Sam Curry

Systems and methods are provided to determine a maliciousness level of an element using a hypergraph of neighbors. The method can include receiving the element; generating a hypergraph of neighbor target elements found in a database, the hypergraph comprising a set of nodes and a set of edges, wherein the set of nodes represents the neighbor target elements, and the set of edges represents connections between the neighbor target elements; classifying nodes and edges in the hypergraph;… Show more

Systems and methods are provided to determine a maliciousness level of an element using a hypergraph of neighbors. The method can include receiving the element; generating a hypergraph of neighbor target elements found in a database, the hypergraph comprising a set of nodes and a set of edges, wherein the set of nodes represents the neighbor target elements, and the set of edges represents connections between the neighbor target elements; classifying nodes and edges in the hypergraph; generating a maliciousness level profile for the element based on aggregation of nodes and edges in the hypergraph; linking information related to the element with the maliciousness level profile for the element; and performing an action based on a type of the element. Show less

There is disclosed a method and system for use in authenticating an entity. An authentication request is received from the entity. An input signal is received from a communications device associated with the entity. The input signal comprises the current location of the communications device. The current location of the communications device is derived from the input signal. Based on the current location of the communications device, an event is detected at substantially the same location as… Show more

There is disclosed a method and system for use in authenticating an entity. An authentication request is received from the entity. An input signal is received from a communications device associated with the entity. The input signal comprises the current location of the communications device. The current location of the communications device is derived from the input signal. Based on the current location of the communications device, an event is detected at substantially the same location as the current location of the communications device. An analysis is performed between the current location of the communications device and the event. An authentication result is generated based on the analysis between the current location of the communications device and the event. The authentication result can be used for authenticating the entity. Show less

There is disclosed a method, system and a computer program product for use in authenticating an entity. An authentication request is received from the entity. Information in connection with the entity is acquired from an external source. Based on the information, a risk score is set such that the riskiness of the authentication request can be readily deduced therefrom.

There is disclosed a method and system for use in authenticating an entity. An entity location history is stored comprising a historical record of locations visited by the entity. An authentication request is received from the entity. A pattern of recent locations visited by the entity indicative of irregular behavior is detected. An analysis is performed between the pattern of recent locations indicative of irregular behavior and the entity location history for establishing the riskiness of… Show more

There is disclosed a method and system for use in authenticating an entity. An entity location history is stored comprising a historical record of locations visited by the entity. An authentication request is received from the entity. A pattern of recent locations visited by the entity indicative of irregular behavior is detected. An analysis is performed between the pattern of recent locations indicative of irregular behavior and the entity location history for establishing the riskiness of the authentication request. An authentication result is generated based on the analysis between the pattern of recent locations indicative of irregular behavior and the entity location history. Show less

A user device is configured for communication with a distributed verification system over a network. The user device generates first and second keys from a master key for a password vault or other credential store, provides the first key to the distributed verification system, encrypts the credential store based at least in part on the second key, and provides the encrypted credential store to the distributed verification system. The credential store is encrypted utilizing the second key and… Show more

A user device is configured for communication with a distributed verification system over a network. The user device generates first and second keys from a master key for a password vault or other credential store, provides the first key to the distributed verification system, encrypts the credential store based at least in part on the second key, and provides the encrypted credential store to the distributed verification system. The credential store is encrypted utilizing the second key and information that is stored in a distributed manner over a plurality of servers of the distributed verification system. For example, encrypting the credential store illustratively comprises generating a ciphertext by encrypting the credential store utilizing the second key, obtaining a third key stored in the distributed manner over the servers, and encrypting the ciphertext utilizing the third key to generate the encrypted credential store that is provided to the distributed verification system. Show less

An improved technique for verifying a license of a software product includes performing license checks with a server and passing to the server, as part of the license checks, a drifting digital code. The drifting code forms a particular drift pattern, which the server detects over the course of multiple license checks. The drift pattern is typically unique, or relatively unique, to the machine on which the software product is run, and changes in a manner that is difficult for malicious users to… Show more

An improved technique for verifying a license of a software product includes performing license checks with a server and passing to the server, as part of the license checks, a drifting digital code. The drifting code forms a particular drift pattern, which the server detects over the course of multiple license checks. The drift pattern is typically unique, or relatively unique, to the machine on which the software product is run, and changes in a manner that is difficult for malicious users to replicate on other machines. If a second copy of the software is installed, e.g., if the software is pirated, the second copy will produce a drifting code that has its own drift pattern, which differs from that of the initial copy. The server detects the duplicate copy by observing a divergence in the codes it receives during license checks. Show less

Access control systems are provided that mediate access to derivatives of sensitive data. A method is provided for processing a data request from a client, the data request comprising a client identifier and an indication of the intended use of the data, by receiving the data request from the client; providing the client identifier and indicated use to an access manager, wherein the access manager assesses a risk of providing access to the data for the indicated use; if the access manager… Show more

Access control systems are provided that mediate access to derivatives of sensitive data. A method is provided for processing a data request from a client, the data request comprising a client identifier and an indication of the intended use of the data, by receiving the data request from the client; providing the client identifier and indicated use to an access manager, wherein the access manager assesses a risk of providing access to the data for the indicated use; if the access manager grants access for the indicated use, receiving one or more keys with corresponding computing restrictions from the access manager; computing a result; and providing the result to the client, wherein the provided result comprises the derivative of sensitive data. The access manager grants the access for the indicated use, for example, based on a risk score. Show less

There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is… Show more

There is disclosed a method and system for use in authenticating an entity in connection with a computerized resource. An authentication request is received from entity for access to computerized resource. An input signal is received from a communications device associated with entity. The input signal comprises current location of communications device. The current location of communications device is derived from input signal. A location history in connection with communications device is captured. The location history comprises a record of discrete locations visited by communications device over a period of time. An analysis is performed between current location of the communications device and location history in connection with communications device. An authentication result is generated based on analysis between current location of communications device and location history in connection with communications device. The authentication result can be used for authenticating entity. Show less

A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel… Show more

A technique controls a soft token running within an electronic apparatus. The technique involves providing an initial series of authentication codes based on a first set of machine states. The initial series of authentication codes is provided from the electronic apparatus to a server through a forward channel to authenticate a user. The technique further involves receiving a command from the server through a reverse channel between the electronic apparatus and the server. The reverse channel provides communications in a direction opposite to that of the forward channel. The technique further involves changing the first set of machine states to a second set of machine states in response to the command, and providing a new series of authentication codes based on the second set of machine states. The new series of authentication codes is provided from the electronic apparatus to the server through the forward channel for user authentication. Show less

An improved technique for managing access of a user of a computing machine to a remote network collects device posture information about the user's mobile device. The mobile device runs a soft token, and the collected posture information pertains to various aspects of the mobile device, such as the mobile device's hardware, software, environment, and/or users, for example. The server applies the collected device posture information along with token codes from the soft token in authenticating… Show more

An improved technique for managing access of a user of a computing machine to a remote network collects device posture information about the user's mobile device. The mobile device runs a soft token, and the collected posture information pertains to various aspects of the mobile device, such as the mobile device's hardware, software, environment, and/or users, for example. The server applies the collected device posture information along with token codes from the soft token in authenticating the user to the remote network. Show less

A technique for detecting unauthorized copies of a soft token that runs on a mobile device includes generating a set of random bits on the mobile device and providing samples of the set of random bits, as well as token codes from the soft token, for delivery to a server during authentication requests. The server acquires the set of random bits of the mobile device, or learns the set of random bits over the course of multiple login attempts. Thereafter, the server predicts values of the samples… Show more

A technique for detecting unauthorized copies of a soft token that runs on a mobile device includes generating a set of random bits on the mobile device and providing samples of the set of random bits, as well as token codes from the soft token, for delivery to a server during authentication requests. The server acquires the set of random bits of the mobile device, or learns the set of random bits over the course of multiple login attempts. Thereafter, the server predicts values of the samples of the set of random bits and tests actual samples arriving in connection with subsequent authentication requests. Mismatches between predicted samples and received samples indicate discrepancies between the random bits of the device providing the samples and the random bits of the mobile device, and thus indicate unauthorized soft token copies. Show less

A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements… Show more

A technique provides authentication codes to authenticate a user to an authentication server. The technique involves generating, by an electronic apparatus (e.g., a smart phone, a tablet, a laptop, etc.), token codes from a cryptographic key. The technique further involves obtaining biometric measurements from a user, and outputting composite passcodes as the authentication codes. The composite passcodes include the token codes and biometric factors based on the biometric measurements. Additionally, the token codes and the biometric factors of the composite passcodes operate as authentication inputs to user authentication operations performed by the authentication server. In some arrangements, the biometric factors are results of facial recognition (e.g., via a camera), voice recognition (e.g., via a microphone), gate recognition (e.g., via an accelerometer), touch recognition and/or typing recognition (e.g., via a touchscreen or keyboard), combinations thereof, etc. Show less

An improved technique for managing multiple virtual machines includes a presentation layer that receives user input for multiple virtual machines and renders output from the virtual machines in a unified presentation, which can be displayed to a user. In certain examples, Red/Green security is implemented by designating one virtual machine as a Green virtual machine and another as a Red virtual machine. Although different virtual machines are used, the presentation layer unifies the user's… Show more

An improved technique for managing multiple virtual machines includes a presentation layer that receives user input for multiple virtual machines and renders output from the virtual machines in a unified presentation, which can be displayed to a user. In certain examples, Red/Green security is implemented by designating one virtual machine as a Green virtual machine and another as a Red virtual machine. Although different virtual machines are used, the presentation layer unifies the user's interaction with the virtual machines and reduces the need for the user to keep track of different virtual machines or to switch manually between them. Show less

An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture… Show more

An improved technique for assessing the security status of a device on which a soft token is run collects device posture information from the device running the soft token and initiates transmission of the device posture information to a server to be used in assessing whether the device has been subjected to malicious activity. The device posture information may relate to the software status, hardware status, and/or environmental context of the device. In some examples, the device posture information is transmitted to the server directly. In other examples, the device posture information is transmitted to the server via auxiliary bits embedded in passcodes displayed to the user, which the user may read and transfer to the server as part of authentication requests. The server may apply the device posture information in a number of areas, including, for example, authentication management, risk assessment, and/or security analytics. Show less

An improved technique provides scheduled data transfer between a mobile device and a server. The mobile device combines token codes generated by a soft token with sequences of auxiliary bits and displays the combinations to users as passcodes. Users may then copy the passcodes to their computers for authenticating to a server on a remote network. As the passcodes include both token codes and sequences of auxiliary bits, a communication channel is established whereby the auxiliary bits as well… Show more

An improved technique provides scheduled data transfer between a mobile device and a server. The mobile device combines token codes generated by a soft token with sequences of auxiliary bits and displays the combinations to users as passcodes. Users may then copy the passcodes to their computers for authenticating to a server on a remote network. As the passcodes include both token codes and sequences of auxiliary bits, a communication channel is established whereby the auxiliary bits as well as the soft token codes are transmitted from the mobile device to the server. Show less

An improved technique for delegating computing actions among different machines includes a policy engine that receives inputs specifying computing actions to be performed and automatically selects a virtual machine to perform each action. Machine selection is based on a policy, which recognizes multiple categories of computing actions, classifies each input as belonging to one of the categories, and directs each computing action to a virtual machine designated for performing only that one… Show more

An improved technique for delegating computing actions among different machines includes a policy engine that receives inputs specifying computing actions to be performed and automatically selects a virtual machine to perform each action. Machine selection is based on a policy, which recognizes multiple categories of computing actions, classifies each input as belonging to one of the categories, and directs each computing action to a virtual machine designated for performing only that one category of computing actions. Show less

Existing authentication systems typically aim to ensure that data is available only to those entities that are authorized to obtain it. Privacy goals, however, also require that even authorized entities are constrained in terms of how they use the data. A Mediated Privacy (MP) model has been proposed to grant access to sensitive data for specific types of usage, such as allowing filtered queries or selective data transfer.