A technology is provided for using a multi-factor authentication process to access services in a computing service environment. One or more policies can be defined for allowing access to one or more services and/or resources associated with a service provider environment according to an authenticated identity. A device, detected by a voice-capturing endpoint within a defined geographical location, may be authenticated according to a unique identification (ID). Voice data received from the voice-capturing endpoint can be authenticated. The authenticated identity can be established according to the authenticated device and the authenticated voice data. A command, received via a voice command from the voice-capturing endpoint, may be issued with the authenticated identity to access the one or more services and/or resources associated with the service provider environment according to the plurality of policies.

Virtual smart card system includes a virtual smart card server (VSS) which controls access to content respectively associated with a plurality of virtual smart cards. A remote client computer system includes a system level agent which establishes the client computer machine to the VSS as a trusted computer system. A user level agent at the client computer system responds to a request for a virtual smart card operation by causing the client computer system to obtain user authentication information, negotiate with the system level agent to obtain a cookie, and initiate a request to the VSS for the virtual smart card operation. The VSS will perform the virtual smart card operation provided that a security policy is satisfied and will communicate the results to the user level agent.

The techniques and systems described herein are directed to providing targeted, secure software deployment in a computing system. An identity of the computing device can be determined and verified using a trusted platform module (TPM) of the computing device, and a software update can be expressly configured to operate solely on the computing device. Further, a configuration of the computing device can be ascertained using platform configuration registers (PCRs) of the TPM to determine that the computing device has not been modified from a trusted configuration. For example, if malware or unauthorized software is operating on the computing device, the software update may be prevented from being installed. Further, the software update can be targeted for a particular computing device, such that when the software update is received at the computing device, the software update may not be duplicated and provided to an additional, unauthorized device.

A digital processing device capable of receiving an additional service is disclosed. In one aspect, a digital processing device includes i) an input unit, inputting a signal, ii) a subscriber identity unit, storing an identity code of a communication operator and generating a communication network access request message, iii) an additional service identity unit, storing an identity code of an additional service operator and generating an additional service request message and v) a control unit, generating a control signal allowing one of the subscriber identity unit and the additional service identity unit to be selectively driven. In accordance with at least one inventive embodiment, a user of the digital processing device can receive an additional service without his or her subscription to a specific communication operator and use various additional services in addition to the additional services provided by the subscribed communication operator.

A method of managing a file of a subscriber authenticating module embedded in a terminal device and a module for authenticating a subscriber by using the method. The method of managing the file includes configuring a file structure for one or more profiles and managing one or more files included in the file structure in response to a request. Thus, the method is efficient for a multiple-profile environment.

A method for signing up a user to a service for controlling at least one functionality in a vehicle (10) by means of a user terminal (20) comprises the following steps: —communicating a user identifier and an identifier associated with the vehicle (10) to a server (50); —having the server (50) authenticate an electronics unit (11) of the vehicle (10); —in the event of successful authentication, registering the user identifier and the identifier associated with the vehicle (10) in association with one another in the server (50).

Disclosed is a mobile device to provide enhanced security based upon contextual sensor inputs. The mobile device may include: a biometric sensor; a contextual sensor; and a processor. The processor may be configured to: determine an authentication score based upon a biometric input received from the biometric sensor; modulate the authentication score based upon a contextual sensor input from the contextual sensor related to an event; and determine if the modulated authentication score falls below a predetermined threshold. If the authentication score falls below the predetermined threshold, the processor may command that a secondary authentication be performed.

There is proposed a user authentication method that uses a time-based password (TP) having a relatively long update cycle instead of a TOTP having a conventional short update cycle (e.g., 60 seconds). The present invention is a user authentication method executed by an authentication system that performs authentication of a user who performs access from an information communication terminal device in order to use a usage target system by using a reference terminal device that includes a security token capable of generating a TP. The authentication method includes setting an update cycle of the TP to a first update cycle of 30 days, 1 month, or a time period longer than 1 month, receiving a user authentication request that includes a time-based password generated by the security token according to the set first update cycle, and performing the authentication based on the TP contained in the received user authentication request.

Methods and systems are disclosed herein for authenticating a user. A security device may use an object associated with a user and a device of the user to authenticate the user, for example, if the user has forgotten a password. A user may insert the object (e.g., a card, or other object) into the security device and may select an option to authenticate via a device that is trusted by both the security device and the user, rather than authenticating by entering a password at the security device.

A device may obtain registration data associated with a registration of an individual. The registration data may include an image that depicts a physical key and a reference object. The device may process the image to identify a first feature of the physical key and a first measurement of the first feature based on the size of the reference object. The device may store first feature data based on the first feature and the first measurement. The device may obtain second feature data based on a second feature of the physical key and a second measurement of the second feature identified from an insertion of the physical key into a keyhole of an authentication mechanism. The device may determine whether the first feature data corresponds to the second feature data. The device may authenticate the individual based on determining that the first feature data corresponds to the second feature data.