Abstract: Methods and systems are provided for a multi-factor authentication technique that includes inputs of a physical key possessed by the user as a factor. Such a key may be a physical object that the user possesses and that includes truly random features not easily reproducible. The key may be custom to the user and may include inclusions or anomalies that affect a signal transmitted through the key. Such effects may impart a unique effect on signals transmitted through the key, producing a unique fingerprint to identify whether the key is authentication. An input from the user may be an additional factor within the authentication process.

Abstract: The present invention is generally directed toward a mobile device that can be used in a secure access system. More specifically, the mobile device can have credential data loaded thereon remotely updated, enabled, disabled, revoked, or otherwise altered with a message sent from, for example, a control panel and/or controller in the system.

Abstract: Techniques described herein may be used to dynamically apply content filters to a user device by identifying the user operating the user device. An analytics server may collect information relevant to identifying the user, or the type of user (e.g., a child, a teenager, or an adult), and cause a content filter to be applied to the user device based on the user and content requested by the user. As such, systems and methods described herein provide techniques for applying a content filters based on the actual user that is operating the user device, as opposed to the just the user device itself.

Abstract: A system has ??2 servers. At least each of a set of authentication servers stores a key-share ski of secret key sk, shared between q of the ? servers, of a key-pair (pk, sk). An access control server sends an authentication value to a subset of the authentication servers. The authentication value was formed using a predetermined function of a first ciphertext for a user ID and a second ciphertext produced by encrypting a password attempt under public key pk using a homomorphic encryption algorithm. The authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID. Each authentication server in the subset produces a decryption share dependent on the authentication value using the key-share ski. The access control server uses decryption shares to determine if the authentication value decrypts to the predetermined value, if so permitting access to a resource.

Abstract: A method to generate a dynamic keypad for access code input includes identifying a screen size of display of a computer device by accessing a configuration file associated with the display. The method includes identifying a set of possible objects for an access code. The method further includes generating a first set of electronic keys based on the set of possible objects for the access code and based on the screen size of the display. The method also includes generating a second set of electronic keys based on the screen size of the display. The method includes generating a keypad that includes the first set of electronic keys and the second set of electronic keys. The method further includes presenting the keypad in the display of the computer device.

Abstract: A system and method for displaying information at a fuel dispenser comprises an electrophoretic display that may be configured to operate in low temperature environments. The fuel dispenser may comprise a keypad located beneath the electrophoretic display in order to present a graphical user interface to a customer and receive the customer's selections. The fuel dispenser may comprise additional electrophoretic displays to present additional information to the consumer.

Abstract: The present invention provides an optical member having a substrate and a dot in contact with a surface of the substrate, wherein the dot is made of a liquid crystal material having a cholesteric structure; the dot has wavelength selective reflection property; and the dot reflects both the right circularly polarized light and the left circularly polarized light at a wavelength at which the dot exhibits the wavelength selective reflection property. The present invention also provides an image display device having the above optical member. The optical member of the present invention achieves a large intensity of reflected light from the dot in the optical member, and the image display device of the present invention has favorable data input sensitivity as an image display device capable of receiving data input.

Abstract: A system and method for displaying information at a fuel dispenser comprises an electrophoretic display that may be configured to operate in low temperature environments. The fuel dispenser may comprise a keypad located beneath the electrophoretic display in order to present a graphical user interface to a customer and receive the customer's selections. The fuel dispenser may comprise additional electrophoretic displays to present additional information to the consumer.

Abstract: A remote security access procedure for granting access to a wirelessly controlled lock may include one of receiving an address location at a server to setup a temporary access, receiving a security question at the server required to be answered prior to the temporary access being granted, receiving a time window at the server for the temporary access to be granted, encrypting via the server an access credential comprising the address location, the security question and the time window, and transmitting from the server the encrypted access credential to a guest device.

Abstract: Systems and methods are provided for securing payment card information. A user may present a payment card such as a credit card to point-of-sale equipment. The point-of-sale equipment may use a symmetric key to encrypt payment card information associated with the payment card. The symmetric key may be encrypted at the point-of-sale equipment using the identity-based-encryption (IBE) public key of a purchase transaction processor to produce a key transfer block. The key transfer block and the encrypted payment card information may be conveyed from the point-of-sale equipment to the purchase transaction processor over a communications network. At the purchase transaction processor, an IBE private key may be used to recover the symmetric key from the key transfer block. The symmetric key can be used to decrypt the encrypted payment card information for processing and re-encryption using a key associated with the purchase transaction processor.

Abstract: Embodiments are directed to techniques to automatically propagate password updates onto other devices that use a shared password to protect respective secure keys or other secrets. This may be done by calculating update data using a new password and an old password entered onto one device as part of a password change operation, and sending the update data to the other devices for use in updating the password on those devices.

Abstract: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.

Abstract: A password authentication system includes an access control server configured to control access by a user computer to a resource dependent on authentication of user passwords associated with user IDs. The system further includes a plurality of authentication servers, storing respective secret values. For each user ID, the access control server stores a first ciphertext produced by encrypting the user password associated with that ID using a predetermined algorithm dependent on the secret values. In response to receipt of a user ID and an input password, the access control server communicates with the plurality of authentication servers to implement password authentication, requiring use of the secret values, in which a second ciphertext is produced by encrypting the input password using said predetermined algorithm. The access control server compares the first and second ciphertexts to determine whether the input password equals the user password to permit access to the resource.

Abstract: A device for verifying at least one challenge-response pair includes a coherent light source configured to emit coherent light. A challenge creating device is configured to create an optical challenge to be sent to a physically unclonable function (PUF). A wavefront shaping device is configured to perform a verification based on an optical response from the physically unclonable function (PUF). A detector is configured to read out a result of the verification performed by the wavefront shaping device. A focusing device is configured to focus light exiting from the wavefront shaping device onto the detector for detection.

Abstract: Techniques are provided for security-aware split-server passcode verification for one-time authentication tokens. An exemplary method comprises receiving an authentication passcode generated by a token; and processing the received authentication passcode using at least a first authentication server and a second authentication server. The received authentication passcode is based on a protocode and/or embedded auxiliary information. The embedded auxiliary information comprising a silent alarm and/or a drifting key is extracted from the received authentication passcode. In another exemplary method, the received authentication passcode is processed using a single processing device to extract the embedded auxiliary information comprising one or more of a silent alarm and a drifting key.

Abstract: A security system may include an access control device associated with a personnel access position. The access control device may include a first Near-Field Communication (NFC) sensor, and a first controller configured to selectively grant personnel access based upon receiving a valid security code from the first NFC sensor, and to deny personnel access and generate an access denial electronic message(s) based upon receiving an invalid security code from the first NFC sensor. The system may also include a mobile wireless communications device(s) including a second NFC sensor and a second controller, which may be configured to communicate a security code via the second NFC sensor to the first NFC sensor based upon proximity therewith, and to receive a corresponding access denial electronic message from the first controller based upon the security code being invalid.

Abstract: An apparatus and method for remotely deleting critical information is provided. The apparatus includes a storage unit, an identity determination unit, and a broadcast unit. The storage unit stores an input value and an output value for the input value with respect to a physically unclonable function (PUF) of each of a plurality of mobile terminals. The identity determination unit determines the identity of a corresponding mobile terminal based on received information about the loss of the mobile terminal. The broadcast unit extracts the input and output values of the PUF of the corresponding mobile terminal from the storage unit based on information transferred from the identity determination unit, and broadcasts the extracted input and output values to all the mobile terminals.

Abstract: An example method includes determining a size at which to display one or more keys of a virtual keypad and determining a symbol to display on the one or more keys of the virtual keypad. The method also includes displaying the one or more keys of the virtual keypad on a computing device in accordance with a key's determined size and symbol, where a first displayed key is displayed at a different size than a second displayed key. The method further includes receiving a user input corresponding to the one or more keys and comparing the user input with a sequence of symbols. The method also includes authenticating the user in accordance with the comparison of the user input and sequence of symbols.

Abstract: A wearable, non-visible identification device that provides reliable, tamper proof, friendly-force identification and intruder detection. The device is integrated as a part of the wearer's uniform and includes a user input surface for periodic entry of a unit- or user-defined pass code. A timeout capability prevents the device and its identification signal from being used if the pass code is not entered within the specified time period. The preferred embodiment uses non-visible optical identification signals for 1-way identification using standard tactical equipment, making the device useful in the field during operations or at temporary security control points away from established bases. Alternative embodiments use radio-frequency, visible and reflective identification signals. All embodiments use identification signaling methods which are effective at safe stand-off distances to minimize the threat to security personnel.

Abstract: An electronic process to capture, track and monitor unique identifying information regarding automated teller machine (ATM) deposits. ATMs equipped with radio-frequency identification (RFID) or other remote identification technology may enable the electronic transfer of key data elements to general ledger and asset tracking processing systems.

Abstract: An automatic locking system for a medical treatment device helps to ensure that an assistant is present during treatment of a patient. Among the features disclosed biometric authentication to verify that a trained assistant is present, a presence detector to ensure the assistant is continuously present during treatment, and warning and recovery processes that allow intermittent lapses in the continuous presence of the assistant.

Abstract: This patent specification relates to apparatus, systems, methods, and related computer program products for providing home security/smart home objectives. More particularly, this patent specification relates to a plurality of devices, including intelligent, multi-sensing, network-connected devices, that communicate with each other and/or with a central server or a cloud-computing system to provide any of a variety of useful home security/smart home objectives.

Abstract: A method of secured passcode entry is disclosed. The method, in one embodiment, includes: receiving a request to authenticate a user; in response to receiving the request, generating a passcode entry interface that includes a plurality of buttons for the user to compose a passcode entry, each button representing a character of a set of characters, the set of characters having a natural sequence, wherein said generating includes displaying the buttons on a touchscreen of the electronic device in an arrangement that does not reflect the natural sequence of the set of characters; detecting a touch event, represented as a coordinate on the touchscreen, interacting with the touchscreen while the passcode entry interface is displayed, wherein the touch event is indicative of at least a portion of a passcode entry by the user; and verifying an authenticity of the passcode entry based at least partly on the touch event.

Abstract: In embodiments of the present invention improved capabilities are described for managing RFID tags, where an RFID tag and associated RFID tag data are presented to a computing device through an RFID drive management facility as a seamless extension of a logical file system within the computing device such that the RFID tag and associated RFID tag data can be managed in a manner that is consistent with other items within the file system.

Abstract: An access management and reporting system includes a keysafe that is located outside of a building and a communication system that is located within the building. The communication system is configured to perform, over a short-range wireless communication protocol, two-way communication with a communication module of the keysafe. The system also includes a server that is located remote from the building and the keysafe. The server is configured to perform, over a long-range communication protocol, two-way communication with the communication system located within the building, is configured to manage access to the keysafe, and is configured to handle reporting related to access of the keysafe.

Abstract: An arrangement for secure user authentication includes a computer or telecommunication terminal with a smartcard and a device. The smartcard is adapted to securely store biometric information relating to at least one user and the device is adapted to detect biometric data of users. The smartcard and the device include a radio interface for communicating together and a module for exchanging biometric information between each other. In this way, tampering of the transferred biometric information is difficult. In order to increase the security, one or more of the following measures may be used: a secure communication channel between the device and the smartcard, a direct (preferably short range) communication channel between the device and the smartcard and encryption and decryption of biometric information transferred between the device and the smartcard.

Abstract: In embodiments of the present invention improved capabilities are described for a Radio Frequency ID (RFID) tag that contains multiple Radio Frequency (RF) network nodes that may include memory storage for the RFID tag, the memory storage may include one time programmable (OTP) memory and many time programmable (MTP) memory and the storage of the information may be within the OTP and MTP memory.

Abstract: The invention provides a remote control device with password functions. Control function buttons can be used for sending control signals and for password entry. The remote control device is configured such that a user can enable and disable a password mode. When the password mode is enabled, the remote control is configured to require a password being entered using one or more control function buttons before a control signal will be transmitted in response to a control function being pressed or disabling the password mode. A user can also invoke a password programming function to enter, change or erase a password using one or more control function buttons.

Abstract: An RFID tag including a transmitting/receiving unit, a memory and a control unit. A first identification code, a second identification code, a password, and a set of data are stored in the memory. If the set of data is under protection, the set of data is accessible only when a verification procedure corresponding to the password is successfully performed. If the transmitting/receiving unit receives a request for accessing the second identification code, the control unit shall check whether the request includes the first identification code. As long as the checking result of the control unit is yes, even if the set of data is under protection and the verification procedure fails or the verification procedure is not successfully performed, the control unit shall still transmit the second identification code via the transmitting/receiving unit.

Abstract: A method of operating a communication device to interface with a machine system comprises projecting a human-machine interface (HMI) system for the machine system on a surface, wherein the HMI system comprises a plurality of commands associated with the machine system, detecting an input from a user, wherein the input comprises a fluid motion in air performed by the user corresponding to a selection of a command of the plurality of commands associated with the machine system, and transferring the selected command for delivery to the machine system.

Abstract: Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

Abstract: A method and system for protection of and secure access to a computer system or computer network. The method includes the steps of receiving a first login account identifier, such as a user name from a user in communication with the computer system or network. A determination is made if the user is recognized and enrolled from the first login account from the first login account identifier. If the user is recognized, a grid of randomly generated visual images is displayed including one visual image from an image category which has been preselected by the user upon enrollment. An image category identifier is randomly assigned to each visual image in the grid. An image category identifier, second login account identifier, such as a password, is entered and received. If the login account identifier and the image category is validated, access is permitted to the computer system or network.

Abstract: Method for communication between a central server and a computerized juke-box which operates in a conference mode, including: sending a header before any transaction, which includes the identity of the destination together, the identity of the emitter, and the size of the packets; responding from the server in the form of a data packet, each packet sent by the server being encoded using the identification code of the juke-box software; and receiving a data packet by the juke-box, which decodes the packet, simultaneously performs a check on the data received by the CRC method and sends an acknowledgement of receipt to the server indicating the accuracy of the information received, to allow it to prepare and send another packet to the juke-box.

Abstract: A method and apparatus for enabling consumers to scan RFID tags using home based endpoint devices that can transmit the scanned information to network based services are disclosed. Using the RFID scanned information, consumers can then access, retrieve and view additional information regarding products, in which RFIDs are embedded, on video display devices, such as televisions or video display monitors. This product related information can include interactive technical support, companion product information, or instructional guidelines.

Abstract: The invention is directed to a control system for managing access of users to a plurality of restricted areas. The control system includes at least one manager module and one or more provider modules. The modules are configured in particular fashions.

Abstract: A system for managing underground assets with RFID tags provides for expanded virtual storage by wirelessly linking the field RFID tag reader to a centralized database through a unique series code in the RFID tag.

Abstract: The disclosure provides a system and method for associating an electronic device with a remote electronic device. In the method at the remote device, an authentication process is initiated to authenticate the remote device to the electronic device. The authentication process includes: generating a pass key according to an authentication protocol followed by the remote device; and providing the pass key to a user through an output device on the remote device. The method also includes: waiting for the user to provide the pass key to the electronic device; and if the remote device receives a timely message from the electronic device indicating that the remote device has been authenticated, activating additional applications on the remote device to allow it to communicate with the electronic device.

Abstract: A technology for providing a service based on an electronic tag. A personalized service provider issues a new code that replaces a code recorded on an electronic tag which is attached to a product purchased by a purchaser, sets a privacy policy of the purchaser, authenticates the new code and purchaser information, and provides a service associated with the product in a limited manner according to the set privacy policy when a person who accesses the personalized service provider is not the purchaser of the product.

Abstract: A vehicle screening method and system. A vehicle occupant can be identified utilizing one or more biometric identifiers input by or obtained from the vehicle occupant via a biometric input device. A barcode can also be provided by the vehicle occupant from a scanned card or other structure upon which the barcode is maintained. Additionally, a unique identification number can be provided by the user in order to match the unique identification number against a database of identification numbers, thereby permitting the vehicle occupant to be remotely screened and verified for entry into a secure facility based on the biometric identifier(s), the barcode and the unique identification number.

Abstract: A system and method for identity verification in a detention environment and for tracking information between individuals in a detention environment with individuals who are not in the detention environment across disparate functional systems.

Abstract: A method for joining a conference call from a communication device, the communication device having a locked state and an unlocked state. The method includes displaying an interface on the communication device while the communication device is in the locked state, the interface including an option to join a scheduled conference call, receiving an input for selection of the option while the communication device is in the locked state, unlocking the communication device to the unlocked state, and sending a communication to a second communication device for establishing a conference call session.

Abstract: A communication or computing device having a touchscreen interface is adapted to detect a duress condition upon user access through input of a gesture-based password or authentication code. One or more force sensors are provided for detection of force applied at the touchscreen surface, and interoperate with processing elements to detect input of a gesture-based password through contact at the touchscreen interface; determine that force detected by at least one of the force sensors during input of the password exceeds a predefined threshold; and compares the input password with previously stored information to determine that the input password substantially corresponds to the previously stored information. If the input password substantially corresponds to the previously stored information and the detected pressure exceeds the threshold, a duress condition is determined for the device.

Abstract: An electronic device includes an input unit, a processing unit and a coding/decoding system. The coding/decoding system includes a reflector array, a knob group, an infrared emission unit, an infrared receiving unit and a coding/decoding unit. The reflector array includes at least one mirror mounted rotatably in the electronic device. The knob group is configured for adjusting angles of the reflector array. The infrared receiving unit is configured for receiving infrared rays reflected by the reflector array and generating a password signal according to the received infrared rays. The coding/decoding unit is configured for receiving the password signal and converting the password signal into a password. The coding/decoding unit stores the password and locks the electronic device according to the password. To unlock the electronic device, the coding/decoding unit compares the password with a pre-stored password to determine whether to unlock the electronic device.

Abstract: A technology for providing a service based on an electronic tag. A personalized service provider issues a new code that replaces a code recorded on an electronic tag which is attached to a product purchased by a purchaser, sets a privacy policy of the purchaser, authenticates the new code and purchaser information, and provides a service associated with the product in a limited manner according to the set privacy policy when a person who accesses the personalized service provider is not the purchaser of the product.

Abstract: A method for granting access with a touch sensitive display is provided. The method includes displaying a security access interface on a touch sensitive display, wherein the security access interface has at least one polyhedron object; changing the at least one polyhedron object from a first state to a second state according to detections of inputs/contacts with the touch sensitive display; recording parameters of the at least one polyhedron object in the second state; determining if the recorded parameters satisfy the predetermined values; granting access when the record parameters satisfy the predetermined values. A security system using the method is also provided.

Abstract: Provided is a remote mobile device access and control method, and particularly a generic approach for providing remote mobile device access and control. To this end, there is provided a method for a user to access and control his/her mobile device at a remote location by using a remote mobile device access and control architecture that allows the user to access an application and data of his/her mobile device.

Abstract: The present disclosure facilitates gesture-based interaction with a computer-system. The method may comprise pairing a transaction account with a likeness, receiving the likeness and a transaction request based upon the location of a marker in three dimensional space, retrieving the transaction account paired with the likeness, and approving the transaction request at least partially based upon the transaction account and the likeness.

Abstract: A method for controlling data access to and from an RFID device wherein the RFID reading device authenticates himself to the RFID device before the RFID device communicates with the RFID reading device. The RFID device is equipped with a physically uncloneable function, which is adapted to produce a unique but unpredictable response signal upon receiving a predefined challenging signal. During an enrolement of the RFID device, a first response signal is uniquely associated with a first challenging signal and is stored in a memory of the RFID device. The first challenging signal represents a password for opening further data communication with the RFID device. When a RFID reading device queries the RFID device with a second challenging signal, the RFID device compares a corresponding second response signal with the first response signal stored during enrollment and only if there is a match, responds with its identifier.

Abstract: In embodiments of the present invention improved capabilities are described for a Radio Frequency ID (RFID) tag that contains multiple Radio Frequency (RF) network nodes that provide enhanced memory capabilities, redundant functionality, and multiple frequency capabilities to the RFID tag using an inter-RF network node communication connection. The inter-RF network node communication may allow the coordination of RFID tag memory and functionality.

Abstract: A software-based security agent that hooks into the operating system of a computer device in order to continuously audit the behavior and conduct of the end user of the computer device. The detected actions of the end user can be stored in a queue or log file that can be continuously monitored to detect patterns of behavior that may constitute a policy violation and/or security risk. When a pattern of behavior that may constitute a policy violation and/or security risk is detected, an event may be triggered. A frequency vector string matching algorithm also is disclosed. The frequency vector string matching algorithm may be used to detect the presence or partial presence of subject strings within a target string of alphanumeric characters. The frequency vector string matching algorithm could be used to detect typos in stored computer records or to search for records based on partial information.