摘要:
Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session.
摘要:
In an embodiment, a security engine of a processor includes an identity provider logic to generate a first key pair of a key pairing associating system user and a service provider that provides a web service and having a second system coupled to the system via a network, to perform a secure communication with the second system to enable the second system to verify that the identity provider logic is executing in a trusted execution environment, and responsive to the verification, to send a first key of the first key pair to the second system. This key may enable the second system to verify an assertion communicated by the identity provider logic that the user has been authenticated to the system according to a multi-factor authentication. Other embodiments are described and claimed.
摘要:
A mechanism is described for facilitating context-based access control of resources for according to one embodiment. A method of embodiments, as described herein, includes receiving a first request to access a resource of a plurality of resources. The first request may be associated with one or more contexts corresponding to a user placing the first request at a computing device. The method may further include evaluating the one or more contexts. The evaluation of the one or more contexts may include matching the one or more contexts with one or more access policies associated with the requested resource. The method may further include accepting the first request if the one or more contexts satisfy at least one of the access policies.
摘要:
Methods, systems and apparatus are disclosed to facilitate client-based authentication. An example method includes associating an identity authority with a client platform in an isolated execution environment, associating a user identity with the identity authority, generating a first key pair associated with a first service provider, generating an attestation based on a first authorization sequence of the client platform, and signing the attestation with a portion of the key pair and sending the signed attestation to the first service provider to authorize communication between the client platform and the first service provider.
摘要:
Systems and methods for generating suggestions based on group criteria. A device may act as a proxy for a group and scan information from other devices in the group. The proxy device may then transmit the scanned information to a remote resource. The remote resource may obtain preference information based on profile information, for devices that are determined to be registered with a service, and based on inquiry responses for unregistered devices. The preference information may be compiled into group criteria that may be employed in making one or more suggestions to the group. If the group selects one of the suggestions then the remote resource may make arrangements based on the selection. Otherwise, additional suggestions may be provided to the group. The remote resource may also monitor the group and continue to make suggestions accordingly.
摘要:
An embodiment of the invention provides context aware messaging. Such context aware messaging may include delivering communications (e.g., coupons, promotions) to mobile device users based on the device user's context (e.g., physical location, time of day and week, habits, tendencies, and the like). An embodiment includes sensing an environmental condition for a user; wirelessly communicating the sensed condition to a remotely located node; and receiving a context based communication in response to communicating the sensed condition to the remotely located node; wherein the context based communication corresponds to the sensed environmental condition. Other embodiments are described herein.
摘要:
An initialization vector (IV) is employed to decrypt a block of a stream that has been encrypted with Cypher Block Chaining (CBC) encryption, without requiring decryption of previous blocks within the stream. For example, a listener who accesses a distribution point to retrieve encrypted content authenticates himself to an application server that regulates access to encrypted content on the distribution point, and responsively receives a key. The listener then requests access to a reference point within the encrypted content stream somewhere after its beginning (e.g., using preview clips). The distribution point relates the reference point to a corresponding block of the encrypted stream, and identifies an IV previously used for encryption of that block. The distribution point provides the associated encrypted block of content and the IV to the listener to enable mid-stream rendering of the encrypted content, without requiring the listener to decrypt previous blocks within the encrypted stream.
摘要:
Techniques are provided for displaying a uniform resource locator (URL) to assist a user in determining whether a URL destination is what the user expects. A link is presented for selection to a user, and a URL corresponding to the link is accessed. A portion of the URL that corresponds to a hostname component of the URL may be identified, and the URL may be displayed. The hostname component of the URL is visually distinguished from other components of the URL. In addition to or as an alternative to displaying the URL and visually distinguishing the hostname component, a warning message relating to the hostname portion of the URL may be displayed. The techniques may be implemented as a software plug-in or in any type of software application that is capable of recognizing URLs.
摘要:
Techniques are provided for displaying a uniform resource locator (URL) to assist a user in determining whether a URL destination is what the user expects. A link is presented for selection to a user, and a URL corresponding to the link is accessed. A portion of the URL that corresponds to a hostname component of the URL may be identified, and the URL may be displayed. The hostname component of the URL is visually distinguished from other components of the URL. In addition to or as an alternative to displaying the URL and visually distinguishing the hostname component, a warning message relating to the hostname portion of the URL may be displayed. The techniques may be implemented as a software plug-in or in any type of software application that is capable of recognizing URLs.
摘要:
A service provider may provide one or more services to and/or for a client. Providing a service may involve receiving a service request including a security token at the service provider and determining whether the security token is valid. Providing the service may also involve determining a session security token if the security token is valid and generating a service response including the session security token. Providing the service may further involve receiving a service request including the session security token, determining whether the session security token is valid, and, if the session security token is valid, generating a second service response.