Abstract: Sending alerts regarding events related to badges. A method includes receiving a subscription for an entity to receive alerts regarding one or more badges or one or more individuals as it relates to the one or more individuals receiving or maintaining badges. The one or more badges signify one or more of skills, training, attributes, or qualifications of individuals who receive them. The method further includes determining that an event has occurred with respect to the one or more badges or one or more individuals. As a result, the method further includes notifying the entity of the event.

Abstract: A method includes identifying, at a security device of a secured wireless network, a wireless-enabled device that is not authorized to access the secured wireless network. The method also includes sending an access request message directed to a messaging address in response to identifying the wireless-enabled device. The access request message includes information that identifies the wireless-enabled device includes a first selectable option to allow access to the secured wireless network without requiring user input of a network password associated with the secured wireless network via the wireless-enabled device. The access request message also and includes a second selectable option to deny access to the secured wireless network.

Abstract: A computer system receives a request to access a server. The request includes a first device tag set. When the first device tag set matches a previously assigned device tag set, the computer system allows access to the server without requesting full access credentials of a user. The computer system invalidates the first device tag set, and sends a second device tag set. When the first device tag set does not match the previously assigned device tag set, the computer system requests full access credentials from the user.

Abstract: A number of effective alternatives for discouraging unauthorized online-resource sharing are discussed. An anti-sharing strategy can be built by applying one or more of the alternatives in response to possible, strongly-suspected or virtually certain unauthorized sharing.

Abstract: A method for ATM Electronic Lock System comprising the steps: (a) a user using ATM card and entering PIN in an ATM Electronic Lock Subsystem, (b) the ATM Lock System authenticating the user, (c) generating a RND and Local One Time Code (LOTC) with the user's personal ID, Equipment ID, (d) displaying the RND to the user and the user sending the RND to ATM management center via mobile device, (e) the Management Center authenticating the user and generating a Management Center One Time Code (MC-OTC) and sending the MC-OTC to the user's mobile device, (f) the user entering the MC-OTC to the ATM Electronic Lock Subsystem, (g) the ATM Electronic Lock Subsystem comparing the MC-OTC with LOTC, and sending unlock command to unlock the ATM Electronic Lock System to allow user to access the ATM if the MC-OTC matches the LOTC, otherwise, the ATM Electronic Lock System remains locked.

Abstract: A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format.

Abstract: A system and method for storing user permissions for multiple disparate physical devices and systems in a unified permissions database connected to a network in common with the devices. The permissions database also stores user permissions for logical assets on or attached to the network.

Abstract: A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.

Abstract: A method, computer readable medium, and device for providing authenticated domain name service includes forwarding at a traffic management device a request for a domain name from a client device to one or more servers coupled to the traffic management device. The traffic management device receives a first response comprising at least a portion of the domain name from the one or more servers. The traffic management device attaches a first signature to the first response when the first response is determined by the traffic management device to be an unauthenticated response, and provides the first response with the first signature to the client device.

Abstract: A method performed by a first computing device is disclosed. The method includes (a) establishing a proximity-based communications channel between the first computing device and a second computing device, one of the first device and the second device being a mobile device, (b) sending a request for authentication of identity of a remote entity from the first device to the second device, the remote entity being in possession of the second device, (c) receiving, at the first device, from the second device, an identity assertion that the remote entity is authentically identified by an identifier, the identity assertion's truth being conditional on a proximity-based condition, (d) verifying, at the first device, that the proximity-based condition is satisfied, and (e) in response to verifying, validating the identifier of the remote entity. An apparatus and computer program product for carrying out the method are also provided.

Abstract: A system and method are provided for supporting storage and analysis by law enforcement agency premises equipment of intercepted network traffic. The system and method provide integrity of the intercepted network traffic stored in an archive in accordance with lawful intercept requirements by storing all of the intercepted traffic, both benign and malicious, in the archive in its original form. The system and method furthermore provide for security from any malicious data packets of the archive by separating the malicious packets from the benign packets and forwarding only the benign packets to analysis applications of the law enforcement agency premises equipment.

Abstract: A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed.

Abstract: A user password is obfuscated using a first obfuscation algorithm and stored. A security module receives a password from a user a first time and, in response thereto, obfuscates the password using a second obfuscation algorithm and stores the obfuscated password. The security module subsequently receives the password from the user a second time. In response thereto, the security module obfuscates the password using the second algorithm a second time and compares the results of the obfuscation with the stored password obfuscated using the second algorithm. If the results of the obfuscation and the stored password obfuscated using the second algorithm match, the security module replaces the stored password obfuscated using the first algorithm with the password obfuscated using the second algorithm. The operations are performed transparently to the user associated with the password.

Abstract: The present invention facilitates access to a restricted service related to secure transactions via a network. The present invention allows a user to select a minimum security level of authentication for its own login to a restricted service. The user's selected minimum security level of authentication may be registered in an authentication method system, so that the user must use the selected minimum security level for authentication in order to gain access to the restricted service. Alternatively, the user may specify that the selected minimum security level for authentication may be over-turned by the user, or optionally re-set to a new authentication method depending on the needs of the user. As such, the present invention allows the user the flexibility to select its own authentication method for accessing a restricted service.

Abstract: Methods and systems of rendering content on a device having a native digital rights management (DRM) system are described. A device, such as an end-user device capable of executing or playing content, acquires content in a common content format file having standardized locations for specific types of data. A generic digital rights token associated with the content is obtained by utilizing one of the standardized locations in the content format file, where the rights token contains information sufficient to allow retrieval of the rights associated with the content. Utilizing data in another of the standardized locations, it is then determined whether the device is registered in a domain. A license server directory may be accessed utilizing data in another of the standardized locations in the common content format file and a domain identifier, a device identifier, or both are transmitted to the license server directory.

Abstract: The invention relates to an authentication system for a user possessing a means (3) for authentication at an authentication entity (1), said authentication means including a means (11) for storing at least one status variable and a single-use access-code generator (2) actuated upon a request of the user, said access code including at least one unpredictable portion and being transmitted to the authentication entity for validation, said validation authenticating the user at the authentication entity, characterised in that the status variable is updated in a random manner by and upon the initiative of the authentication means systematically and before any generation of a new access code, in that the generator is suitable for computing the access code using the status variable once it is updated, and in that the authentication entity is adapted for modifying the value of at least one internal status variable during the at least partial validation of the access code by using information previously known by the au

Abstract: Methods and apparatus for providing an application credential for an application running on a device. In one embodiment, a method provides an application credential to an application running on a device, wherein the application credential is used by the application to authenticate to a data server. The method comprises receiving a request to generate the application credential, wherein the request includes an application identifier. The method also comprises generating the application credential using the application identifier and a master credential associated with the device.

Abstract: According to an aspect, a computing device includes a processor; a computer readable memory; a display screen; a touch sensitive panel overlying the display screen; and computing device application instructions coded in the computer readable memory and executed by the processor to: display a user-selectable photograph on the display screen, the user-selectable photograph including a group of fiducials, generate captured pattern data, the captured pattern data representing coordinate values on the touch sensitive panel where touched by a user, and provide for authentication of the user based on a comparison of the captured pattern data and respective locations of the group of fiducials included in the user-selectable photograph.

Abstract: A method and apparatus are provided for protecting security credentials (e.g., username/password combinations) and/or other sensitive data in a “password vault.” A password vault device may be or may be incorporated into a portable (or even wearable) electronic device, such as a smart phone, smart watch, smart glasses, etc. When a security credential is requested during a user's operation of the password vault device or some other computing/communication device, such as when the user is accessing an online site or service via a browser program, the request is passed to the password vault, and the appropriate security credential is retrieved, delivered, and entered into the requesting interface.

Abstract: This document describes tools capable of enabling cloud-based movable-component binding. The tools, in some embodiments, bind protected media content to a movable component in a mobile computing device in a cryptographically secure manner without requiring the movable component to perform a complex cryptographic function. By so doing the mobile computing device may request access to content and receive permission to use the content quickly and in a cryptographically robust way.

Abstract: A method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a token generator comprising a token generator algorithm and a validator, the method comprising generating a OTP at the token generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the token generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique.

Abstract: An improved technique involves automatically producing a set of KBA questions using values of attributes associated with correctly answered questions. A KBA question server obtains such attribute values from a prior set of pilot questions taken from users who were successfully authenticated. Examples of attributes include a source of facts in a question, placement of facts in a question, and question structure. The KBA question server then generates optimal formatting rules based on the attribute values; such formatting rules define a relationship between facts used to derive KBA questions and the words used to express the KBA questions to users. The KBA question generator then produces KBA questions according to the formatting rules.

Abstract: A method for enhancing the accuracy performance of authentication systems includes determining an authentication data requirement for a desired transaction and at least one new verification phrase. The method also includes capturing authentication data from a user with a communications device in accordance with the authentication data requirement, and capturing biometric data of the at least one new verification phrase from the user with the communications device. Moreover, the method includes adding the determined at least one new verification phrase to an enrollment phrase registry and storing the biometric data captured for the at least one new verification phrase in an enrollment data record of the user after successfully authenticating the user.

Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.

Abstract: The examples of the present invention provide a method and device for verifying a dynamic password. In the method and device, some algorithm parameters can be exchanged in public by using a DH algorithm, and thus a same key is shared safely between two entities, so as to implement the verification of the dynamic password and further improve the security of identity verification. Moreover, the method and device can be easy to use. Further, by the above technical solution, no message exchange is needed between a mobile device and a verification server, and a user does not need to pay for additional flux, so as to decrease the burden of the user and verification costs.

Abstract: An information processing apparatus that communicates using an electronic certificate is provided. When identification information is configured that identifies the information processing apparatus on a network, the configured identification information is stored in a storage unit. A request for issue of an electronic certificate containing the identification information stored in the storage unit is issued to a certificate authority. Once the request for issue is issued, a determination is made as to whether or not the identification information contained in the request for issue matches the identification information stored in the storage unit prior to obtaining the electronic certificate that is issued by the certificate authority in response to the request for issue. If it is determined that a mismatch exists, the user is notified to that effect.

Abstract: Methods and systems provide indirect and temporary access to a company's IT infrastructure and business applications. The methods/systems involve establishing an access control center (ACC) to control the access that technical support personnel may have to the company's IT infrastructure and business applications. Thin client terminals with limited functionality may then be set up in the ACC for use by the technical support personnel. The thin client terminals connect the technical support personnel to workstations outside the ACC that operate as virtual desktops. The virtual desktops in turn connect the technical support personnel to the IT infrastructure and business applications. An ACC application may be used to automatically establish the connection between the thin client terminals to the virtual desktops, and the virtual desktops to the IT infrastructure and business applications.

Abstract: Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

Abstract: The disclosed embodiment relates to identity verification and identity management, and in particular, to methods and systems for identifying individuals, identifying users accessing one or more services over a network, determining member identity ratings, and based on member identity ratings that restrict access to network-based content and certain user-to-user interactions. Further, the user experience in performing identity management is simplified and enhanced as disclosed herein.

Abstract: A method for assessing runtime risk for an application or device includes: storing, in a rules database, a plurality of rules, wherein each rule identifies an action sequence; storing, in a policy database, a plurality of assessment policies, wherein each assessment policy includes at least one rule of the plurality of rules; identifying, using at least one assessment policy, a runtime risk for an application or device, wherein the identified runtime risk identifies and predicts a specific type of threat; and identifying, by a processing device, a behavior score for the application or device based on the identified runtime risk, wherein the action sequence is a sequence of at least two performed actions, and each performed action is at least one of: a user action, an application action, and a system action.

Abstract: Resetting a password for a network service account may include redirecting the user to a password reset tool, wherein the user is blocked from network access other than the password reset tool while being redirected. After redirecting the user to the password reset tool, user entry of verification information may be accepted, and the verification information from the user may be compared with known verification information for the user. User entry of a new password may be accepted if the verification information accepted from the user matches the known verification information for the user; and the new password may be stored as the known password for the user. Related systems and computer-program products are also discussed.

Abstract: A method, client device and system of identity authentication are provided. The method may include detecting a login or registration operation, to a server, via a login interface on a user interface of an application client. In response, identity information and an identifier of the application client may be determined The identity information and the identifier may be encoded into a code displayed on the application client. A mobile terminal may obtain and decode the code to obtain the encapsulated identity information and the identifier. The mobile terminal may also have access to information about an account registered with the authentication server in advance. The mobile terminal may send the identity information, the identifier, and account information to the authentication server for authentication. The application client may then receive an authentication result from the authentication server enabling the user to access the third party service.

Abstract: A digital rights management retrieval system is provided. In some embodiments, a digital rights management system includes receiving a first notification from a first client device of a first protected content transaction for a first user with a first content distributor, wherein the first notification includes a first network address for the first content distributor; receiving a second notification from the first client device of a second protected content transaction by the first user with a second content distributor, wherein the second notification includes a second network address for the second content distributor; and maintaining a first list of content distributors for the first user, wherein the first list includes a network address for each content distributor from which the first user has downloaded protected content.

Abstract: According to one aspect of the present disclosure, a method and technique for dynamic adjustment of authentication mechanism is disclosed. The method includes: collecting location data of one or more agents relative to an agent attempting to authenticate to a data processing system; determining if the location data meets a threshold value; and responsive to the location data meeting the threshold value, relaxing an authentication scheme for the attempting agent to authenticate to the data processing system.

Abstract: The present invention relates to a field of computer application technology, and more particularly to a computer account management system and a realizing method thereof.

Abstract: A CAPTCHA system uses images/pictures and/or motion for granting access to a computing system. The images can be culled from examples used in pictorial games, and can progressively presented to increase the strength of the CAPTCHA challenges. Speech recognition, motion and touch sensing can also be employed as parts of the challenge.

Abstract: A resilient device authentication system comprising: one or more verification authorities (VAs) including a memory loaded with a complete verification set that includes hardware part-specific data, and configured to create a limited verification set (LVS) therefrom; one or more provisioning entities (PEs) each connectable to at least one of the VAs, including a memory loaded with a LVS, and configured to select a subset of data therefrom so as to create an application limited verification set (ALVS); and one or more device management systems connectable to at least one of the PEs, including a memory loaded with an ALVS, and configured to manage device security-related applications through the performance of security-related functions on devices associated with the hardware part-specific data.

Abstract: Systems and methods for publishing datasets are provided herein. According to some embodiments, methods for publishing datasets may include receiving a request to publish a dataset to at least one of an internal environment located within a secured zone and an external environment located outside the secured zone, the request comprising at least one selection criteria, selecting the dataset based upon the at least one selection criteria, the dataset being selected from an index of collected datasets, and responsive to the request, publishing the dataset to at least one of the internal environment and the external environment.

Abstract: A method of enabling users of a third party Internet service, who are not necessarily subscribers of an IP Multimedia Subsystem, IMS, network, to access services provided by the IMS network. The method comprises registering a user with said third party Internet service via the Internet using an Internet service identity of the user, and sending to the user, from said third party Internet service and via the Internet, IMS network access information. The access information is then used to register the user with the IMS network, wherein, following IMS registration, the user is able to access IMS network services.

Abstract: A printing apparatus management system includes: a printing apparatus which includes an IC tag performing wireless communication with the outside and a memory being connected to the IC tag; and a first information terminal which has at least a function of writing information in the memory through wireless communication with the IC tag. The first information terminal maintains authentication data used by the printing apparatus, writes the authentication data in the memory, and transmits the authentication data to another information terminal. In addition, the printing apparatus interrupts a predetermined function, when the authentication data is written by the first information terminal, and in a state where authentication data is written in the memory, the printing apparatus makes the predetermined function effective, when the authentication data written by the first information terminal before the interruption state and the authentication data written after the interruption state accord with each other.

Abstract: Embodiments of the disclosure describe systems and methods for authenticating services running on a partition. In this regard, one embodiment of a system for authenticating a service includes a partition including a list of authorized services, and a service running on the partition; and a management processor in communication with the partition, wherein the management processor is configured to generate credentials for the service running on the partition if the service is listed in the list of authorized services.

Abstract: Systems and methods for continuous measurement of an analyte in a host are provided. The system generally includes a continuous analyte sensor configured to continuously measure a concentration of analyte in a host and a sensor electronics module physically connected to the continuous analyte sensor during sensor use, wherein the sensor electronics module is further configured to directly wirelessly communicate sensor information to one or more display devices. Establishment of communication between devices can involve using a unique identifier associated with the sensor electronics module to authenticate communication. Times tracked at the sensor electronics module and the display module can be at different resolutions, and the different resolutions can be translated to facilitate communication. In addition, the frequency of establishing communication channels between the sensor electronics module and the display devices can vary depending upon whether reference calibration information is being updated.

Abstract: Embodiments of a method and system for notification and request processing are disclosed. A service request for a second application may be received from a first application. Authorization of the first application to send the service request to the second application through a user communication client may be verified. A provider communication identifier of the second application may be identified. The service request may be provided from the user communication client to a provider communication client associated with the provider communication identifier.

Abstract: One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity.

Abstract: An approach is provided to increase password strength in a group of users. The approach detects a password event corresponding to one of the users. In response to the detected password event, the approach identifies a strength of the user's password and compares it to one or more password strength metrics that correspond to the group of users. The password strength comparison data is then transmitted as feedback back to the user.

Abstract: Messages exchanged among users of a relationship management and work collaboration system are organized within user-defined, secure communication channels organized according to user-defined hierarchies that represent the users' personal relationships with one another. Security of the communications channels is maintained using individual, dynamic keys, each of the keys being uniquely associated with a respective one of the channels, and being generated according to combinations of individual passwords established by each respective channel's participants. In-bound messages in the form of e-mails are received and associated with respective ones of the channels according to e-mail aliases associated with the inbound messages. Out-bound e-mails may be sent to channel participants according to e-mail addresses associated with the participants and channel preferences established by the system users.

Abstract: Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.

Abstract: Generally, this disclosure describes technologies for securely storing and using biometric authentication information, such as biometric reference templates. In some embodiments, the technologies include a client device that stores one or more biometric reference templates in a memory thereof. The client device may transfer such templates to an authentication device. The transfer may be conditioned on verification that the authentication device includes a suitable protected environment for the templates and will execute an acceptable temporary storage policy. The technologies may also include an authentication device that is configured to temporarily store biometric reference templates received from a client device in a protected environment thereof. Upon completion of biometric authentication or the occurrence of a termination event, the authentication devices may delete the biometric reference templates from the protected environment.

Abstract: A system and method for integrating a plurality of cloud storage accounts, including the steps of receiving login data of a user account, receiving a notification of at least one of the cloud storage accounts to associate with the user account, receiving authentication data of the at least one cloud storage accounts, transmitting the authentication data to the respective cloud storage account, receiving at least one authentication token from each of the respective cloud storage accounts when the authentication data is verified, storing the at least one authentication token in a database and associating the at least one authentication token with the user account, and receiving at least one file from the at least one cloud storage account associated with the user account.

Abstract: The present invention relates to an access method for accessing a protected communication service via a public communication network by means of a secure communication network, whereby the secure communication network is based on user groups, comprising the steps of defining an access group having access to the communication service based on the user groups of the secure communication network, generating a group key for all members of the access group, providing the group key to a member of the access group via the secure communication network, and accessing the communication service via the public communication network using the group key. The present invention further relates to a communication system comprising a secure communication network based on user groups, a public communication network, a protected communication service, and an access server for managing access rights to the communication service, whereby the communication system is adapted to execute the above method.