Patent application number | Description | Published |
20090172418 | Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value ν | 07-02-2009 |
20100122329 | AUTHENTICATION BASED ON USER BEHAVIOR - One embodiment of the present invention provides a system for authenticating a user. During operation, the system records user behavior history at one or more devices associated with the user. The system then extracts user information associated with a place and/or an activity from the recorded user behavior history. The system further generates one or more challenges based on the extracted user information, thereby facilitating the verification of the user's identity. | 05-13-2010 |
20100122340 | ENTERPRISE PASSWORD RESET - One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user's request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user's response to the challenges. Subsequently, the system compares the user's response to the extracted user information, and authenticates the user. | 05-13-2010 |
20100122341 | AUTHENTICATING USERS WITH MEMORABLE PERSONAL QUESTIONS - One embodiment provides a system that verifies a user's identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user's password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester's response with the stored user response. | 05-13-2010 |
20100125906 | RESETTING A FORGOTTEN PASSWORD USING THE PASSWORD ITSELF AS AUTHENTICATION - One embodiment of the present invention provides a system for resetting a user's forgotten password. During operation, the system receives a user's request for resetting the user's forgotten password and derives one or more challenges from the user's forgotten password. The system then presents the derived challenges to the user and receives a response from the user to the challenges. The system further compares the user's response to the one or more challenges with the user's forgotten password, thereby facilitating password resetting. | 05-20-2010 |
20100153274 | METHOD AND APPARATUS FOR MUTUAL AUTHENTICATION USING SMALL PAYMENTS - One embodiment provides a system for mutual authentication. During operation, a first entity receives an access request from a second entity. In response, the first entity requests information about the second entity's account with a financial service provider (FSP) and transfers a fund to the account. The first entity sends first and second messages through the FSP to the second entity with the fund. Subsequently, the first entity receives from the second entity a first input corresponding to the first message and determines that a first condition is met based on the received first input and the first message. The first entity sends a second input to the second entity based on the second message, thereby allowing the second entity to verify that a second condition is met based on the second input and the second message. The system then produces a result indicating that both the first and second entities are mutually authenticated. | 06-17-2010 |
20100153275 | METHOD AND APPARATUS FOR THROTTLING ACCESS USING SMALL PAYMENTS - One embodiment of the present invention provides a system for controlling access to resources using small payments. The system receives a request from an entity to access a resource. In response, the system requests the entity to submit information about the entity's account with a financial service provider (FSP). The system then transfers a fund to the entity's account and sends a message through the FSP to the entity with the fund transfer. The system receives from the entity an input corresponding to the message and determines that a first condition is met based on the received input and the message. As a result, the system grants the entity access to the resource. | 06-17-2010 |
20110016534 | IMPLICIT AUTHENTICATION - Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system receives a request to access the controlled resources. The system then determines a user behavior score based on a user behavior model, and recent contextual data about the user. The user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern. The recent contextual data, which comprise a plurality of data streams, are collected from one or more user devices without prompting the user to perform an action explicitly associated with authentication. The plurality of data streams provide basis for determining the user behavior score, but a data stream alone provides insufficient basis for the determination of the user behavior score. The system also provides the user behavior score to an access controller of the controlled resource. | 01-20-2011 |
20110035505 | CAPTCHA-FREE THROTTLING - One embodiment provides a system that throttles access to a web resource. During operation, a throttle server receives a request to access the web resource. The request is associated with a computing device used by a user and is redirected from a server providing the web resource. The throttle server then determines whether the computing device has previously accessed a restricted resource different from the web resource corresponding to the request based on the presence or absence of a unique mark associated with the computing device. Based on the determination, the throttle server subsequently generates a response indicating whether the computing device meets a predetermined requirement for accessing the web resource, and sends the response to the server providing the web resource, thereby facilitating access throttling to the web resource. | 02-10-2011 |
20110035784 | METHOD AND APPARATUS FOR DETECTING CYBER THREATS - A method and apparatus for detecting cyber threats using reinforced cookies, which include HTTP cookies, history cookies, cache cookies and/or other types. A history cookie comprises an entry for a particular web page in a browser's navigation history. A cache cookie comprises an entry for a particular object (e.g., an image file) within a browser's cache. Upon a client's first visit to a web server, an identifier record is generated comprising data such as a user ID, a client device ID, an age (e.g., a counter), a cookie type, an authentication field, etc. From the unique identifier, one or more types of reinforced cookies are generated and stored with the client browser. On a subsequent visit, the client's cookie configuration is examined to determine whether the client may be the perpetrator or victim of a cyber attack. Cookies may be updated or replaced on some or all visits. | 02-10-2011 |
20110041178 | AUDITING A DEVICE - The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively read and at least one result is determined. The result is provided to a verifier. | 02-17-2011 |
20110041180 | AUDITING A DEVICE - Auditing a device is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. A sequence of modifications to the physical memory is performed. Results are provided to a verifier. Optionally, once it is determined that no evasive software is active in the physical memory, a scan is performed. | 02-17-2011 |
20110055925 | PATTERN-BASED APPLICATION CLASSIFICATION - Embodiments of present disclosure provide a method and system for remotely auditing a security posture of a client machine at a centralized server. The system receives an integrity-protected report from the client machine, or other devices related to the client machine, the report comprising entries associated with security events or security states or both related to the client machine. The report entries comprise characteristics of the security events or security states to facilitate identification of a probable security attack at the client machine. The system also detects a pattern among one or more reports. Finally, the system classifies the security posture of the client machine based on the detected pattern, which could indicate a probable security attack at the client machine. | 03-03-2011 |
20110119488 | METHOD AND SYSTEM FOR FACILITATING THROTTLING OF INTERPOLATION-BASED AUTHENTICATION - One embodiment provides a system that facilitates throttling of interpolation-based authentication at a client. During operation, the system receives data points encrypted with a public key associated with a throttle server. The system then applies offsets to the data points, wherein a respective offset for a data point is associated with a user input. The system blinds the offset data points, and sends to the throttle server the blinded offset data points, thereby allowing the throttle server to perform an interpolation on the blinded offset data points and maintain a count of interpolation attempts from the client. Subsequently, the system receives from the throttle server an evaluation point based at least on the interpolation. In response, the system unblinds the evaluation point, and uses the unblinded evaluation point as a secret for a subsequent authentication process. | 05-19-2011 |
20110314297 | EVENT LOG AUTHENTICATION USING SECURE COMPONENTS - Some embodiments provide a system that facilitates use of a computing device. During operation, the system obtains an event description of an event on the computing device. Next, the system computes a message authentication code (MAC) for the event description using a secure component associated with the computing device. Finally, the system uses the MAC to maintain the integrity of an event log containing the event description. | 12-22-2011 |
20110314426 | RISK-BASED ALERTS - Some embodiments provide a system that facilitates use of a computer system. During operation, the system obtains notification of a risk associated with a user action on the computer system. Next, the system generates an alert within a user interface based at least on a severity of the risk. The alert may include a set of user-interface elements representing an effect of the user action. The system then receives a response to the alert from a user of the computer system. The response may include a dragging of a first of the user-interface elements in one or more directions to a second of the user-interface elements. Finally, the system processes the user action based at least on the response. | 12-22-2011 |
20110314559 | SYSTEM ACCESS DETERMINATION BASED ON CLASSIFICATION OF STIMULI - An authentication system is disclosed. Information associated with at least one of a user's use of a resource and demographic information associated with the user is collected. The collected information is processed to determine one or more stimuli to be presented to the user. The collected information is processed to determine one or more stimuli to be presented to the user. Classification data provided by the user is stored. Classification data associated with the user is received. The received classification data is compared to the stored classification data. A determination of whether to authorize an action based at least in part on the comparison is determined. | 12-22-2011 |
20120110634 | AUTOMATIC PIN CREATION USING PASSWORD - A PIN is automatically generated based on at least one rule when the user enters a password through a user device. In one example, the PIN is a truncated version of the password where each character in the truncated version is mapped onto a number. The mapping can be a truncation at the beginning or end of the password, or the mapping can be with any pattern or sequence of characters in the password. This PIN generation may be transparent to the user, such that the user may not even know the PIN was generated when the password was entered. When the user attempts to access restricted content, the user may enter the PIN instead of the password, where the user may be notified of the rule used to generate the PIN so that the user will know the PIN by knowing the password. | 05-03-2012 |
20120137340 | IMPLICIT AUTHENTICATION - Embodiments of the present disclosure provide a method and system for implicitly authenticating a user to access controlled resources. The system first receives a request to access the controlled resource from a user. Then, the system determines whether the user request is inconsistent with regular user behavior by calculating a user behavior measure derived from historical contextual data of past user events. Next, responsive to the determined inconsistency of the user request, the system collects current contextual data of the user from one or more user devices without prompting the user to perform an explicit action for authentication. The system further updates the user behavior measure based on the collected current contextual data, and provides the updated user behavior measure to an access controller of the controlled resource to make an authentication decision based at least on the updated user behavior measure. | 05-31-2012 |
20120192277 | SYSTEM AND METHODS FOR PROTECTING USERS FROM MALICIOUS CONTENT - A method, system and device for allowing the secure collection of sensitive information is provided. The device includes a display, and a user interface capable of receiving at least one user-generated interrupt in response to a stimulus generated in response to content received by the device, wherein the action taken upon receiving the user-generated interrupt depends on a classification of the content, the classification identifying the content as trusted or not trusted. The method includes detecting a request for sensitive information in content, determining if an interrupt is generated, determining if the content is trusted, allowing the collection of the sensitive information if the interrupt is generated and the content is trusted, and performing an alternative action if the interrupt is generated and the content is not trusted. The method may include instructions stored on a computer readable medium. | 07-26-2012 |
20120303969 | Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value v | 11-29-2012 |
20130007875 | Interactive CAPTCHA - The present disclosure involves a method. The method includes receiving a request from a user. The method includes constructing, by a computer processor, a media object that contains a plurality of media components. The method includes transmitting the media object to the user. The method includes prompting the user to perform a task involving at least a subset of the media components, the task including at least one of the following: selecting each of the media components in the subset according to a predefined sequence; and modifying at least one of the media components in the subset with respect to at least one of its following properties: location, size, appearance, and orientation. The method includes obtaining a description of an action performed by the user in response to the prompting. The method includes deciding whether or not to grant the request based on the obtaining. | 01-03-2013 |
20130024933 | AUDITING A DEVICE - The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively written in accordance with a function. The physical memory is selectively read and at least one result is determined. The result is provided to a verifier. | 01-24-2013 |
20130024936 | AUDITING A DEVICE - The auditing of a device that includes a physical memory is disclosed. One or more hardware parameters that correspond to a hardware configuration is received. Initialization information is also received. The physical memory is selectively written in accordance with a function. The physical memory is selectively read and at least one result is determined. The result is provided to a verifier. | 01-24-2013 |
20130111571 | SYSTEMS AND METHODS FOR CREATING A USER CREDENTIAL AND AUTHENTICATION USING THE CREATED USER CREDENTIAL | 05-02-2013 |
20130239187 | Physiological Response PIN Entry - Methods and systems are provided for facilitating the secure entry of a user's PIN for electronic transactions such as merchant checkout, payment authorization, or access authorization. A physiological response of the user can indicate which one of a random sequence of numbers is a number of the user's PIN. For example, the user can blink, wink, or make a subtle facial movement to provide the indication. | 09-12-2013 |
20130311787 | METHODS AND APPARATUS FOR EFFICIENT COMPUTATION OF ONE-WAY CHAINS IN CRYPTOGRAPHIC APPLICATIONS - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value v | 11-21-2013 |
20130340052 | SYSTEMS AND METHODS FOR AUTHENTICATING A USER AND DEVICE - Systems and methods for authenticating a user request for authentication are provided. An authentication device that may be part of such a system includes a network interface component coupled to a network and configured to receive at least one data packet having authentication information including at least a username of a user and user credentials. The device also includes a memory coupled to the network interface component and configured to store the received authentication information, one or more instructions for authenticating the user, and account information of the user. The device further includes one or more processors configured to analyze the received information, calculate a score based on the received information, determine a threshold, compare the calculated score with the determined threshold, and authenticate the user and a device from which the data packet is received if the calculated score is greater than or equal to the determined threshold. | 12-19-2013 |
20140068726 | SYSTEMS AND METHODS FOR AUTHENTICATION USING LOW QUALITY AND HIGH QUALITY AUTHENTICATION INFORMATION - Systems, methods, and devices for authenticating a user are provided. A device includes one or more processors configured to determine if a requested service requires high quality authentication, generate a request for high quality authentication if the requested service requires high quality authentication, and generate a request for low quality authentication if the requested service requires low quality authentication. The device also include a network interface component coupled to a network, the network interface component configured to: receive the request for the service requiring authentication, and a memory, the memory storing high quality authentication information and low quality authentication information for authenticating the user. | 03-06-2014 |
20140181922 | SYSTEMS AND METHODS FOR DETERMINING A STRENGTH OF A CREATED CREDENTIAL - Devices, systems, and methods for determining a strength of a created credential are provided. The device includes one or more processors configured to decompose a created credential into credential components, parse the credential components using a limited dictionary, determine a probability of the credential components using a limited ruleset, and calculate a score of the created credential based on the determined probability. The device also includes a memory, the memory storing the limited dictionary and the limited ruleset, and a network interface component coupled to a network, the network interface component configured to transmit the created credential to a remote server over the network for a secondary credential strength determination if the calculated score is above a threshold. | 06-26-2014 |