Abstract: Automatic identification and authentication of a user of a mobile application entails receiving from the wireless communications device a unique device identifier and an e-mail address corresponding to the wireless communications device, associating a registration identifier with the unique device identifier and the e-mail address, generating an authentication token, and communicating the authentication token and the registration identifier to the wireless communications device. This technology obviates the need for the user to remember and enter a user ID and password to access backed-up application data on a server. This is particularly useful for instant messaging applications, e.g. PIN messaging, in which the unique device identifier is used to identify the user and is also the transport address. Once registered, the user who has switched to a new device or has wiped his existing device, can restore contacts or other application data from the server based on the registration identifier.

Abstract: A method of configuring an on-demand secure connection between a control site and a client network is described. The method involves establishing a first tunnel between the control site and the edge device of the client network. The method then involves automatically detecting a sub-network coupled to the edge device, and configuring the edge device to allow a second tunnel to be established within the first tunnel, where the second tunnel connects the control site to the detected sub-network.

Abstract: The present disclosure relates to a Completely Automated Public Turing Test to tell Computers and Humans Apart (CAPTCHA) image authentication method and system. The CAPTCHA image authentication method comprises the steps of: collecting a plurality of first objects; defining a plurality of variables so as to be used as basis for classifying and dividing the plural first objects into M groups accordingly while allowing each group in the M groups to correspond to at least one variable selected from the plural variables; selecting at least one group from the M groups while further grading and dividing the first objects in the selected group into subgroups of N grades based upon a standard unit of the variable corresponding to the selected group; sorting and storing the subgroups of N grades; and selecting a plurality of authentication objects from the subgroups of N grades to be used in an authentication process.

Abstract: An active slave device for a Bluetooth system comprises a non-volatile memory unit for storing a plurality of link keys corresponding to a master device capable of switching among a plurality of operating modes, wherein the plurality of link keys correspond to the plurality of operating modes and are generated by a key pairing performed between the active slave device and the master device; and a key fishing unit for searching whether any of the plurality of link keys conforms to a qualified link key that can enable the active slave device under the current operating mode of the master device.

Abstract: Techniques are described for facilitating access of computing system users to restricted functionality, such as internal functionality of a business or other organization (e.g., internal systems and/or confidential information available to some or all business employees or other organization members). The restricted functionality access may in some situations be provided in conjunction with publicly available information from the organization, such as to use that publicly available information as part of a user interface that allows an authorized subset of users to access the restricted functionality. In some situations, the restricted functionality access may be facilitated by an access provider system that executes on a client computing system of an authorized user, such as a program operating in conjunction with another presentation program that presents publicly available information (e.g.

Abstract: Techniques for modification of access expiration conditions are presented. A principal supplies a password associated with establishing access to a target resource. In response to the password, characteristics of the password are examined and a custom expiration condition is generated for the password in response to the characteristics and policy. When the custom expiration condition is satisfied, the password and access to the target resource become invalid for use. Moreover, the principal may interactively change a complexity level of any proposed password for purposes of attempting to enhance the expiration condition or for purposes of attempting to degrade the expiration condition.

Abstract: A data delivery apparatus including a storage adapted to store limited-access data which associates user data for specifying a user, with data, access to which is permitted or limited to the user; a function determination unit adapted to determine whether a destination device to which the limited-access data is to be transmitted has an access control function of permitting or limiting access to the limited-access data for each user; an authentication unit adapted to, when the limited-access data destination device is determined not to have the access control function, request input of authentication information and performing an authentication process using the input authentication information; and a transmission control unit adapted to, when the authentication process by said authentication unit is successful, transmitting the limited-access data to the destination device.

Abstract: A method for determining biometric data for use in conducting authentication transactions is provided that includes capturing biometric data from a user during an authentication transaction and capturing conditions of the authentication transaction with a device. The captured biometric data corresponds to desired biometric data. The method also includes transmitting the captured biometric data and conditions to an authentication system that stores biometric data and conditions therein. Moreover, the method includes determining that stored biometric data corresponding to the desired biometric data, associated with conditions that best match the captured conditions, is to be used for authenticating the user.

Abstract: A policy-enabled service gateway contains a gateway function and a local policy engine containing policies related to the functionality of the associated gateway function. New or updated policies may be provided to the local policy engine from a centralized policy server. The policies within the local policy engine are functionally related to the gateway function and provide for policy and/or charging enforcement associated with the gateway function. If the local policy engine does not contain a particular policy, it may request the policy from the centralized policy server. The local policy engine may choose to store the requested policy for future use.

Abstract: An end user of an enterprise is enabled to receive secure remote presentation access to the assigned virtual machines in a hosted public cloud through the cloud provider's virtualization hosts and remote presentation gateway. Thus an enterprise administrator may purchase computing capacity from the cloud provider and further sub-divide the purchased computing capacity among enterprise end users. The cloud provider need not create shadow accounts for each end user of the enterprise. The cloud provider AD and the enterprise AD do not need to trust each other. The cloud provider also need not expose host information to the tenants. Authorization may be provided by using a combination of a custom authorization plug-in at the terminal services gateway and an indirection listener component at the virtualization host.

Abstract: In one embodiment a method for receiving a request from a user to update a pointer record of a domain name system (DNS) in a DNS service includes issuing a query from the DNS service to a resource of a first service of the data center from the DNS service using a uniform resource indicator (URI) of the request corresponding to the resource, receiving a list of Internet protocol (IP) addresses in the DNS service from the first service, determining whether an IP address received in the request corresponds to one of the IP addresses of the list, and if so, enabling the user to update the pointer record.

Abstract: The present invention relates to auto-provision of wireless devices. A wireless device (1) has a device identifier and a first private key generated from the device identifier. A registration server (5) has an operator identifier and a second private key generated from the operator identifier. The wireless device (1) transmits the device identifier to the registration server (5), and the registration server (5) transmits a subscriber identifier to the wireless device (1). The wireless device (1) generates a shared key based on the operator identifier and the first private key, and the registration server (5) generates the shared key based on the device identifier and the second private key.

Abstract: Apparatus and methods of creating digital signatures include storing a credential received from an external issuing entity at a host device associated with a signature engine. After agreeing on a message with a verifying entity, the host device may transmit a version of the credential with a signature from the associated signature engine for the message to the verifying entity. The verifying entity may determine from the version of the credential and the digital signature whether the credential originated from a trusted issuing entity.

Abstract: A content distribution server receives from an information processing device, a first password generated from first data indicating a key and server specific information specific to the server with the use of a predetermined function. Then, the received first password and processing designation information designating processing are transmitted to a terminal. The terminal generates a second password from second data indicating a key matching with the key indicated by the first data and the server specific information obtained from the information processing device, with the use of the function. Then, the first password from the server and the generated second password are checked against each other, and whether or not to perform processing designated by the processing designation information from the server is determined based on a result of checking.

Abstract: Disclosed are various embodiments of generating a user signature associated with a user and authenticating a user. At least one behavior associated with at least one sensor in a computing device is identified. A timestamp is generated and associated with the behavior. A user signature corresponding to a user based at least in part upon the behavior and the timestamp is generated and stored.

Abstract: Upon receiving an account creation request from a client, the server determines a count of new account requests, each having a respective password, received during a predefined time period, that satisfy a requirement that the respective password is a function of the password in the received account creation request, and determines a popularity value associated with the password. The server associates a spam score, based at least in part on the count and the popularity value, with the account creation request, and compares the spam score with certain predefined thresholds. If the spam score is above a first threshold, the server may refuse the account creation request. If the spam score is within a certain range, the server may limit the access to the account associated with the account creation request. If the spam score is below a second threshold, the server may enable normal use of the account.

Abstract: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.

Abstract: A method and apparatus for controlling access restrictions for media resource playback may include defining a user-specific content control profile authorizing one or more classes of content to be delivered to a client device, generating a media resource request identifying a first media resource associated with a first class of content and one or more attributes of the content control profile, determining whether the first class of content has been authorized for delivery to the client device based at least in part upon the one or more attributes of the content control profile, and delivering the first media resource to the client device if the first class of content has been authorized for delivery to the client device.

Abstract: Provided are a method for authenticating a user terminal in an interface server, and an interface server and a user terminal using the same. The method includes receiving authentication request information from an application service providing server in order to request the interface server to authenticate the user terminal receiving an application service provided from the application service providing server, authenticating the user terminal according to the authenticating request information using an authentication method selected by the interface server or a user of the user terminal, and transmitting authentication response information including an authentication result of performing the authentication method to the application service providing server. The interface server provides an interface for a network to the application service providing server.

Abstract: A system and method of providing domain management for content protection and security is disclosed. A secure device domain is generated to allow sharing of content among a plurality of consumer electronic devices. A domain management scheme for authenticating and managing consumer electronics devices in the secure device domain is provided.

Abstract: The present invention discloses a bus monitor for enhancing SOC system security and a realization method thereof. The bus monitor disposed between a system bus and a system control unit includes a configuration unit, a condition judgment unit, an effective data selection unit, a hardware algorithm unit and a comparative output unit. Without affecting the bus access efficiency, the present invention provides the method capable of immediately monitoring the bus behavior, and the detection system notices whether a particular bus access serial behavior is changed due to an accidental fault or intentional attacking fault. If the particular bus access serial behavior is changed, the present invention warns the system to adopt a suitable security measure to prevent the security hidden trouble and leakage of classified information due to the incorrect system security process.

Abstract: Systems and methods for providing state information and remote command execution using Extensible Messaging and Presence Protocol (XMPP), Session Initiation Protocol (SIP) or any other protocol that provides for authentication, presence and messaging. A device may exist within a managed or unmanaged network and sign on to a managed network and provide presence information augmented with state information to provide near real-time state information to the managed network. The network may also discover remote command support in endpoint devices to command and control the devices remotely, while traversing unmanaged networks and components.

Abstract: Authentication credentials are received at a key server system. A service associated with the wrapped key is identified. A master key is accessed based on the identified service, the master key being associated with the identified service. The wrapped key is decrypted to generate an unwrapped key that includes the resource identifier, the resource encryption key, and the user identifier in unencrypted form. The user identifier is identified accessed from the unwrapped key. The received authentication credentials are determined to correspond to the accessed user identifier. In response to determining that the received authentication credentials correspond to the accessed user identifier, the resource encryption key are sent in unecrypted to the application server system such that the application server system can decrypt the resource using the resource encryption key in unencrypted form.

Abstract: A system for secure information storage and delivery includes a vault repository that includes a secure vault associated with a user, wherein the secure vault is configured to receive at least one data entry. A mobile vault server coupled to the vault repository creates a mobile vault on a mobile device based on the secure vault and is capable of authenticating the mobile device based on user authentication information. The mobile vault server includes a mobile device handler that communicates with the mobile device. A synchronization utility determines whether the at least one data entry on the secure vault is transferable to or storable on the mobile vault. and transfers the data entry from the secure vault to a corresponding data entry on the mobile vault if the at least one data entry on the secure vault is determined to be transferable to or storable on the mobile vault.

Abstract: Rather than managing a certificate chain related to a newly issued identity certificate at a terminal to which a wireless device occasionally connects, a certificate server can act to determine the identity certificates in a certificate chain related to the newly issued identity certificate. The certificate server can also act to obtain the identity certificates and transmit the identity certificates towards the device that requested the newly issued identity certificate. A mail server may receive the newly issued identity certificate and the identity certificates in the certificate chain and manage the timing of the transmittal of the identity certificates. By transmitting the identity certificates in the certificate chain before transmitting the newly issued identity certificate, the mail server allows the user device to verify the authenticity of the newly issued identity certificate.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing multi-factor authentication. In one aspect, a method includes determining that the identity of a user has been successfully proven using a first of two or more authentication factors, allowing updates or requests for updates to be initiated after the identity of the user has been successfully proven using the first authentication factor, logging the updates or requests for updates that are initiated after the identity of the user has been successfully proven using the first authentication factor, determining that the identity of the user has not been successfully proven using a second of the two or more authentication factors, and reverting the updates, or discarding the requests for updates, based on determining that the identity of the user has not been successfully proven using the second authentication factor.

Abstract: A computer implemented method for detecting and preventing spam account generation is disclosed. Upon receiving an account creation request from a client, the server analyzes the request and associates a spam score with the account creation request, based at least in part on a number of new account requests associated with the cookie received during a predefined time period, and compares the spam score with certain predefined thresholds. If the spam score is above a first threshold, the server may refuse the account creation request. If the spam score is within a certain range, the server may limit the access to the account associated with the account creation request. If the spam score is below a second threshold, the server may put no limit on access to (i.e., enable normal use of) the account.

Abstract: One embodiment provides a token for dynamically authenticating a user. The token includes a memory for storing secure data; a processor for calculating authentication credentials of the user based on the secure data, and for constructing a server address based on the authentication credentials. Also included is a transmitter for transmitting the server address to a host controller wherein the host controller is configurable to communicate with a remote server locatable at the server address such that the user is dynamically authenticated on the remote server using the authentication credentials.

Abstract: A method of initiating randomized communication links among persons belonging to an organization by executing computer-executable instructions stored on a non-transitory computer-readable medium allows members within an organization to submit requests to be engaged with other organization members for various activities such as eating or exercising. Engagement requests specify a time frame and a location to meet with other users. Engagement requests are time dependent and confined to a particular location. Engagements may be randomized, or prioritized for members who have not previously engaged with each other and filtered based on various other criteria.

Abstract: A system creates a weak password using a regular expression, and stores the weak password. The system receives a password from a user or a third party, and executes a first action when the password from the user or the third party is the weak password. In another embodiment, the system stores a strong password as a weak password and creates a new strong password. The system receives a password from a user or a third party, and executes a first action when the password is the new strong password and executes a second action when the password is the weak password.

Abstract: Embodiments include systems and methods for user login to a multimedia system. In one embodiment, a method of logging in one or more user profiles on a multimedia system includes associating one or more actuation sequences of one or more buttons on a remote control device each with a user profile, each user profile having one or more characteristics for outputting multimedia content, the characteristics affecting multimedia content provided by a multimedia system to personalize the user's multimedia experience, communicating a first signal corresponding to one of the one or more actuation sequences from the remote control device to a multimedia system to identify a first user profile for login, logging in the first user profile as an active user profile on the multimedia system based on the first signal, and controlling multimedia content provided to an output system of the multimedia system based on the active user profile.

Abstract: A token generating organization may include distributed tokenization systems for generating tokens corresponding to sensitive information. Sensitive information may include sensitive numbers such as social security numbers, credit card numbers or other private numbers. A tokenization system may include multiple physically distinct hardware platforms each having a tokenization server and a database. A tokenization server may run portions of a sensitive number through a predetermined number of rounds of a Feistel network. Each round of the Feistel network may include tokenizing portions of the sensitive number using a fractional token table stored an associated database and modifying the tokenized portions by reversibly adding portions of the sensitive number to the tokenized portions. The fractional token table may include partial sensitive numbers and corresponding partial tokens.

Abstract: A method for managing rights of issuing a Rights Object (RO), and a method for moving an RO created by a Local Rights Manager (LRM) between Digital Rights Management (DRM) Agents, are discussed. A Right Issuer (RI) permits an LRM to move an RO created (or issued) by the LRM to move via the RI, and a first DRM Agent moves the RO to a second DRM Agent via the RI.

Abstract: Enforcing data sharing policy through shared data management, in one aspect, may include extracting data access rights from the one or more data policies based on a user role, data purpose, an object set and a constraint identification; extracting a data domain from the one or more data policies based on the data purpose and the object set; associating the data access rights and the data domain with data attributes of the shared data; automatically responding to application-based offers and requests for the shared data within a Software-as-a-Service platform based on the data access rights.

Abstract: A method, system and computer-usable medium are disclosed for controlling access to attribute information. A request is received from an application for attribute information. An attribute release policy associated with the requesting application is used to filter attributes stored in a datastore. The filtered attributes are then provided to the requesting application.

Abstract: An approach for enabling contextual categories to be associated and scored in connection with a defined geographic region is described. A transient services platform establishes, based on biometric authentication of a user, a limited session for completing a transaction. The transient services platform then determines, based on a defined geographic region, a context to associate with the transaction. Credentials associated with the user are transferred to the transaction agent based on the authentication and the determined context.

Abstract: According to an aspect of the invention, a method for establishing secure communication between nodes in a network is conceived, wherein the network comprises a key manager which accommodates a key-manager-specific public key and a corresponding key-manager-specific private key; wherein a copy of the key-manager-specific public key is stored in an installation device; wherein the installation device provides a new node with the copy of the key-manager-specific public key; and wherein said new node is registered with the key manager by providing a node-specific public key and an identifier of said new node to the key manager, such that other nodes in the network may setup end-to-end secure connections with said new node by requesting the node-specific public key of said new node from the key manager.

Abstract: A method of securing a telecommunication terminal that is connected to a module used to identify a user of the terminal is described. The method includes a step including executing a procedure in which the terminal is matched to the identification module, consisting in: securely loading a first software program including a data matching key onto the identification module; securely loading a second software program which can operate in conjunction with the first software program onto the telecommunication terminal; transmitting a data matching key that corresponds to that of the first software program to the second software program; storing the transmitted data matching key in the secured storage zone of the telecommunication terminal; and conditionally submitting every response from the first software program to a request from the second software program upon verification at the true value of the valid possession of the data matching key by the second program.

Abstract: A server to implement human response tests of graduated difficulty can suppress access by spambots. The server includes a network interface and a test controller. The network interface connects the server to a network and facilitates electronic communications between the server and a client computer coupled to the network. The test controller is coupled to the network interface. The test controller implements a human response test with a level of difficulty on the client computer in response to an access request by the client computer. The level of difficulty of the human response test is dependent on a determination whether the access request is deemed to originate from a spambot.

Abstract: A moving image data distribution system for distributing reproduction content data that is hierarchically structured so that lower layer data is synthesized with upper layer data to form high quality data. The moving image data distribution system includes a transmitting apparatus and a receiving apparatus.

Abstract: A method and apparatus for authenticating a client is described. In one embodiment, an identity provider server authenticates the client that is redirected from a relying party server. The identity provider server authenticates the client without receiving a replayable credential from the client. Upon authentication of the client, the identity provider server transmits a token of authentication to the client.

Abstract: Embodiments of the invention relate to partial authentication to access incremental information. An aspect of the invention concerns a method of authorizing access to information that comprises providing an initial segment of a password wherein the password includes password segments each associated with an incremental portion of the information. In response to the initial password segment satisfying an expected value, the method may authorize access to the information portion associated with the initial password segment. The method may authorize access to other information portions associated with subsequent segments of the password in response to the subsequent password segments satisfying respectively expected values.

Abstract: Controlling resource access by entities hosted by an execution extension environment via entity identifiers associated with the resources or with the execution extension environment. Policy sets define the access to the resources. Each policy set includes a principal identifier for execution extension environment, a resource identifier for one of the resources, and access rights. The principal identifier or the resource identifier includes one of the entity identifiers. Access requests from entities are evaluated by comparing the entity identifiers to the policy sets. In some embodiments, the policy sets implement access control for web browsers hosting executable code that attempts to access resources on a computing device.

Abstract: Systems for providing information on network firewall host application identification and authentication include an identifying and transmitting agent on a host computer, configured to identify each application in use, tag the application identity with a host identity, combine these and other information into a data packet, and securely transmit the data packet to the network based firewall. The embodiment also includes an application identity listener on the network based firewall, configured to receive the information data packet, decode the data packet and provide to the network based firewall the identity of the application. The network based firewall is provided with an application-awareness via an extension of firewall filtering or security policy rules via the addition of a new application identity parameter upon which filtering can be based. Other systems and methods are also provided.

Abstract: The present invention relates to an authentication and management service system for providing location information wherein in providing location information on an individual through a mobile network by using a certificate for location information sharing, the certificate for location information sharing is issued previously to a wireless terminal (mobile phone) of a designated person (parent) of a location information sharing object (child), the location information of the location information sharing object is requested and received from a mobile communication system, and the certificate for location information sharing is selectively provided and managed to other designated person and organization.

Abstract: In various aspects, code-based indicia contain secured network access credentials. In some aspects, a computer processor receives user input that specifies secured network access credentials, and the computer processor creates or modifies credentials for establishing a secured network connection. In these aspects, the computer processor generates code-based indicia that contain at least part of the secured network access credentials. In other aspects, a computer processor scans the code-based indicia and extracts the network access credentials. In these aspects, the computer processor employs the network access credentials to establish the secured network connection. In additional aspects, a network router apparatus renders the code-based indicia to an active display. In further aspects, a network router apparatus conditions grant of network access to a device on receipt from the device of an answer to a security question included in the secured network access credentials.

Abstract: Systems and methods are provided for sharing passwords from one user to another. In one embodiment, a system is provided. The system generates a password based on the phone number, resource, and an encryption method. The system then generates an encrypted resource, based on the email address, phone number, file, and the encryption method. The encrypted resource may then be decrypted using the password received from the second user, after successfully identifying the second user and the file, and allowing the second user to access the file using the web page.

Abstract: The present application relates generally to wireless communication systems and more specifically to systems, methods, and devices for remote credentials management within wireless communication systems. In one aspect, a method of obtaining provisioning information via a service provider network, such as a cellular network, for a device is provided. The method includes transmitting an attach request via the service provider network for provisioning service, the attach request including device vendor information which includes a unique identifier for the device. The method further includes receiving provisioning information from the service provider upon authentication of the device vendor information. In other aspects, systems and methods for providing provisioning information are described.

Abstract: Systems and methods for client authentication and verification in a distributed client-server system are described. An authentication and verification system may include a plurality of client devices containing private keys, a first server configured to interface with the plurality of client devices, and a second, secure server configured to interface with the first server and store public keys associated with the private keys on the client devices. A method is further described for verifying client devices in conjunction with the first and second servers. The first server may contain secure tokens that can be decrypted in conjunction with the authentication and verification method.

Abstract: A method is provided in one example implementation and includes identifying a plurality of exporters that are authorized to communicate data to a collector on behalf of a secure domain; generating secure credentials for the secure domain; communicating the secure credentials to the collector; and authenticating the exporters using the secure credentials. In more particular implementations, the method can include receiving the secure credentials; receiving certain data that includes identifying information, which further includes an Internet protocol (IP) address of a source associated with the certain data; accepting the certain data if the secure credentials validate the identifying information; and rejecting the certain data if the secure credentials do not validate the identifying information.