Systems and methods are provided for providing login as a service. A system receives, via a customer server, a request from a user computer to login to a customer application provided by the customer server. The system outputs a login form to the user computer, receives a modified login form from the user computer, and determines whether the modified login form enables the user computer to login to the customer application. If the modified login form enables the user computer to login to the customer application, the system notifies the customer server that the modified login form enables the user computer to login to the customer application.

There is provided an information processing apparatus, in which a purpose of a password can be selected from a plurality of purposes, and a print job, in which the password is used for the selected purpose, is generated.

A method for removing credentials from a smart grid device includes: receiving, by a receiving device, a removal request, wherein the removal request includes a device identifier associated with a smart grid device and is signed by an entity associated with a set of security credentials stored in a memory of the smart grid device, the set of security credentials restricting access to one or more components or operations of the smart grid device; extracting, by a processing device, the device identifier included in the received removal request; generating, by the processing device, a permit configured to remove the set of credentials from the smart grid device, wherein the generated permit includes the extracted device identifier; and transmitting, by a transmitting device, the generated permit to the smart grid device for removal of the set of credentials from the memory of the smart grid device.

A portable apparatus is removably and communicatively connectable to a network device to communicate authentication or authorization credentials of a user in connection with the user logging into or entering into a transaction with a network site. The apparatus includes a communications port to connect and disconnect the apparatus to and from the network device and to establish a communication link with the network device when connected thereto. A processor receives a secure message from the network security server via the port. The message has a PIN for authenticating the user to the network site, and is readable only by the apparatus. The processor either transfers, via the port, the received PIN to an application associated with the network site that is executing on the network device or causes the apparatus to display the received PIN for manual transfer to the application associated with the network site.

An application permission management method, includes: generating a running request in response to an operation of running an object of a terminal device, therein, the running request includes object information of the object; obtaining geographical location coordinates of the terminal device in response to the running request; determining whether the terminal device is located in one monitoring area and determine the monitoring area in which the terminal device is located; and determining forbidden lists corresponding to the determined monitoring area, determining the object according to the object information in the running request, and determining whether the object is forbidden to run according to the forbidden lists corresponding to the monitoring area.

A policy server that is associated with a secure element owner receives a request, from a service provider, to provision access, by an application, to the secure element. The policy server creates, in response to the request, a policy ticket, for the service provider, that defines privileges for the service provider to create a security domain or a new profile within the secure element. The policy server provides, to a service provider trusted service manager (TSM), the policy ticket and a signed certificate, the signed certificate corresponding to a root certificate that is inserted into a Controlling Authority Security Domain (CASD) portion of the secure element prior to receiving the request. When the CASD receives the policy ticket and signed certificate from the service provider TSM, the CASD validates based on the root certificate and provisions access to the secure element based on information in the policy ticket.

Biometric information is used to generate a one-time passcode in a two factor authentication process. A current biometric sample is obtained from a user requesting access to a secure resource, together with a user identifier and a current token code. A bio-hash value that encodes a distinct biometric identifier of the authentic user for the user identifier, combined with the authentic user's PIN, is retrieved. A computed PIN is generated based on biometric information extracted from the current biometric sample and the bio-hash value. The computed PIN is combined with the current token code to generate a one-time passcode. The one-time passcode and the user identifier are conveyed to an external user identity verification process that uses the one-time passcode to validate the computed PIN and current token code contained in the one-time passcode.

A computing device described herein utilizes a secure cryptoprocessor of the computing device to compute a response to a request for authorization received from another local or remote device. The secure cryptoprocessor computes the response based on protected authorization credentials stored by the secure cryptoprocessor for one or more devices. The computing device then provides the computed response to the other device to cause the other device to grant or deny authorization. The computing device may also display information associated with the request for authorization, receive input indicating approval of the request, and utilize the secure cryptoprocessor in response to the received input.

A deployment control device includes a processor. The processor is configured to receive, from a first terminal device, a deployment request for requesting deployment of a virtual machine. The processor is configured to generate, in response to the received deployment request, the virtual machine configured to hold first permission information corresponding to unique information of the first terminal device, and selectively allow an access from a terminal device having permission information identical to the first permission information. The processor is configured to transmit the first permission information to the first terminal device.

At least one embodiment relates to a method and a system for cloud application visibility of network traffic. The method includes: receiving, from a network gateway, hardware identity extracted from network session traffic for accessing cloud-based application services, wherein the hardware identities correspond to user devices that initiate the network session traffic; receiving, from an application processing engine, user credentials decoded from the network session traffic, wherein the user credentials authorize the network session traffic to access the cloud-based application services; and matching the hardware identities with the user credential to identify a user who uses multiple user devices or multiple user credentials to access the cloud-based application services.