Abstract: A method for authenticating a computing device includes: storing an account profile, the profile including data related to a service account including an alphanumeric code; generating a session identifier and a seed value; computing a first hash using the session identifier; computing a second hash using the session identifier and the alphanumeric code; computing a third hash using the second hash and a utilized seed value; transmitting the session identifier to a computing device via a first communication protocol; transmitting the session identifier and first hash to a remote notification service for transmission to the computing device via a second communication protocol; receiving a fourth hash and the session identifier from the computing device via the first communication protocol; validating the fourth hash based on a comparison of the fourth hash and the computed third hash; and transmitting a validation result to the computing device based on the validation step.

Abstract: Systems and methods to let users connect authentically with new people anywhere nearby in homes, offices, classrooms, dorms, bars, etc., where the users can be who they really are, and also say what they want without fear, using periodic anonymized posting of expiring content from an otherwise attributed user profile. Users put out a broadcast message and get back personal communications. A one-to-many message from a user results in a one-to-one private communication, which feature may be referred to as “social to personal”.

Abstract: Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example method comprises determining if a media request originated from a desktop computer or a mobile device by inspecting a user agent identifier of the media request. The media request is blocked if the media request originated from the desktop computer, the blocking to prevent the media request originating from the desktop computer from affecting a media exposure monitoring result. If the media request originated from the mobile device, an identifier of the media requested by the media request in association with the mobile device is stored.

Abstract: In an embodiment, an administrative computer system receives user login credentials from a user and makes at least one of the following determinations: that the user identifier does not match any existing user account, that the user identifier matches at least one existing user account, but that the user's account is in a locked state, or that the user identifier matches at least one existing user account, but the user's password does not match the user identifier. The administrative computer system then returns to the user the same response message regardless of which determination is made. The response indicates that the user's login credentials are invalid. The response also prevents the user from determining which of the credentials was invalid, as the response message is the same for each determination and is sent to the user after a measured response time that is the same for each determination.

Abstract: The present disclosure describes methods, systems, and computer program products for measuring strength of a unit test. One computer-implemented method includes receiving a login request for a portal user from a mobile device, exposing one or more available widgets based, at least in part, on credentials associated with the portal user, determining that a widget identified in a received widget selection is a mobile-aware widget (MAW), receiving mobile device data responsive to a query to select a specific action associated with the MAW, the mobile device data associated with the specific action, and transmitting the received mobile device data to the MAW.

Abstract: This is directed to a digital handshake for establishing a secure communications path between two electronic devices. Each device can capture an image of the other device using a camera (e.g., a front facing camera or a back facing camera) and extract, from the captured image, a key or seed associated with the other device. For example, each device can display a seed to be identified from an image taken by the other device. Using the extracted keys or seeds, each device can generate, using a same process, an identical digital handshake key. The digital handshake key can then be used to define a secure communications path between the two devices and share information securely. In some embodiments, a digital handshake key can be shared among several devices to create a multi-device secure communications path. Once a communications path has been established, the devices in the path can be identified and authenticated from the digital handshake key to receive access to secured goods, services or information.

Abstract: Some implementations may provide a machine-assisted method that includes: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction; generating first machine-readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the transaction request, the first inquiry including the credential information of the submitting user, as well as the summarized transactional characteristics that is applicable only once to the underlying transaction request; and receivin

Abstract: A method and system for accepting user inputs over a network. The user is provided with an input widget on a client system to collect and send an input and user identity information to a server system, without the requirement to authenticate the user identity on the client system upfront. The server stores the user input and the user identity information, and associates the user input information with the user identity information. The server system sends to the user identity URL a message comprising of the user input information and an indication of action such as a link that the user is to perform to confirm the authenticity of the input. In response to the indicated action being performed, the server system processes the user input as authenticated input.

Abstract: One aspect of the invention is a system for mobile device authentication. The system includes a public-facing server configured to interface with a mobile device. The system also includes a secure server configured to interface with the public-facing server and an authorization station. The authorization station includes processing circuitry configured to establish authorization limits for the mobile device and generate an authentication key associated with the authorization limits. The processing circuitry is further configured to provide the authentication key and an identifier of the mobile device to the secure server, and generate an authorization code including an encoded version of the authentication key and an address of the public-facing server. The processing circuitry is also configured to provide the authorization code to the mobile device to establish authentication for the mobile device to receive data from a control system network as constrained by the authorization limits.

Abstract: Systems and methods are disclosed herein to method comprising: providing a first system; generating data to be sent over a network link; determining a transport protocol that will be used to transmit data over the network communication link; negotiating connection services to be performed on data that will transmitted over the network communication link; sending a request to open a network communication link; sending a request to the connectivity services of the second system for credentials of the second system; receiving the credentials from the connectivity services module of the second system; verifying that the credentials match an authenticated computer system; opening a network connection between the first system and the second system when the second system's credentials have been verified by the connectivity services module of the first system; and transmitting the data to the second system according to the determining network protocol and negotiated connection services.

Abstract: Device information for each of multiple devices associated with a user account is maintained by a cloud service. The device information can include credential information allowing the device to be accessed by other ones of the multiple devices, remote access information indicating how the device can be accessed by other ones of the multiple devices on other networks, and property information including settings and/or device drivers for the device. The device information for each of the multiple devices is made available to other ones of the multiple devices, and can be used by the multiple devices to access one another and provide a consistent user experience across the multiple devices.

Abstract: A device receives capability information associated with a next hop device of a wireless local area network (WLAN). The device also determines, based on the capability information, whether the next hop device is capable of implementing security for traffic, where the security includes a media access control (MAC) security standard and a layer 2 link security standard. The device further creates, via the MAC security standard, a secure channel with the next hop device when the next hop device is capable of providing security for traffic.

Abstract: A system and method for receiving a request for a container document, determining whether the request is for a container document associated with a user group, determining whether a requestor of the request is associated with a level of status within the user group among a plurality of levels of status within the user group, determining the level of status of the requestor based on a determination that the requestor is associated with a level of status within the user group, requesting configuration information based on a determination that the container document is associated with a user group and the level of status, receiving the configuration information, and serving the container document using the configuration information.

Abstract: A network access credential can be shared among devices based on location information for a device. Location information can include timed fingerprint location information. In an aspect, location information can be associated with a location of user equipment. This location information can be correlated with network access credentials. Location information can be used to access a relevant network access credential. The relevant network access credential can be shared with other devices. In an embodiment, sharing a network access credential can be between mobile devices. In another embodiment, sharing a network access credential can be between a remote computing device and a mobile device. Sharing a credential can allow for access to a network without having to generate or input new credentials.

Abstract: An image processing apparatus which is capable of realizing security improvements without degrading the usability. A user is authenticated, and an operation screen accepting an operation input from the user is displayed. A job is executed according to an instruction of the user authenticated by the user authenticating unit. It is determined whether or not the job of which execution is instructed by the user, is being executed when the user authenticating unit authenticates the user. A first operation screen through which the user inputs an instruction for the job in execution is displayed when the job executing unit is executing the job, of which execution is instructed by the user, whereas another operation screen through which another user inputs an instruction for another job is displayed when not.

Abstract: A content sharing system includes: a server; a first information communication apparatus; and a second information communication apparatus, in which the first information communication apparatus includes a reserve requesting unit which sends to the server a reserve request message for requesting to reserve a sharing space to be newly generated, the reserve request message including first identification information for identifying the second information communication apparatus or the user using the second information communication apparatus, and the server includes: a first storage; and a sharing space generating unit which, upon receiving the reserve request message, generates the sharing space in the first storage, and stores in the first storage the first identification information included in the reserve request message.

Abstract: A group video messaging method stores user information identifying authorized users of a video messaging system, and provides a user interface to the video messaging system. The user interface permits authorized users to transfer video files to the video messaging system for storage and retrieval, and to identify criteria for other authorized users to access each transferred video file. The method also stores in the video messaging system the video files transferred to the system by the authorized users; stores information identifying the user that transferred each stored video file to the video messaging system, and the criteria for authorized users to access the stored video files; and stores information identifying different groups of the authorized users and which of the stored video files are to be accessible to each of the authorized users or authorized user groups.

Abstract: The present invention is directed towards systems and methods for form-based single sign-on by a user desiring access to one or more protected resources, e.g., protected web pages, protected web-served applications, etc. In various embodiments, a single sign-on (SSO) module is in operation on an intermediary device, which is disposed in a network to manage internet traffic between a plurality of clients and a plurality of servers. The intermediary device can identify an authentication response from a server and forward the authentication response to the SSO module. The SSO module can complete a login form in the authentication response with a client's authentication data, return the completed login form to the server and forward cookies associated with the authentication response to the client. In various embodiments, multiple login forms can be completed, transparently to the client, by the SSO module on a client's behalf and reduce time expended by a client in obtaining access to protected resources.

Abstract: A manageability engine, and/or operations thereof, for controlling access to one or more resources of a computer device. In an embodiment, the manageability engine executes an authentication agent to perform authentication of a local user of a computer platform which includes the manageability engine. In another embodiment, the manageability engine includes a device driver to control an input/output device for the local user to exchange an authentication factor via a trusted path between the input/output device and the manageability engine.

Abstract: A computer-implemented technique is presented. The technique can include selectively initiating, at a mobile computing device including one or more processors, communication between the mobile computing device and a public computing device. The technique can include transmitting, from the mobile computing device, authentication information to the public computing device. The authentication information can indicate access privileges to a private account associated with a user of the mobile computing device. The technique can include receiving, at the mobile computing device, an access inquiry from the public computing device. The access inquiry can indicate an inquiry as to whether the user wishes to login to the private account at the public computing device. The technique can also include transmitting, from the mobile computing device, an access response to the public computing device. The access response can cause the public computing device to provide the user with access to the private account.

Abstract: Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user's token might have been stolen.

Abstract: A method and a device for data processing are provided comprising a first instance comprising at least one local trusted unit (LTU) and a local trust manager (LTM), the method comprising the step: The local trust manager provides a policy related information to the at least one local trusted unit and/or to a second instance.

Abstract: Methods and an apparatus to connect a peripheral device to a wireless network access point are provided herein. A host device associated with a wireless network access point stores and obtains a set of wireless credentials related to a wireless network formed by the wireless network access point. The host device opens a connection between the host device and the peripheral device to transmit the set of wireless credentials from the host device to the peripheral device. The host device identifies the peripheral device over the wireless network access point.

Abstract: In one embodiment, receiving, at a first computing device associated with a social-networking system and from a second computing device, a first request to verify an identity of a user of the social-networking system; sending, by the first computing device and to a mobile device associated with the user, a second request for information about the user; receiving, at the first computing device and from the mobile device, the information about the user; determining, by the first computing device, a confidence score indicating a probability that the identity of the user is true based on the information about the user received from the mobile device and information available to the social-networking system; and sending, by the first computing device and to the second computing device, the confidence score.

Abstract: A service request for a managed computer system is received and once a primary authorization for same has been given, a secondary authorization management system (SAMS) determines whether or not the service request requires secondary authorization. This determination is made according to a context of the managed computer system and an authorization profile for the received service request. If needed, the SAMS resolves the secondary authorization request and returns the resolution decision.

Abstract: An application executing on a device is authenticated by an enterprise gateway components. This authentication is done in addition to authenticating the device and user. This includes authenticating apps that are being used on the device. The enterprise, by virtue of the gateway component, can authenticate details about specific app usage. The enterprise gateway component establishes a dedicated link coupling the gateway device and a specific executing app. Prior to this app-specific link being established, the gateway device collects information and stores it in a database, including information about the user, device, and the specific application. Authentication is performed at each level.

Abstract: A client device is coupled with a server. The client device prompts a user to enter a number associated with a mobile device, which can be the client device, and generates data including a code. The code is typically hidden from the user when the code is generated and is saved on the client device. The client device transmits the number entered by the user and the code generated by the client device to the server, which sends a message, including the code, to the mobile device associated with the number. The client device prompts the user to enter the code included in the message. Validity of the number is based on one or more factors, including the accuracy of the code entered by the user. In addition, validity of the number can also be based on whether the second user input was entered within a predetermined time limit.

Abstract: An authentication system by which character strings in squares are selected by a rule determined by a user out of a table in which character strings are assigned to obtain a one-time password. The user memorizes a rule of successively selecting three out of the positions of the squares in a table having five rows and five columns, for example. To each square (402) in the table (401) to be presented to the user, a randomly generated two-digit number is assigned. The table (401) is presented to the user, who arranges the numbers in the squares (402) on the basis of the user's own rule to generate a six-digit number used as a one-time password for authenticating the user. Therefore, the rule for obtaining a one-time password is easy for the user to memorize and a long one-time password can be obtained.

Abstract: A remote access manager in a virtual computing services environment negotiates a time limited NAT routing rule to establish a connection between a remote device and virtual desktop resource providing user computing services. A series of NAT connection rules are revised in a dynamic manner such that a pool of ports is available to connect a plurality of remote users to local virtual compute resources over one or more public IP addresses. Once a connection is established, an entry is made in a firewall state table such that the firewall state table allows uninterrupted use of the established connection. After an entry has been made in the state table, or the routing rule has timed out, the port associated with the original NAT routing rule is removed and the same port can be re-used to establish another connection without disrupting active connections.

Abstract: A single passcode can be used for validation by a user of several entities in a system without compromising security. The source of the entity providing validation credentials, along with the passcode, is considered when determining validity. A one-time password system validates credentials if a validation credentials, such as a user's valid passcode and the source of the credentials, have not been used previously. In a one-time passcode system, a validation processor receives validation credentials from a client processor. If the client processor has not previously sent the validation credentials to the validation processor, and the credentials are valid, the validation processor will validate the credentials. Otherwise, the credentials are invalid. Other client processors can utilize the same passcode and their respective source identifiers, and as long as the other client processors have not previously utilized the credentials, the credentials are declared valid.

Abstract: A mobile device includes a session maintainer application, a native application and a shell application and a link to a web application. If a user is seeking to access a native application, and an active session has not been established, user login credential is obtained, a session token is obtained upon verification of the user login credential, and the obtained session token is provided to the native application. If the user is seeking to access a web application, and an active session has not been established, a session token is obtained upon verification of the user login credential and the obtained session token is provided to the shell application. If an active session has been established then the obtained session token is automatically provided to the native or shell application when the user subsequently seeks access to the respective application.

Abstract: Key requests in a data processing system may include identifiers such as user names, policy names, and application names. The identifiers may also include validity period information indicating when corresponding keys are valid. When fulfilling a key request, a key server may use identifier information from the key request in determining which key access policies to apply and may use the identifier in determining whether an applicable policy has been satisfied. When a key request is authorized, the key server may generate a key by applying a one-way function to a root secret and the identifier. Validity period information for use by a decryption engine may be embedded in data items that include redundant information. Application testing can be facilitated by populating a test database with data that has been encrypted using a format-preserving encryption algorithm. Parts of a data string may be selectively encrypted based on their sensitivity.

Abstract: Method, apparatus, and system for qualifying CPU transactions with security attributes. Immutable security attributes are generated for transactions initiator by a CPU or processor core that identifying the execution mode of the CPU/core being trusted or untrusted. The transactions may be targeted to an Input/Output (I/O) device or system memory via which a protected asset may be accessed. Policy enforcement logic blocks are implemented at various points in the apparatus or system that allow or deny transactions access to protected assets based on the immutable security attributes generated for the transactions. In one aspect, a multiple-level security scheme is implemented under which a mode register is updated via a first transaction to indicate the CPU/core is operating in a trusted execution mode, and security attributes are generated for a second transaction using execution mode indicia in the mode register to verify the transaction is from a trusted initiator.

Abstract: The behavior of a group of resources, such as a fleet of servers, can be monitored to attempt to determine a baseline of acceptable behaviors. When a behavior is observed, the baseline can be consulted to determine whether the behavior is indicated to be acceptable. If not, the rate or extent at which the newly observed behavior is observed on groupings of similar resources can be monitored. This information can be used to determine whether the behavior is acceptable in which case information for the observed behavior can be used to automatically update the baseline such that the baseline is representative of current acceptable behavior within the group of resources.

Abstract: According to one embodiment, techniques are provided to enable secure communication among devices in a mesh network using a group temporal key. An authenticator device associated with a mesh network stores a pairwise master key for each of a plurality of devices in a mesh network upon authentication of the respective devices. Using the pairwise master key, the authenticator device initiates a handshake procedure with a particular device in the mesh network to mutually derive a pairwise temporal key from the pairwise master key. The authenticator device encrypts and signs a group temporal key using the pairwise temporal key for the particular device and sends the group temporal key encrypted and signed with the pairwise temporal key to the particular device.

Abstract: A storage controller and program product is provided for performing double authentication for controlling disruptive operations on storage resources generated by a system administrator. A first request is received from a first user for generation of a first key. A first key is generated, provided to the first user and associated with the storage resource. An input is received from the administrator, the input comprises a second key and a command for performing the disruptive operation. The second key and the first key are compared. It is verified that the administrator is authorized as an administrator of the storage resource. The disruptive operation is performed on the storage resource if the second key and the first key match and the administrator is authorized. Otherwise, the performance of the disruptive operation is denied.

Abstract: Techniques disclosed herein provide for verifying the identity of a prospective social network member using an authentication process in which one or more existing members of the social network who are knowledgeable of the identity of the prospective member communicate with the prospective member in real time. During the real-time communication, biometric information of the prospective member can be associated with a profile for the prospective member. During or after the real-time communication, the existing member(s) can verify the identity of the prospective member. Once the prospective member's identity has been properly verified, the prospective member can be granted access to the social network.

Abstract: A media playing method is provided for playing a media file in different area network groups. Firstly, a first area network group is connected to a network group server through network connection. Then, a communication address data of the second area network group and a device data of an electronic device of the second area network group are acquired from the network group server. According to the communication address data and the device data, a control command is transmitted from the first area network group to the electronic device. According to the control command, the electronic device performs a corresponding controlled task. By using the media playing method, it is not necessary to frequently communicate plural electronic devices with each other. Consequently, the data transmission speed is largely enhanced.

Abstract: In the present invention, a start request terminal transmits start request information including participation restriction information to a management system. A transmission/reception unit of the management system transmits participation authentication information for authenticating participation in an established session to a middle-of-conference participation terminal. A transmission/reception unit of a participation request terminal transmits, to the management system, participation request information for requesting participation of the participation request terminal in an established session and participation authentication information which is input with the terminal in accordance with the participation authentication information transmitted to the terminal.

Abstract: A method for accessing enterprise resources while providing denial-of-service attack protection. The method may include receiving, at a gateway from a client device, a request for a resource, the request comprising a location identifier associated with the resource. The method may further include redirecting, by a redirection message, the request to an authentication device that requests credentials for authentication, the redirection message comprising the location identifier. The method may also include retrieving, after authentication of the credentials, the location identifier from the client device. The method may additionally include providing access to the resource based on the location identifier.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: According to this disclosure, a user is identified (and selectively granted access to protected resources) by using information that describes the user's interpersonal relationships. This information typically is stored in a datastore, such as a digital address book, an online profile page, or the like. The user's digital address book carries an “acquaintance pattern” that changes dynamically in time. This pattern comprises the information in the user's contact list entries. In this approach, the entropy inherent in this information is distilled into a unique acquaintance digest (or “fingerprint”) by normalizing the contact list data, and then applying a cryptographic function to the result.

Abstract: Systems and methods that employ dynamic credentials across distinct authentication standards can be used to reduce the burden associated with repeated re-authentication. A utility can be employed during logon in an alternate operating environment that stores information from the logon dynamically and generates a credential file that is employed to grant access to a resource without repeating the earlier logon procedure, even if the device changes its user state. After processes requiring resource access are complete, or when an allowed time expires, the granted access is revoked and the device returns to a default or standard authentication technique.

Abstract: A computer-implemented system and method for secure electronic message exchange including coupling a control platform to a workstation of a plurality of workstations via a communications medium, where the control platform includes one or more apparatuses for monitoring, controlling, conversion, and billing, related to messages exchanged between a plurality of local users and a plurality of remote users. The system prevents forwarding or copying of a message sent by a local user of the plurality of local users and received by a remote user of the plurality of remote users, to another party by the control platform. The system and method also provides for authenticating the remote user with the control platform.

Abstract: A method and apparatus for storing data and performing logical comparisons and other operations on said data, the results of said comparisons and operations reveal only limited information about the stored data. Stored data may include, but is not limited to, confidential information such as passwords, biometric data, credit card data, personal identifiers that uniquely identify an individual, authorisation levels where an entity may make a claim to have a certain level of access right or authorisation, votes cast in an election, and encryption keys. Control logic within the apparatus prevents direct access to the data store other than via a restricted command interface which prevents data from being revealed. For example, operations such as checking a putative password against a password in the data store is performed by the apparatus which returns a pass or fail, but does not reveal the stored password.

Abstract: A method is disclosed for user verification. From a user system personal data of a first user is provided to a server. From the server the personal data of the first user is provided to an authority server, the personal data for being verified. The personal data of the first user is verified against data stored by the authority server to provide a verification signal indicative of whether the personal data is verified as accurate or other than accurate, the authority server other than a commercial party to a commercial transaction between the first user and the server; and when the personal data of the first user corresponds with data stored by the authority server. Then the verification signal indicating that the personal data is accurate personal data of the first user is provided to the server.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: When a first communication part of an application program management part receives, from an application, an access request requesting use of a protected resource, an authentication information acquisition part acquires authentication information employed for verification of a legitimacy of the application program management part, from an authentication information storage part. A second communication part transmits the access request from the application and the authentication information, to an authentication part that determines whether or not the application is permitted to use the protected resource.

Abstract: A recipient communication device and method wherein a user authenticates a message that is being received. The method includes receiving, by a messaging utility of the recipient communication device, a message transmitted from a sender communication device. The messaging utility determines that one of (a) sender authentication of the message and (b) recipient authentication to open the message is required. In response to sender authentication being required, the recipient communication device transmits a request to the sender communication device for sender authentication of the message, and receives a certification of the message based on an authentication of a user input via the sender communication device. When recipient authentication is required, the recipient is prompted to enter biometric input at the recipient device.

Abstract: A system for creating a combined electronic identification that obtains user information (202) about a user of a hardware device (100), authenticates the user from the user information (202), obtains a hardware profile (208) of the device (100), the hardware profile 208 comprising user generated data stored on the device (100) and links the user information (202) and the hardware profile (208) as a combined electronic identification. The hardware device (100) can be comprised of a main processor, memory, a touchscreen interface, and a wireless communication module, such as a mobile phone, computer, or tablet computer.