Didi Dotan

A management entity displays a plurality of icons, each icon representing an actor or a resource in a networking environment. The management entity defines security policy by receiving user input in the form of lines drawn between icons representing actors and resources to control abilities between actors and resources.

A technique provides protection against malicious activity. The technique involves providing a mock token to fraudster equipment. The mock token appears to be a legitimate user token that identifies a legitimate user (e.g., an actual user token, a token seed, etc.). The technique further involves receiving, from the fraudster equipment, an authentication request which uses the mock token and, in response to receiving the authentication request which uses the mock token from the fraudster… Show more

A technique provides protection against malicious activity. The technique involves providing a mock token to fraudster equipment. The mock token appears to be a legitimate user token that identifies a legitimate user (e.g., an actual user token, a token seed, etc.). The technique further involves receiving, from the fraudster equipment, an authentication request which uses the mock token and, in response to receiving the authentication request which uses the mock token from the fraudster equipment, performing a set of authentication server operations to protect against future activity by the fraudster equipment (e.g., deny access to the fraudster equipment, acquire specific information about the fraudster equipment, output a message to subscribers of an eFraud network, and so on).

Show less

An improved technique involves generating KBA questions based on facts from fact sources pointed to by an activity log. A KBA system obtains an activity log from a computer of a user in an organization. For example, the computer records the user's web browsing history. The KBA system then considers each entry in the activity log as a source of facts for deriving KBA questions. In the case of a web browsing history, the KBA system generates facts from web pages that the user visited. The KBA… Show more

An improved technique involves generating KBA questions based on facts from fact sources pointed to by an activity log. A KBA system obtains an activity log from a computer of a user in an organization. For example, the computer records the user's web browsing history. The KBA system then considers each entry in the activity log as a source of facts for deriving KBA questions. In the case of a web browsing history, the KBA system generates facts from web pages that the user visited. The KBA system then derives new KBA questions from the facts so derived.

Show less

A technique provisions a mobile device (e.g., a smart phone, a tablet, a personal digital assistant, etc.) with a security application on the fly. The technique involves providing, by processing circuitry of the mobile device, an initial access request to an enterprise gateway which is operated by an enterprise. The technique further involves receiving, by the processing circuitry, an enterprise response message from the enterprise gateway in response to the initial access request. The… Show more

A technique provisions a mobile device (e.g., a smart phone, a tablet, a personal digital assistant, etc.) with a security application on the fly. The technique involves providing, by processing circuitry of the mobile device, an initial access request to an enterprise gateway which is operated by an enterprise. The technique further involves receiving, by the processing circuitry, an enterprise response message from the enterprise gateway in response to the initial access request. The enterprise response message denies access to a set of enterprise resources of the enterprise. The technique further involves automatically prompting, by the processing circuitry, the mobile device to install a mobile security application from an application server in response to the enterprise response message denying access to the set of enterprise resources of the enterprise. Show less

Methods, apparatus and articles of manufacture for adding entropy to key generation on a mobile device are provided herein. A method includes generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said… Show more

Methods, apparatus and articles of manufacture for adding entropy to key generation on a mobile device are provided herein. A method includes generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises one or more input elements and one or more interface manipulation measures associated with the one or more input elements; and resolving the authentication request based on said... Show less

A management entity connects with multiple security devices across a network. Each security device operates in accordance with one or more security policies. The management entity imports, over the network, data describing the security policies from the multiple security devices. The management entity classifies the imported security policies into security policy classifications based on commonality in information included in the security policies across the multiple security devices.

A method is used in authenticating a mobile device user. An authentication invocation from a mobile device for access to computer resource is activated. Device unique identifiers and device forensic information are collected. The device unique identifiers and the device unique identifiers are forwarded to a gateway. An OTP is resolved into a unique device identifier using an authentication server. The device identifier is adaptively authenticated using multiple authentication factors.

A technique manages access to a limited number of computerized sessions. The technique involves receiving, from a waiting user, a session request for a computerized session, and queuing the session request in a wait queue in response to all of the limited number of computerized sessions being currently assigned to other users. The technique further involves, while the session request is queued in the wait queue, providing permission to the waiting user to un-assign a computerized session which… Show more

A technique manages access to a limited number of computerized sessions. The technique involves receiving, from a waiting user, a session request for a computerized session, and queuing the session request in a wait queue in response to all of the limited number of computerized sessions being currently assigned to other users. The technique further involves, while the session request is queued in the wait queue, providing permission to the waiting user to un-assign a computerized session which is currently assigned to another user. With such a technique, the user has the option of simply waiting until a computerized session has been relinquished (i.e., if the user is willing to be patient) Show less

A technique secures data in cloud storage. The technique involves receiving, by processing circuitry, an input/output (I/O) request which includes host data. The technique further involves encrypting, by the processing circuitry, the host data to form encrypted data and sending a block-based write transaction which includes the encrypted data to a replication storage array to store the encrypted data within the replication storage array. The technique further involves storing, by the processing… Show more

A technique secures data in cloud storage. The technique involves receiving, by processing circuitry, an input/output (I/O) request which includes host data. The technique further involves encrypting, by the processing circuitry, the host data to form encrypted data and sending a block-based write transaction which includes the encrypted data to a replication storage array to store the encrypted data within the replication storage array. The technique further involves storing, by the processing circuitry, the host data within the production storage array. Show less

A method of authenticating a user operating a particular mobile device, the method comprising:
receiving facts from a group of mobile devices, the group of mobile devices including the particular mobile device, the facts describing events involving the user;
generating, at a knowledge-based authentication (KBA) server, a set of KBA questions from the facts;
receiving a request from the user to access protected resources stored locally in the particular mobile device while the user… Show more

A method of authenticating a user operating a particular mobile device, the method comprising:
receiving facts from a group of mobile devices, the group of mobile devices including the particular mobile device, the facts describing events involving the user;
generating, at a knowledge-based authentication (KBA) server, a set of KBA questions from the facts;
receiving a request from the user to access protected resources stored locally in the particular mobile device while the user operates the particular mobile device;
in response to receiving the request, presenting at least one question of the set of KBA questions to the user, the at least one question challenging the user's knowledge of an event described by the facts;
obtaining at least one answer from the user to the at least one question, the at least one answer signifying the user's knowledge of the event described by the facts; and
generating an authentication result from the at least one answer, the user being granted or denied access to the protected resources stored locally in the particular mobile device based on the authentication result;
wherein the events involving the user include a scheduling of a meeting between the user and a coworker;
wherein presenting the at least one question of the set of KBA questions to the user includes sending the user a question concerning an actual time at which the meeting was scheduled;
wherein obtaining the at least one answer from the user to the at least one question includes receiving a selected time at which the user may have scheduled the meeting; and
wherein generating the authentication result includes comparing the selected time to the actual time;
wherein presenting the at least one question of the set of KBA questions to the user further includes sending the user another question concerning an actual identity of the coworker;
Show less

. method is used in managing predictions in data security systems. An authentication request is received from an entity for access to a computerized resource. A predictor is determined based on context data for the authentication request and the entity. The authentication request is managed based on the predictor and the context data.

The above-described approach may suffer from deficiencies. For example, in the conventional approach, the supplemental authentication is performed by the second remote authentication server only after success of the first authentication. Thus, if a fraudster attempts, from a single client machine, to log in to many different user accounts in a ploy to find an account with an easy-to-crack password, the second remote authentication server will not have knowledge of the failed requests from the… Show more

The above-described approach may suffer from deficiencies. For example, in the conventional approach, the supplemental authentication is performed by the second remote authentication server only after success of the first authentication. Thus, if a fraudster attempts, from a single client machine, to log in to many different user accounts in a ploy to find an account with an easy-to-crack password, the second remote authentication server will not have knowledge of the failed requests from the same client machine to different accounts. If the supplemental authentication uses a risk-based authentication scheme, it would be useful for the second remote authentication server to have access to the knowledge of the failed attempts because it may signify that the login attempt is a high-risk transaction. However, in conventional approaches, information about these failed attempts is not provided to the second remote authentication server. Show less

A method is used in validating association of client devices with sessions. Information of a client device executing a user agent is gathered by a server for creating a device identifier for the client device upon receiving a request from the user agent for establishing a session between the user agent and the server. The device identifier includes information identifying the client device. The device identifier is associated with the session. The client device is validated by the server upon… Show more

A method is used in validating association of client devices with sessions. Information of a client device executing a user agent is gathered by a server for creating a device identifier for the client device upon receiving a request from the user agent for establishing a session between the user agent and the server. The device identifier includes information identifying the client device. The device identifier is associated with the session. The client device is validated by the server upon receiving subsequent requests from the client device during the session. Validating the client device includes gathering information of the client device sending each subsequent request for creating a device identifier for the client device and comparing the device identifier created from the information gathered during each subsequent request with the device identifier associated with the session. Show less

A method of prompting a user to authenticate to an authentication server, the method comprising:
receiving, by processing circuitry, an authentication session request which includes a validation result indicating whether a user identifier supplied by the user identifies a valid user entry in a user database;
when the validation result indicates that the user identifier does identify a valid user entry in the user database, providing a genuine authentication session response which includes… Show more

A method of prompting a user to authenticate to an authentication server, the method comprising:
receiving, by processing circuitry, an authentication session request which includes a validation result indicating whether a user identifier supplied by the user identifies a valid user entry in a user database;
when the validation result indicates that the user identifier does identify a valid user entry in the user database, providing a genuine authentication session response which includes (i) a user-expected set of artifacts to confirm authenticity of the authentication server to the user and (ii) a prompt for the user to enter a password to confirm authenticity of the user to the authentication server;
when the validation result indicates that the user identifier does not identify a valid user entry in the user database, providing, by the processing circuitry, a faux authentication session response which includes (i) a server-selected set of artifacts and (ii) a prompt for the user to enter a password enabling the faux authentication session response to resemble a genuine authentication session response; and
prior to receiving the authentication session request, acquiring a user-provided set of artifact choices, the user-provided set of artifact choices identifying, as the user-expected set of artifacts of the genuine authentication session response, user-chosen graphical content; Show less

A method is used in authenticating using organization based information. Organization based information is analyzed for information that is suitable for use in authenticating a user. The organization based information includes employee-used information. A question is derived from the organization based information. Based on the question, a process used to authenticate a user is executed.

A method of generating knowledge-based authentication (KBA) questions from a set of facts, the method comprising:
receiving, by a processor of a computer, answers to a first prior set of KBA questions from a group of users, each user of the group of users having been successfully authenticated using questions from a second prior set of KBA questions distinct from the first prior set of KBA questions, each KBA question of the first prior set of KBA questions having a format selected from a… Show more

A method of generating knowledge-based authentication (KBA) questions from a set of facts, the method comprising:
receiving, by a processor of a computer, answers to a first prior set of KBA questions from a group of users, each user of the group of users having been successfully authenticated using questions from a second prior set of KBA questions distinct from the first prior set of KBA questions, each KBA question of the first prior set of KBA questions having a format selected from a set of predefined formats, each format of the set of predefined formats defining a relationship between facts of the set of facts and words of a set of words in which the first prior set of KBA questions are expressed;
identifying, by the processor, a correct subset of the first prior set of KBA questions to which the group of users provided correct answers and an incorrect subset of the first prior set of KBA questions to which the group of users provided incorrect answers;
automatically selecting, by the processor, a first subset of the predefined set of formats based on the correct subset and a second subset of the predefined set of formats based on the incorrect subset; and
generating, by the processor, a new set of KBA questions from facts of the set of facts, each KBA question of the new set of KBA questions having a format of the first subset of the predefined set of formats to improve effectiveness of future KBA questions Show less

An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The… Show more

An improved technique for logging events in an electronic system for forensic analysis includes receiving event records by a recording unit from different forensic agents of the electronic system and applying timing information included within the event records to resequence the event records in the recording unit in a more accurate order. In some examples, the timing information includes a vector clock established among the agents of the electronic system for storing sequences of events. The vector clock provides sequence information about particular events occurring among the forensic agents, which is applied to correct the order of reported event records. In other examples, the timing information includes timestamps published to the agents from a common timestamp server. In yet other examples, the timing information includes timestamps of the devices on which the agents are running, or any combination of the foregoing examples of timing information. Show less

A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information… Show more

A method is used in validating association of client devices with authenticated clients. An authentication request for authenticating a client is received from a client device used by a client for establishing a session with a server. The client is authenticated by an authentication device. A token is created and provided to the client device. Identification information of the client device is gathered. The identification information identifies the client device. The identification information gathered from the client device is evaluated. Based on the evaluation, it is validated that the identification information corresponds to a client device associated with the authenticated client. Show less

An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The… Show more

An improved PIN-based authentication technique for authenticating the user of a client machine to a server automatically generates a personal identification number (PIN) for the user based on user-specific authentication information, such as encrypted cookie information. The server provides user-specific authentication information to a client machine. When the user submits an authentication request, user-specific authentication information is collected and uploaded to the server. The user-specific authentication information is processed to form a PIN, and authentication of the user proceeds based on the PIN and any other authentication factors provided. Since the disclosed techniques compute PINs automatically based on information exchanged between a client machine and a server, the user is relieved of any burden associated with registering and remembering a PIN. Show less

A method performed by a client access device includes (1) receiving, at the client access device, a signal from a client authorizing device, the signal including an environmental detection instruction, the environmental detection instruction instructing the client access device to detect an aspect of a local environment, (2) detecting, at the client access device, the aspect of the environment indicated by the environmental detection instruction to yield a first environmental detection result… Show more

A method performed by a client access device includes (1) receiving, at the client access device, a signal from a client authorizing device, the signal including an environmental detection instruction, the environmental detection instruction instructing the client access device to detect an aspect of a local environment, (2) detecting, at the client access device, the aspect of the environment indicated by the environmental detection instruction to yield a first environmental detection result, (3) sending the first environmental detection result from the client access device to a remote server, and (4) in response to sending the environmental detection result to the remote server, receiving a proximity signal from the remote server indicating whether or not proximity between the client access device and the client authorizing device has been established by comparing the first environmental detection result to a second environmental detection result sent from the client authorizing device to the server. Show less

A technique authenticates a user of a massively multiplayer online role playing game (MMORPG). The technique involves establishing a user database containing user information describing the MMORPG user based on a set of first transmissions received from a game provider of the MMORPG. The technique further involves (i) receiving a second transmission from the game provider, the second transmission including an authentication request to authenticate the MMORPG user, and (ii) providing a response… Show more

A technique authenticates a user of a massively multiplayer online role playing game (MMORPG). The technique involves establishing a user database containing user information describing the MMORPG user based on a set of first transmissions received from a game provider of the MMORPG. The technique further involves (i) receiving a second transmission from the game provider, the second transmission including an authentication request to authenticate the MMORPG user, and (ii) providing a response transmission to the game provider in response to the second transmission. The response transmission includes an authentication result based on an adaptive authentication operation involving the user database. The authentication result controls whether the game provider provides the MMORPG. Show less

An improved technique involves converting facts from multiple fact sources to a common data format. Along these lines, for each fact source having a source-specific format, a KBA system provides an adaptor that converts incoming facts in the source-specific format to the common data format prior to generating questions. The KBA system stores the facts in the common format in a database for subsequent access. In response to an authorization request, the KBA system then builds questions based on… Show more

An improved technique involves converting facts from multiple fact sources to a common data format. Along these lines, for each fact source having a source-specific format, a KBA system provides an adaptor that converts incoming facts in the source-specific format to the common data format prior to generating questions. The KBA system stores the facts in the common format in a database for subsequent access. In response to an authorization request, the KBA system then builds questions based on the facts from multiple sources in the common data format stored in the database. Show less

An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While… Show more

An improved technique authenticates a user based on an ability to corroborate previous transaction data sent by a user device. Along these lines, the improved technique makes use of an independent information source for verifying the accuracy of previous transaction data obtained by a given collector. For example, when a collector of location data is a GPS unit of a cell phone, an independent information source may be a cell tower closest to the cell phone at the time of the transaction. While location data provided by the cell tower may not be as precise as that provided by the GPS unit, such data is useful for corroborating the location data from the GPS unit. In this scenario, if the data provided by the cell tower fails to corroborate that provided by the GPS unit, then the GPS unit adds significant risk to authenticating the user. Show less

Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The… Show more

Event-based biometric authentication is provided using a mobile device of a user. A user attempting to access a protected resource is authenticated by receiving a request to access the protected resource; collecting biometric information from the user in response to the request using a mobile device of the user; performing biometric authentication of the user using the collected biometric information; and granting access to the protected resource based on the biometric authentication. The authentication optionally comprises an event-based authentication. The mobile device does not have to contain token generating material. Show less

Methods, apparatus and articles of manufacture for using a token code to control access to data and applications in a mobile platform are provided herein. A method includes processing authentication information via a cryptographic operation to generate an output, partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component, encrypting an item of cryptographic information via the encryption key component, and storing the… Show more

Methods, apparatus and articles of manufacture for using a token code to control access to data and applications in a mobile platform are provided herein. A method includes processing authentication information via a cryptographic operation to generate an output, partitioning the output into (i) a component that identifies the authentication information and (ii) an encryption key component, encrypting an item of cryptographic information via the encryption key component, and storing the component that identifies the authentication information and the encrypted item of cryptographic information. Show less