security code, and displaying the new unique security code.

Abstract: Example implementations described herein are directed to authentication based on the user's private factors, while not revealing at the server side information allowing the server (or anyone with the server's information) to deduce the private answers. In example implementations, the user answers a questionnaire with authentication factors, wherein the answers are transformed in a one-way fashion and the transformed answers are provided to the server side. Example implementations facilitate authentication based on polynomial interpolation or other methods to permit a user to authenticate, even if the user does not answer all of the questions correctly.

Abstract: Disclosed are various embodiments for determining if a requesting client is within a predetermined distance of a location of a trusted client. In one embodiment, a trusted signal having a plurality of trusted signal metrics may be established by the trusted client as being associated with a specified location. The trusted signal may then be rendered to the requesting client to be recorded as a contested signal. In one embodiment, an authentication service may then determine if the contested signal is of an adequate signal quality according a predetermined quality threshold. Assuming the contested signal is of an adequate quality, the authentication service then determines that the requesting client is within a common acoustic environment as the trusted client if the contested signal corresponds to the trusted signal by comparing a plurality of contested signal metrics with a plurality of trusted signal metrics.

Abstract: The embodiments herein provide a secure computing resource set identification, evaluation, and management arrangement, employing in various embodiments some or all of the following highly reliable identity related means to establish, register, publish and securely employ user computing arrangement resources in satisfaction of user set target contextual purposes.

Abstract: Provided is a programmable display apparatus that can permit access to an application through facial authentication. A programmable display apparatus controls access to the application. The programmable display apparatus stores feature data of a face of a user. The programmable display apparatus performs facial authentication of a user based on image data of a user obtained through image capture and on the feature data. The programmable display apparatus permits a user to access the application if the user has been authenticated.

Abstract: An apparatus, system, and method are disclosed for context-sensitive password generation. The inspection module may accept entry of at least a new portion of a password by a user into a security mechanism and determine a dynamic parameter candidate within the password. The analysis module may recommend to the user a context-sensitive interpretation of the dynamic parameter candidate. The confirmation module may receive a selection by the user of the context-sensitive interpretation.

Abstract: A virtual computer service includes receiving, at a network server computer over a network, an encrypted image and user credentials for a user of a computer, and storing the encrypted image and the user credentials in an image repository that is communicatively coupled to the network server computer. The virtual computer service also includes receiving a request to initiate a session, the request including the user credentials. Upon successful validation of the user credentials, the virtual computer service includes selecting the encrypted image from the image repository, decrypting the encrypted image, activating a session for a virtual computer associated with the computer, and synchronizing session details of the session, once completed, with the image and storing a synchronized image in the image repository.

Abstract: Novel tools and techniques for automated recovery of information from commercial web portals, including commercial web portals requiring credentials for access. In some instances images are captured and pushed to external processes for improving system performance. In some instances access to automated software agent remote control modules is balanced across a system comprising a plurality of processors hosting the automated software agent remote control modules. Some instances provide provisioning of credentials, in particular indicating credentials available for an unlimited or a select limited number of users and monitoring credential use of those credentials usable by a select number of users. Some instances provide cache management optimizes retrieval of data by external processes and ensures reliability of such data to reduce unnecessary web portal inquiries.

Abstract: A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network.

Abstract: A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by the computer server.

Abstract: Disclosed is a method for protecting a single sign-on domain from credential leakage. In the method, an authentication server provides an authentication cookie to a browser client. The cookie has at least one user authentication credential for the domain, and is associated with an authentication subdomain of the domain. The server receives the cookie from the browser client. Upon authentication of the user authentication credential in the received cookie, the server responds to the access request by forwarding, to the browser client, a limited-use cookie for the domain. The server receives a request from the content server to validate a session identifier of the limited-use cookie received from the browser client. Upon validation of the session identifier of the limited-use cookie, the server provides a valid session message to the content server for enabling the content server to forward requested content to the browser client.

Abstract: Systems and method for authenticating users are presented. A system can send a passkey to a user interface of a known device. A user can then send a messaging service message with the passkey from a second device to the system. After receiving the message from the user, the system can extract the passkey from the message, and compare the received passkey against the passkey originally sent to the user. The known device and the second device can each have separate and unique device identifiers.

Abstract: A system is configured to receive a first authentication request from a first device, authenticate the first device, establish a secure connection with the first device based on authenticating the first device, and receive, via the secure connection with the first device, a set of parameters from the first device. The first device is capable of generating an encryption key for a secure message, intended for a second device, based on the set of parameters. The system is also configured to receive a second authentication request from a second device, authenticate the second device and establish a secure connection with the second device based on receiving the second authentication request, and send, via the secure connection with the second device, the set of parameters to the second device. The second user device is capable of generating a decryption key for the secure message based on the set of parameters.

Abstract: An information processing system, which includes one or more computers, includes a reception part configured to receive a request addressed to one of multiple destinations, a generation part configured to generate authority identification information for identifying operation authority to operate an apparatus in a case where provision of the operation authority is authorized based on a condition that differs depending on a combination of the destination of the request and a transmission source of the request, and a transmission part configured to transmit the authority identification information to the transmission source of the request.

Abstract: A wireless authentication system includes an execution end device and a control end device. When the execution end device and the control end device receive an activation signal, the execution end device generates a time related random code, and transmits the time related random code to the control end device; and the control end device generates a comparison authentication code according to the time related random code, a fixed password and a variable password. When the execution end device determines that the comparison authentication code corresponds to a set of data stored in the execution end device, the execution end device performs a predetermined operation, and the variable password is changed.

Abstract: Techniques for secure message offloading are presented. An intermediary is transparently situated between a user's local messaging client and an external and remote messaging client. The user authenticates to the local client for access and the intermediary authenticates the user for access to the remote client using different credentials unknown to the user. Messages sent from the local client are transparently encrypted by the intermediary before being passed to the remote client and messages received from the remote client are transparently decrypted before being delivered to the local client.

Abstract: A method for providing an abuse sentry service for responding to domain name abuse is described. The method comprises the following steps. A plurality of disparate abuse feeds is received, each comprising data relating to a subset of potential domain name abuse. Filters are applied to the data to create a custom abuse feed. Data from the custom abuse feed is grouped based on priority levels. For each of the groups, one or more corresponding workflows are executed as a response to the potential domain name abuse. A computer readable medium including instructions for implementing the method is also described.

Abstract: Techniques for advanced login security using personalized, user-specific urls are provided. In one aspect, a method for authenticating a user is provided. The method includes the following steps. A personalized login url and credentials (e.g., username and password) are stored for the user. Upon receipt of a login url from the user, it is verified whether the login url matches the personalized url stored for the user. If the login url matches the personalized url for the user, then the user is provided with a user-specific login page where the user can enter credentials, otherwise access is denied. The user is authenticated only if the credentials the user enters match the credentials stored for the user, otherwise denying access.

Abstract: Disclosed are some examples of systems, methods and storage media for generating a platform-independent document. In some implementations, a system is capable of receiving a request to generate a platform-independent document, the request including markup language content. The system is further capable of providing the markup language content to a rendering engine. The system is further capable of intercepting resource requests communicated from the rendering engine. The system is further capable of communicating the intercepted requests, or one or more requests based on the intercepted requests, to retrieve resources identified in the intercepted requests. The system is further capable of receiving resources retrieved based on the communicated intercepted requests. The system is further capable of providing the retrieved resources to the rendering engine, which subsequently renders the platform-independent document based on the markup language content and the retrieved resources.

Abstract: A method of creating a DNS record in a DNS is provided. The method includes receiving one of an allocation record or information for obtaining the allocation record from a wireless device. The allocation record includes an expression. In addition, the method includes creating a DNS record for the expression. Furthermore, the method includes associating the DNS record with a credential.

Abstract: A data processing system (100) comprises: a database (4); a host computer (3) and a user computer (1) capable of communicating with each other over a network (2); wherein the user computer sends a data request message (RQ) to the host computer (3), the request message containing Data information (RD), Identity information (RI), and Authenticity information (A; VI), wherein the host computer (3) checks the authentication information and only sends the required data if the Identity information (RI) defines an authorized user and the authentication information (A; VI) authenticates the user identification information. The request message further contains secondary information (RT) and the host computer (3) calculates, from the secondary-information, a reliability value (R), compares the calculated reliability value with a predefined reliability threshold, and sends the required data only if the reliability value is at least as high as the reliability threshold.

Abstract: A method for wireless communications and a wireless transmit/receive unit are disclosed. At least one first wireless communication link with a base station for transmitting/receiving data packets is established, which at least one first wireless communication link complies with at least a first authentication mechanism. At least one second wireless communication link with at least one user device for transmitting/receiving data packets is established, which at least one second wireless communication link complies with at least a second authentication mechanism, wherein the at least one second wireless communication link comprises a peer-to-peer wireless communication link. The at least one first wireless communication link and the at least one second wireless communication link are concurrently maintained.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.