Abstract: Techniques for user authentication are disclosed. In some situations, the techniques include receiving, from a client device, an authentication request to access a network resource, the request including a user identifier, obtaining a security credential associated with the user identifier contained in the received request, generating an authorization code based on the obtained security credential, providing to the client device instructions to obtain first information corresponding to the generated authorization code, receiving, from the client device, the first information provided in response to the provided instructions, and, when the first information received from the client device corresponds to at least a portion of the generated authorization code, authorizing the client device to access the network resource.

Abstract: A system and method for challenge question authentication comprises determining whether a log-in attempt requires additional authentication. A user attempts to log-in using a first application and a first delivery channel. When additional authentication is required, a challenge question is communicated to the user using a second application and a second delivery channel. The challenge question is specific to the user. An answer to the challenge question is received, and the user provides the answer using the first application and the first delivery channel. The log-in attempt is completed when the answer to the challenge question is correct.

Abstract: A software application executing in a first local operating environment may be used to connect to a remote server that requires a credential of a user to complete a transaction. In a second local operating environment that operates external to the first local environment, a user may be authenticated based on a user input received in the second local operating environment. The credential of the user may be securely communicated to the remote server from the second local operating environment. Other embodiments are described and claimed.

Abstract: The secure sharing of network security credentials allows a wireless communication device to connect to a network. By sharing the security credentials out of band, using a different communications protocol (such as Bluetooth or Bluetooth Low Energy), devices can be easily and securely connected to the network.

Abstract: In one embodiment disclosed herein is a method of processing a request made by a terminal of a user to access a resource made available to a client entity by a platform of a cloud computer service supplier.

Abstract: A method for securely communicating information between an authenticator at a local endpoint and a remote device at a remote endpoint and for authenticating to the remote device. The method comprises activating the authenticator; determining at least one communication scheme useable at the local or remote endpoints or any midpoints between the local and the remote endpoints on a communication channel; determining authentication schemes and authentication credentials usable at the local or remote endpoints or any midpoints on the communication channel; determining data encryption schemes useable at the local or remote endpoints or any midpoints on the communication channel; a user supplying authentication credentials to the authenticator; the authenticator supplying determined authentication credentials to the remote device; and responsive to a successful authentication, the authenticator and remote device exchanging information according to a determined communication scheme and a determined encryption scheme.

Abstract: To improve the convenience of a user and further provide service comfortable and safe for the user. A PK storing PMD as personal related information of a user communicates with a service system. When first using the service system, the PK stores the service ID of the service system and a spoofing preventing method. When the PK communicates with the service system for a second time and thereafter, a spoofing preventing process is mutually performed, and then the PMD is provided to the service system. The service system reads or changes the PMD on the basis of access permission information set in advance by the user. The present disclosure is applicable to PDAs.

Abstract: A method and apparatus for protecting browser private information have been disclosed. The method including: detecting a viewing request to view private information of a current browser page; obtaining a current user's face image upon detecting the viewing request; determining based on a pre-set face recognition method, whether the current user's facial image and a registered user's face image bear same face print features, wherein the face print features are utilized to uniquely identify facial features of a person; and displaying the private information of the browser page, in response to a positive determination of bearing the common face print features.

Abstract: Systems and methods for providing identification tests. In some embodiments, a system and a method are provided for generating and serving to a user an animated challenge graphic comprising a challenge character set whose appearance may change over time. In some embodiments, marketing content may be incorporated into a challenge message for use in an identification test. The marketing content may be accompanied by randomly selected content to increase a level of security of the identification test, in some embodiments, a challenge message for use in an identification test may be provided based on information regarding a transaction for which the identification test is administered. For example, the transaction information may include a user identifier such as an IP address. In some embodiments, identification test results may be tracked and analyzed to identify a pattern of behavior associated with a user identifier. A score indicative of a level of trustworthiness may be computed for the user identifier.

Abstract: A method of authenticating a user using a server and an image forming apparatus using the same, the method including: transmitting, from an image forming apparatus to a first server that functions as an authentication server, user authentication information; determining if the first server authenticates the user based on the user authentication information; and transmitting, to a second server that processes image data, the user authentication information if the first server authenticates the user, wherein the second server authenticates the user based on the transmitted user authentication information authenticated by the first server. Thus, the user of the image forming apparatus can be automatically authenticated by the second server by authenticating the user on the first server.

Abstract: An authentication system is presented that relies on an arrangement of positions defined through a positional matrix to determine the order in which two or more sets of images are extracted from a file structure and presented to a user through the mutually parallel rows or columns of a selection mechanism during the administration of an authentication challenge and which then attempts to authenticate the user's right of access or verify their identity based on the representational positions and relative alignment of the images matched by the user in some prescribed manner through the selection mechanism thus allowing the system to perform its authentication functions without having to explicitly reference, process, transmit or store any specific image identifiers, display coordinates or file designators that could, if otherwise compromised, reveal the proprietary images chosen by the user for the purpose of their authentication.

Abstract: A system and method for securely storing, retrieving and sharing data using PCs and mobile devices and for controlling and tracking the movement of data to and from a variety of computing and storage devices.

Abstract: Methods, apparatuses, and computer-readable media for obtaining a limited ID cookie for ad targeting are disclosed. A client requests a limited ID cookie from a cookie making module (CMM), which sends a personal cookie to a verification module for verification. After verification, verification module sends a user ID with user information to CMM. CMM creates the limited ID cookie, and the limited ID cookie is sent to the client. The limited ID cookie is sent to an ads server which utilizes the limited ID cookie to target ads towards the user.

Abstract: Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).

Abstract: In embodiments of the present disclosure improved capabilities are described for a dual-use wireless network where the network may be used concurrently by the general public and by a managing agency (e.g., government or other agencies), but limited as deemed necessary in times of access restriction as determined by the managing agency, where network access may be denied to users/entities whose priority value is lower than the minimum allowed priority value set by the managing agency, or is not one of a set of allowed high priority access values or classes set by the managing agency.

Abstract: A method of providing, by an electronic device, a service to an external device is provided. The method and electronic device includes receiving, from the external device, information about the external device and information about a service requested by the external device, displaying on a screen an object including the information about the external device and the information about the service requested by the external device, receiving an acceptance input of a user for providing the service requested by the external device, and providing the service requested by the external device to the external device based on the acceptance input.

Abstract: A method on an electronic device for a wireless network is described. Unique IDs, detectable by the electronic device, are scanned over a period of time. A unique ID is detected. A plurality of detectable time intervals is determined, within the period of time, for the unique ID. An authentication start time and an authentication end time for the unique ID are determined based on at least three of the plurality of detectable time intervals. Authentication data for the unique ID is stored in a historical database. The authentication data includes the authentication start time and the authentication end time. The electronic device is unlocked based on a lookup of authentication data in the historical database.

Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.

Abstract: In certain embodiments, a system for providing internal services to third party enterprises comprises a memory module operable to store credentials associated with each of a plurality of third party enterprises, an interface module operable to receive a service request associated with a particular third party enterprise, the service request including a token associated with the particular third party enterprise, and a processing module operable to validate the particular third party enterprise, determine a particular internal service offered by an enterprise that is the subject of the service request, the interface module further operable to forward the service request to the particular internal service, receive results corresponding to the service request generated by the particular internal service, and communicate the results corresponding to the service request to the particular third party enterprise, and the memory module further operable to store the results corresponding to the service request.

Abstract: Disclosed are various embodiments for facilitating temporary virtual identities in a social networking system. An identity associated with a user is authenticated. A time period, location or other parameter associated with the user is authenticated. The temporary virtual identity is registered in the social networking system. Content generated by the user is published in the social networking system under the temporary virtual identity.

Abstract: A method is disclosed for establishing a secure communication session using composite key cryptography. The method comprises generating a first plurality of secret keys all of which are known only to a first communicating party and each one of which is shared with exactly one of a plurality of stewards, and generating a second plurality of secret keys all of which are known only to a second communicating party and each one of which is shared with exactly one of the plurality of stewards. The first and second communicating parties each send information to the other through different stewards, each communication leg being encrypted using a secret key known only to the respective communicating party and steward. These communications are usable to distribute cryptographic seeds to the communicating parties for use in generating a temporary session key that can be used to encrypt direct communications between the parties.

Abstract: Security of near-field communication (NFC) may be enhanced. A user authentication may be provided via a mobile device enabled as a first NFC device. The user authentication may be specified by an end user of the mobile device for permitting NFC with a second NFC device. The user authentication may be related to an environmental object or a perspective of the mobile device specified by the end user. It may be determined whether the mobile device and the second NFC device are in proximity to one another. When the mobile device and the second NFC device are in proximity to one another and a detected action performed by a user with the mobile device is substantially similar to the provided user authentication, NFC between the mobile device and the second NFC device may be permitted.

Abstract: Techniques are disclosed for methods, architectures and security mechanisms for a third-party application to access content in a cloud-based platform. In one embodiment, a method includes, providing a third-party application with direct access to content in a cloud-based environment. The third-party application is hosted by an entity different from that of the cloud-based environment. In some embodiments, the direct access to the content in the cloud-based environment is provided to the third-party application and accomplished without a need to access an application that is native to the cloud-based environment.

Abstract: A system and method are provided for identification of a user collecting enrollment data from the user including dwell times for each of an enrollment series of login attempts; creating an iterative unified identification score for the user from the dwell times of login attempts; establishing an iterative average of identification score; establishing a standard deviation of the iterative identification score; deleting the dwell times and other data of the enrollment series of login attempts; prompting and collecting login specific dwell times; calculating a login identification score; comparing the login identification score to the iterative unified identification score, and updating the iterative scores and the iterative standard deviations and storing between login attempts only an iterative average dwell time, an iterative average flight time, the unified identification score and iterative standard deviation of the unified identification score.

Abstract: An authentication method and an authentication system based on forking, and a forking authentication device are provided.

Abstract: When authentication information is input via an IC card reader and includes predetermined information. A portable terminal corresponding to the authentication information is identified, and specific identification information that identifies an image-data file associated with the authentication information is extracted. The extracted specific identification information is transmitted to the identified portable terminal, and the portable terminal displays a list of the received specific identification information on its touch panel. The operation of a printing mechanism is controlled, so that the image-data file corresponding to the specific identification information that selected with a touch panel on the portable terminal is accessed, and an image defined by the image-data file defines is printed on a sheet.

Abstract: A communications device provides a biometric reader to authenticate users onto the communications device based on a single biometric input. The communications device maintains a local copy of the strong authentication credentials, such as a user identification and password, and the biometrics which were previously input by users of the communications device. Then, rather than requiring re-entry of the strong authentication credentials to authenticate (or re-authenticate) these users onto the communications device, the communications device is able to authenticate the users based on the input of the appropriate biometric. When a biometric input is received, the communications device identifies the locally stored strong authentication credentials that is associated with the input biometric, and uses the locally stored strong authentication credentials to authenticate the user.

Abstract: A method of enabling applications to reference user information is provided, including receiving a request for a user identifier that references a user of the application and sending a second request for the user identifier to a server. The second request may include a second user identifier that references the user and a second authentication token for the second user identifier. Furthermore, the second user identifier and the second authentication token are not accessible by the user. The method includes receiving the user identifier and an authentication token for the first user identifier. The user identifier corresponds to the second identifier; and providing the user identifier and authentication token to the application. A method of enabling an application to identify users associated with a user of the application is provided; the method may include receiving, from the server, user identifiers that reference one or more users scoped to the application.

Abstract: A server apparatus includes: a first management unit which relates authentication image data of user authentication to authentication input data and manages the related data as authentication information; a request transmission unit which transmits a plurality of image data including the authentication image data included in the authentication information managed by the first management unit and transmits a request for the authentication input data related to the authentication image data; a reception unit which receives image data selected by a user from among the plurality of image data and input data input by the user in accordance with the request transmitted by the request transmission unit; and a determination unit which determines whether or not the user is successfully authenticated based on whether or not the authentication information in which the image data and the received input data are related to each other is managed by the first management unit.

Abstract: The present invention relates generally to the use of biometric technology for authentication and identification, and more particularly to non-contact based solutions for authenticating and identifying users, via computers, such as mobile devices, to selectively permit or deny access to various resources. In the present invention authentication and/or identification is performed using an image or a set of images of an individual's palm through a process involving the following key steps: (1) detecting the palm area using local classifiers; (2) extracting features from the region(s) of interest; and (3) computing the matching score against user models stored in a database, which can be augmented dynamically through a learning process.

Abstract: This document describes, inter alia, techniques for configuring or setting up a wireless device. As an example of the features described herein, a first wireless device may be used to configure a second wireless device as follows: the first wireless device may detect that the second wireless device is available and is configurable; the first wireless device may connect to the second wireless device and transmit configuration information to the second wireless device, where the configuration information includes credentials that may be used to access a wireless network (e.g., a password to access a Wi-Fi network); the first wireless device and the second wireless device may then both connect to the wireless network, using the credentials; once both devices are connected to the wireless network, the first wireless device may verify that the second wireless device has been correctly configured.

Abstract: Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.

Abstract: A login method and device, and a terminal and a network server are disclosed, which relate to communications technologies. In the method, acquire an account waiting for login and a first password, and judge whether the first password is the same as a local password bound with the pre-stored account. If the first password is the same as the local password bound with the pre-stored account, upload a second password corresponding to the pre-stored account to a network server for matching, and log in to the account once the second password is successfully matched. The present invention introduces a custom password (i.e., the first password), thus avoids the complexity to enter an actual login password (i.e., the second password) and the unsafety to remember the actual login password in a terminal, and enhances the convenience and safety for login and offers greater user experience.

Abstract: A method, apparatus, system, and computer program product for management of storage devices protected by encryption, user authentication, and password protection and auditing schemes in virtualized and non-virtualized environments.

Abstract: Methods, systems, and products authenticate a user to a device. A user selects or submits a media file for authentication. Features in the media file are compared to a set of criteria for authentication. The number of matching criteria, that is within a range of values for each criterion in the set of criteria, is determined. The number of matching criteria is compared to a threshold value. When the number of matching criteria equals or exceeds the threshold value, then the user that selected or submitted the media file is authenticated.

Abstract: Systems, methods, and apparatus to monitor mobile Internet activity are disclosed. An example method comprises determining if an application identified by an identifier of a content request from a client device supports authentication; transmitting content identified by the content request to the client device if the identifier of the content request identifies an application that supports authentication; and storing an identifier of the content requested by the content request in association with the client device.

Abstract: A method including: receiving, at a first device, a challenge provided from a second device, wherein the challenge includes an encoding algorithm and a request for credentials from the first device; and outputting, from the first device to the second device, a response to the challenge, wherein the response includes at least one image, the at least one image including an article of evidence arranged according to the encoding algorithm.

Abstract: A method for providing multiple authenticator support when responding to RADIUS Access Request messages is disclosed. The method for providing multiple authenticator support when responding to RADIUS Access Request messages includes receiving a RADIUS Access Request message, retrieving customer authentication information having a first and second authenticator value; attempting authentication against the first authenticator value, and in the event that a failure to authenticate occurs, then attempting authentication against the second authenticator value. In the event of a successful authentication against either the first or second authenticator value, a RADIUS Access Accept message is provided. Examples of first and second authenticator values include a UserName and a MAC address. The method for providing multiple authenticator support when responding to RADIUS Access Request messages provides advantages over single authenticator value systems known in the art.

Abstract: A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user's activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member's connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion.

Abstract: Certain example embodiments transform a third-generation language (3GL) and/or an Assembler program so that it can be executed within a fourth-generation language (4GL) runtime environment. Certain example embodiments include a method for transforming a 3GL and/or an Assembler program that is callable by a 4GL program so that the 3GL and/or Assembler program is executable upon call by the 4GL program and from within a 4GL runtime environment. For instance a 4GL identifier may be included in the executable of the 3GL and/or the Assembler program to facilitate execution of the 3GL and/or the Assembler program upon call of the fourth-generation language (4GL) program and within the 4GL runtime environment.

Abstract: A system is described that contains a device including a memory with a management application installed thereon. The management application contains a manager that generates a plurality of user accounts and associates at least one communication service as a messaging account with each user account, and an interface module that generates a user interface that presents the plurality of user accounts and that modifies the user interface based on the identification of the selected user account to present a selected account display.

Abstract: The objective of the present invention is to disable functionality of an additional-function unit if an unauthorized program has been installed in an information processing device, thereby preventing an unauthorized program from acquiring, in an unauthorized manner, information from the additional-function unit.

Abstract: A computer system includes a firewall between the computer system and an external network. Private data sources are protected by the firewall. An agent executed behind the firewall is configured to connect to a target data repository external to the firewall, specify a data set in the form of a query against one or more of the private data sources, generate the data set by executing the query against one or more of the private data sources, and export the data set through the firewall and into the target data repository.

Abstract: A communication apparatus that selects one out of a plurality of authentication modes for connecting to a network for which an authentication is required, identifies network information relating to a connection target network, and authentication information for executing an authentication, selects an authentication mode to be used from the plurality of authentication modes based on the network information and one or more attributes for when connecting to the connection target network based on the authentication information, and executes an authentication for connecting to the connection target network using the selected authentication mode.

Abstract: A method and system for securing an electronic communications session between a mobile device and a network server is provided. The method includes requesting, from the mobile device, a unique session identifier from an authentication server. The authentication server in turn requesting the session identifier from the network server on behalf of the mobile device and, upon receipt thereof, communicating it to the mobile device over a secure communication channel between the mobile device and the authentication server, established using a unique digital certificate on the mobile device which was previously issued to it by a trusted certification authority. The session identifier being useable by the mobile device and network server to secure, mutually validate and authenticate the electronic communication session between them conducted by means of a conventional electronic communications protocol.

Abstract: A computer program for enabling secured, transparent encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository and automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user. Additionally, the program destroys the key after termination of each encryption/decryption session.

Abstract: An authentication system includes one or more portable terminals and an electronic device. The electronic device includes a storage section, a terminal location acquiring section, a determining section, an authentication section, and a right granting section. The storage section stores authentication information of each of one or more users, usage right information of each user, and location information of the electronic device. The terminal location acquiring section acquires location information of each portable terminal. The determining section determines a first portable terminal that is located within a specific authentication distance from the electronic device, based on the location information. The authentication section performs authentication of a first user associated with the first portable terminal, based on the authentication information of the first user. The right granting section permits the first user to use the electronic device within a scope of usage right granted to the first user.

Abstract: A WiFi roaming management method and device which redirect an HTTP request of a mobile terminal from an AP to an AC even though the AC and the AP do not exist in the same subnet, which redirects a source IP address for an HTTP request, after transferring, to an IP address of the AC, and which smoothly support a wireless Internet service in a distributed processing system according to a web authentication of the AC in a WiFi roaming method is provided. A terminal session management function and a traffic control function are separated by a premium AC (Access Controller) and a premium AP (Access Point) interworked with a tunneling method according to a CAPWAP protocol.

Abstract: The present disclosure describes methods, systems, and computer program products for maintaining application session continuity across different devices. One computer-implemented method includes identifying a first application session of an application executing within a portal environment. The first application session of the application is associated with a first user who is operating at a first device. A representation of an application state for the first application session of the application is stored. A request is received to execute a second application session of the application within the portal environment from the first user operating at a second device different form the first device. The second application session of the application can be instantiated for execution within the portal environment. The second application session is instantiated to a state corresponding to the stored representation of the application state of the first application session.

Abstract: Technologies are generally described for authentication systems. In an example, an authentication system can be built among devices by sharing an image that is virtually torn into pieces. Each participant in the authentication system receives a piece of the image. The participants are authenticated when the pieces are later joined to form the original image.