Abstract: Systems, devices, methods, and computer readable media are provided in various embodiments having regard to authentication using secure tokens, in accordance with various embodiments. An individual's personal information is encapsulated into transformed digitally signed tokens, which can then be stored in a secure data storage (e.g., a “personal information bank”). The digitally signed tokens can include blended characteristics of the individual (e.g., 2D/3D facial representation, speech patterns) that are combined with digital signatures obtained from cryptographic keys (e.g., private keys) associated with corroborating trusted entities (e.g., a government, a bank) or organizations of which the individual purports to be a member of (e.g., a dog-walking service).

Abstract: Multiple participants of a video conference may be detected in the same physical space. A first participant of the multiple participants may be assigned to a virtual breakout room that is associated with the video conference. An availability of a physical resource for the first participant to use in connection with the virtual breakout room may be determined. The physical resource may be allocated to the first participant for use in connection with the virtual breakout room based on the availability. For example, a group of participants may be detected in the same physical space, individually assigned to virtual breakout rooms, and/or individually allocated a physical resource for use in connection with the virtual breakout rooms.

Abstract: A method for issuing and returning an item for loan, particularly a manually movable transport cart. A blocking element allows removal and use of the item by way of a release and, after a return, once more prevents the removal. A mobile communication device identifies itself to the blocking element wirelessly, the mobile communication device is associated with the item for loan when the item is released, and the association is cancelled when the item is returned. An issuing and return system has the blocking element attached to the item for loan, in particular is integrated in the item. The blocking element has a communication module for wireless communication with the mobile communication device of a customer. The mobile communication device has an identification feature, particularly a feature that personalizes the customer and which enables the association between the mobile communication device and the item for loan.

Abstract: The cloud server holds the main database for storing all the registration data that is handled in the present system, and the edge server that is arranged close to the sensor holds a sub-database for storing part of the registration data. The sub-database in the edge server stores only the registration data having a high probability of being verified in the edge server. In the case where the edge server verifies the detection data that has been acquired by the sensor with the registration data within the sub-database and determines that the registration data that matches the detection data does not exist within the sub-database, the configuration allows the detection data to be transmitted to the cloud server and requests the detection data to be verified with the registration data within the main database.

Abstract: A method including decrypting, by a user device based at least in part on utilizing a first trusted key generated by a trusted device, an assigned private key associated with the user device; decrypting, by the user device based at least in part on utilizing a second trusted key generated by the trusted device, a double-encrypted symmetric key to determine a single-encrypted symmetric key; decrypting, by the user device based at least in part on utilizing the assigned private key, the single-encrypted symmetric key to determine a symmetric key; and decrypting, by the user device based at least in part on utilizing the symmetric key, an encrypted folder stored on the user device to provide access to data included in the encrypted folder. Various other aspects and techniques are contemplated.

Abstract: An image processing apparatus including a job executer that executes a job pertaining to image processing, a storage capable of storing history information pertaining to the execution of the job by associating the history information with an executing user of the job, a display capable of displaying the history information, a recognizer that recognizes the executing user, and a controller, in which when the recognizer recognizes the executing user before the executing user is authenticated, the controller preferentially displays the history information associated with the recognized executing user on the display.

Abstract: Described herein are a system and techniques for enabling biometric authentication without exposing the authorizing entity to sensitive information. In some embodiments, the system receives a biometric template from a user device which is encrypted using a public key associated with the system. The encrypted biometric template is then provided to a second entity along with a biometric identifier. Upon receiving a request to complete a transaction that includes the biometric identifier and a second biometric template, the second entity may encrypt the second biometric template using the same public key associated with the system and perform a comparison between the two encrypted biometric templates. The resulting match result data file is already encrypted and can be provided to the system to determine an extent to which the two biometric templates match.

Abstract: A process for granting or denying a user access to a system using biometrics is disclosed. The process includes receiving a unique identifier for the system, receiving a unique identifier associated with the user, and verifying that the user is authorized to access the system. A passcode is transmitted to the device in the possession of the user, and a speech sample of the user speaking the passcode is returned. One or more attributes of the speech sample is compared with one or more attributes that are expected to be in a speech sample. Access is granted or denied based upon a correlation between the file's actual attributes and the predicted attributes.

Abstract: The present disclosure relates to the exchange of information between a message sending device and a message receiving device with message authentication and proposes to reduce the time required for message authentication by pre-computing a message tag, such as a MAC, and subsequently replacing the computation of the MAC when the tag is to be validated (or indeed also on sending) by a table look-up. The approach requires a set of messages and works particularly well for small sets of messages, for example as small as two or three messages, or less than five or ten messages. The approach finds particular application in control networks where control decisions have to be taken quickly and securely, for example in the control of a vehicle, for example an autonomous vehicle, or the control of a smart electricity grid.

Abstract: A system and method that provides the ability for users to select, create, and upload a collection of graphical images whereby a web site login process presents the user with an array of graphical images including the graphical images designated for an authentication pattern, the graphical image authentication system then determines that the graphical images chosen by the user are correct or incorrect without notifying the user until the process is complete.

Abstract: Systems, methods, and non-transitory computer readable media relate to smartcard biometric enrollment. In an embodiment that does not require a user to visit a central location to provide fingerprint images, an activation code corresponding to a unique ID that uniquely identifies a user of a service is generated and sent to the user. In response, at least one finger image is received from a user device. The image is processed to isolate a fingerprint image, which is used to generate a biometric template that is sent to a smartcard manufacturer and used to configure a smartcard for biometric authentication of the user. In another embodiment, a kiosk/ATM provides smartcard biometric enrollment by detecting a smartcard in the smartcard reader, verifying an ID of a user associated with the smartcard, capturing a biometric image from the user, processing the biometric image to generate a biometric template, and storing the biometric template on the smartcard.

Abstract: Provided is an authentication system capable of preventing determination that authentication of a person to be authenticated succeeds even though determination as to whether matching information matches registration information is not performed when authentication using two factors is performed. A determination unit 43 determines whether or not the matching information matches the registration information. A signature generation unit 21 of a client 10 generates a signature based on the message by using a signature key. A signature determination unit 34 determines whether or not the signature is a correct signature by using a first verification key, a message, and the signature. When it is determined that the matching information matches the registration information and it is determined that the signature is the correct signature, the authentication determination unit 37 determines that the authentication succeeds.

Abstract: Systems and methods for secure distribution of biometric matching processing are provided. Certain configurations include homomorphic encrypting of captured biometric information. In some configurations, the biometric information is classified without decryption between a first identity class and a second identity class. The biometric information may be formed as a feature vector. A homomorphic encrypted feature vector may be formed by homomorphic encrypting of the biometric information.

Abstract: The present disclosure describes a first device sending to a second device a face template of the user of the first device. When the second device captures an image, the second device may compare the face template to a second face template derived from the captured image. If a match is determined to exist, the second device may send the captured image to the first device. The face template may be transferred over a first communication interface, while the captured image may be sent over a second communication interface. The first communication interface may be Bluetooth and the second communication interface may be WIFI Direct. As such, the system may function in environments without cellular coverage and/or infrastructure WIFI networks. Additionally, the user of the first device does not need to be identified, only matched to the second face template.

Abstract: Techniques are provided for generation of secure video and tamper detection of the secure video. A methodology implementing the techniques according to an embodiment includes selecting a subset of macroblocks from a video frame to be transmitted and calculating a low frequency metric on each of the selected macroblocks. The method also includes performing a hash calculation on the low frequency metrics to generate a frame signature; encrypting the frame signature (using a private key) to generate an encrypted watermark; and modifying pixels of each of the selected macroblocks to generate the secured video frame, the modifications based on bits of the encrypted watermark that are associated with the selected macroblock. The method further includes authenticating a received video frame by comparing a calculated frame signature to an authenticated frame signature, the authenticated frame signature decrypted (using a public key) from an extracted watermark of the received video frame.

Abstract: An information processing apparatus includes an authenticating unit, a transmitting unit, a detecting unit, and a determining unit. The authenticating unit authenticates a user who is holding a portable device. The transmitting unit transmits an action instructing signal for issuing an instruction to perform an action to a portable device that is associated with the user, via a radio communication line. The detecting unit detects a change of a status of the portable device that is being held by the user. The determining unit determines, by determining whether or not the change corresponds to the instructed action, whether or not the user is holding the portable device.

Abstract: The invention concerns a system (1) to provide access to premises (P1-P4) that comprise entrances (E1.1, E1.2, E2-E4) locked by means of electromechanical key locks (L1.1, L1.2, L2-L4), which for locking and unlocking are powered by insertion and actuation of at least one programmable key (24). In said system (1) an administrator (10) contacts a service unit (20) in possession of a programmable key (24) and provides it with synchronization data (13) for an electromechanical key lock (L1.2) of at least one entrance (E1.1) of at least one premise (P1) at an exact geographic position of a site (S).

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for payment based on wireless communication and biological features. One of the methods includes determining at least one wireless communications device is within a wireless communication range of a payment collection system. Data specifying at least one account associated with the at least one wireless communications device and data specifying a biometric feature associated with the at least one account is obtained from a payment platform. The payment collection system collects a target biometric feature of a target user. In response to determining that the target biometric feature matches the biometric feature associated with the at least one account, a target account of the target user is determined based on the at least one account, and a deduction operation is performed on the target account.

Abstract: According to one embodiment of the present application, provided is an access management method of an access control device, comprising the steps of: receiving, from a user terminal, a first advertising packet including open authentication information; generating a key on the basis of at least a first random key; confirming the open authentication information on the basis of the generated key; and determining the opening of a door on the basis of the open authentication information.

Abstract: Siamese neural networks (SNN) are configured to detect differences between financial transactions for multiple financial institutions and transactions for a target party. A first neural network of the SNN tracks transactions (target transactions) for a particular customer or financial institution over time and provides a target output vector. Similarly, a second neural network of the SNN tracks transactions (baseline transactions) for all or a plurality of financial institutions (e.g., within a region) over the same period of time and provides a baseline output vector. The transactions for all or a plurality of financial institutions act as a baseline of transactions against which potentially fraudulent or money laundering activity may be compared. Because Siamese neural networks account for temporal changes based on the baseline of transactions, sudden changes in target transactions will only trigger an alarm if such changes (e.g., deviations or drifts) are relative to a baseline of transactions.

Abstract: An embodiment of the present disclosure provides a method for enhancing a fingerprint image, identifying a fingerprint, and starting-up a application program. The method for enhancing the fingerprint image includes: removing a background texture of a fingerprint image of a current frame to obtain a pure fingerprint image; performing a first preprocessing on the pure fingerprint image to obtain a first pre-processed image; obtaining an effective area of the first pre-processed image; performing direction field estimation and direction field correction on the effective area; and performing a second pre-processing on the effective area after direction field correction to obtain an enhanced fingerprint image. With the solution of this embodiment, the number of fingerprint collections is reduced, the quality of fingerprint images is improved, the complexity of fingerprint collection is reduced, the efficiency of fingerprint unlocking is improved, and the user experience is improved.

Abstract: A trust token may be created including authentication data for a user and his or her associated communication device. The trust token may be transmitted by the communication device to one or more recipients, such as a token server. The recipients may interpret the trust token and verify it against data written to one or more nodes of a blockchain when the user and the communication device registered for the trust token. Once the trust token is verified, the token server may be configured to generate, maintain, and provision account tokens representing sensitive data. The token server may push one or multiple account tokens to the communication device, thereby allowing the communication device to perform transactions with the account tokens. In other words, the implementation of a trust token may allow the communication device to be provisioned with multiple account tokens, without requiring multiple logins or transmissions of sensitive data.

Abstract: A biometric authentication system includes: a storage device that stores pieces of biometric information and pieces of registered information associated with the respective pieces of the biometric information and identifying the respective pieces of the biometric information; an acquisition device that acquires the biometric information of a user to be authenticated; and a control device that is configured to cause a notification device, when the biometric information acquired by the acquisition device matches a piece of the biometric information stored in the storage device, to notify of a piece of the registered information associated with the matched piece of the biometric information.

Abstract: Security on an information handling system may be improved by using a stylus. A stylus provides unique information about a user that may not be acquired by an information handling system through other methods. For example, a user's handwriting is often unique to that user and may provide a security check on the information handling system to confirm the user's identity. Further, the stylus is usually held in the user's hand and may be used to check the user's fingerprint to confirm the user's identity. These authentication techniques, including fingerprinting and handwriting, may be used to maintain persistent authentication while the user is using the stylus. As the user continues to interact with the information handling system with the stylus, the stylus continues to receive the user's fingerprint and handwriting, which may be checked to confirm the user of the information handling system is still the expected user.

Abstract: Systems and methods of detecting an unauthorized data insertion into a stream of data segments extending between electronic modules or between electronic components within a module, wherein a Secret embedded into the data stream is compared to a Replica Secret upon receipt to confirm data transmission integrity.

Abstract: Systems and methods for providing exception failover augmented, homomorphic encrypted (HE) distributing, end-to-endpoint persistent encryption, and distributed HE domain non-decrypting, privacy-protective biometric processing are provided. Some configurations may include generating HE biometric feature data, based on homomorphic encrypting the biometric feature data. Some configurations determine an exception status of the HE biometric feature data between exception and non-exception. Systems and methods may include performing a HE domain, non-decrypting biometric classifying of the HE biometric feature data.

Abstract: An electronic device with a display and an embedded fingerprint sensor displays a lock screen on the display. While displaying the lock screen, the electronic device detects a first touch input on the embedded fingerprint sensor. In response to detecting the first touch input on the embedded fingerprint sensor: the electronic device, in accordance with a determination that first timing criteria are met, displays content of a plurality of messages; and the electronic device, in accordance with a determination that second timing criteria, different from the first timing criteria are met, ceases to display the lock screen and displaying a home screen use interface for the electronic device with a plurality of application icons.

Abstract: Methods and systems for improved generation of biometrics using biometrics and secure storage of biometrics are provided. In one embodiment, a method is provided that includes scanning and digitizing a plurality of biometrics to form a plurality of digitized biometrics. An encryption key for use in cryptographic applications may be generated based on the plurality of digitized biometrics. A biometrics encryption seed may be received and may be used to encrypt the plurality of digitized biometrics to generate a plurality of encrypted biometrics. The plurality of encrypted biometrics may then be stored.

Abstract: In some implementations, a vehicle experience system may receive a service request associated with a vehicle. The vehicle experience system may qualify a driver for a vehicle experience involving the vehicle. The vehicle experience system may provide, to a user device associated with the driver, a verification code for authenticating the vehicle experience involving the driver and the vehicle. The vehicle experience system may provide, to a location management system associated with the vehicle, a notification that the vehicle is to be involved in the vehicle experience. The vehicle experience system may provide, to the location management system and based on receiving scan data being associated with the verification code, the authentication of the vehicle experience to enable a provisioning device to facilitate access to the vehicle.

Abstract: An encryption device includes: a parameter generating circuit configured to generate an encryption parameter including a number of initial valid bits based on an operation scenario; an encryption circuit configured to generate a cipher text by encrypting a plain text received from the outside, based on the encryption parameter; an operation circuit configured to generate a final cipher text by performing a plurality of operations on the cipher text according to the operation scenario and tag, to the final cipher text, history information of the operations performed on the final cipher text; and a decryption circuit configured to generate a decrypted plain text by decrypting the final cipher text and output a number of reliable bits of the decrypted plain text based on the history information.

Abstract: Systems and techniques are provided for linking subjects in an area of real space with user accounts. The user accounts are linked with client applications executable on mobile computing devices. A plurality of cameras are disposed above the area. The cameras in the plurality of cameras produce respective sequences of images in corresponding fields of view in the real space. A processing system is coupled to the plurality of cameras. The processing system includes logic to determine locations of subjects represented in the images. The processing system further includes logic to match the identified subjects with user accounts by identifying locations of the mobile computing devices executing client applications in the area of real space and matching locations of the mobile computing devices with locations of the subjects.

Abstract: In some embodiments, systems and methods provide distributed item authentication. In some embodiments systems comprise: a housing; a set of sensor systems; a transceiver; and an authentication control circuit configured to: obtain first sensor data of an item being authenticated, obtain an initial identification of the item; access an item authentication block specific to the item; obtain a first set of authentication instructions; control one or more sensor systems in accordance with the first set of authentication instructions; compare multiple current authentication sensor data to the set of multiple historic authentication sensor data; confirm that each of a threshold number of the multiple current authentication sensor data is consistent within a threshold variation of a corresponding one of the set of multiple historic authentication sensor data; and cause the item authentication block to be updated to include the confirmation of authentication of the item.

Abstract: Systems, methods, and apparatus for biometric digital signature generation for identity verification are disclosed. In one or more embodiments, a method for identity verification of a user comprises sensing, by at least one sensor, biometric information from the user. The method further comprises generating, by a sensor device, biometric data from the biometric information. Also, the method comprises hashing, by the user device utilizing a fuzzy hash algorithm or a hash algorithm (e.g., a non-fuzzy hash algorithm), at least a portion of the biometric data to generate a biometric digital signature for the user. In addition, the method comprises comparing, by a verification node, the biometric digital signature to a previous biometric digital signature for the user. Further, the method comprises verifying, by the verification node, the user when the verification node determines that the biometric digital signature is identical to the previous biometric digital signature for the user.

Abstract: [Object] To provide an information processing device, an information processing method, and a program. [Solution] The information processing device including: a region specification unit configured to specify a biological region for biometric authentication from image data; and an image processing unit configured to perform image processing on a processing region corresponding to the biological region such that biological information acquirable from the biological region is changed.

Abstract: Systems and methods for providing game content recommendation of a video game based on player's performance are disclosed. Prior to an actual video game play, a performance metric is calculated based on a stored player data and video settings of the game. The performance metric is evaluated to further calculate a performance metric of video game play session content indicative of aspects of actual video game play. A metrics data of each player in determined from the video game play session content. The player metrics data is analyzed relative to the stored player data and the video settings of the game to determine whether to recommend the video game play session content.

Abstract: Systems, methods, and computer-readable storage media utilized for authenticating and authorizing payments. One method includes receiving one or more biometrics and authenticating the one or more biometrics of the customer based on accessing a customer authentication database and comparing the one or more biometrics to one or more stored authentication templates. The method further includes receiving context information gathered by the POS device, wherein the context information includes a plurality of context elements that describe a context of the transaction and selecting a customer payment profile from a plurality of customer payment profiles identified by the one or more biometrics of the customer. The method further includes authorizing the payment for the transaction from a payment account associated with the selected customer payment profile and sending, to the POS device, a notification that the customer has been authenticated and that the payment for the transaction has been authorized.

Abstract: Physical unclonable functions (PUFs) are described. The PUFs utilize intrinsic information to determine the confidence level of comparison values. The information about confidence levels may be used to simplify the process of recovering the PUF secret. Since the information about confidence levels may be intrinsic, and not know outside the PUF, the PUF may be secure.

Abstract: A method and apparatus for storing and accessing sparse data is disclosed. A sparse array circuit may receive information indicative of a request to perform a read operation on a memory circuit that includes multiple banks. The sparse array circuit may compare an address included in the received information to multiple entries that correspond to address locations in the memory circuit that store sparse data. In response to a determination that that the address matches a particular entry, the sparse array may generate one or more control signals that may disable the read operation, and cause a data control circuit to transmits the sparse data pattern.

Abstract: Aspects of the disclosure relate to enhanced tracking of data over an asset lifecycle. A computing platform may receive, via the communication interface, user account information as part of an onboarding process in which a first user account is created. The computing platform may then compute, using a cryptographic hash function, a first hash value associated with the first user account, wherein the first hash value provides a trackable, immutable code corresponding to the first user account. Thereafter, the computing platform may monitor one or more events in a transaction activity pool. Upon detecting a new activity associated with the first user account in the transaction activity pool, the computing platform may append the new activity to a record in a trackable log linked to the first hash value.

Abstract: A system and method for multi-user security monitoring and remote notarization provides image capturing devices allow legal guardians to remotely observe and communicate with dependents in real time. The image capturing device comprises a motion and voice activated lens that articulates to follow and capture the image and sound of the dependent. The image capturing device is configured with a two-way communication network that allows for communications between the legal guardians and the dependent. An algorithm is programmable to control articulation of the motion and voice activated lens of the image capturing device. A password manager generates a unique password for the legal guardians to enable access to the image capturing device. A predetermined noise capturing device and an airborne residue capturing device relay emergency messages upon detection of predetermined noise and residue.

Abstract: A door status detecting method by using at least one QR code is executed by a door status detecting device including a camera unit and a processing unit. The camera unit is utilized to monitor a door having at least one QR code. The processing unit receives at least one monitoring frame of a monitoring video from the camera unit, and the processing unit further determines whether the door status of the door is at a closed status according to a position of the at least one QR code in the at least one monitoring frame. Since the processing unit utilizes the position of the at least one QR code to determine the door status, the processing unit does not need to include an Artificial intelligence (AI) model to detect the abnormal conditions. Therefore computation loads of the process unit can be reduced.

Abstract: A computer system includes memory hardware and at least one processor. The memory hardware stores a credential database and computer-executable instructions. The credential database includes multiple user profiles and multiple credentials. Each credential specifies one or more function privileges for each user profile that has been granted the credential.

Abstract: There is provided mechanisms for obtaining a VC certificate from a server. A method is performed by network equipment. The method comprises performing, by an enclave of the network equipment, measurements on at least one property of the network equipment. The method comprises providing, by the enclave, a request for the VC certificate from the server upon having attested the measurements. The method comprises receiving, from the server, the VC certificate in response to the request and storing the VC certificate in the network equipment.

Abstract: A face authentication apparatus includes a face image acquisition unit, a collation unit, a time measurement unit, and a threshold change unit. The face image acquisition unit acquires a face image of an authentication target. The collation unit performs face authentication on the face image of the authentication target on the basis of a threshold. The time measurement unit measures the elapsed time from the time of starting operation of the face authentication apparatus. The threshold change unit restricts changing of the threshold to a value larger than a value determined depending on the measured elapsed time.

Abstract: This invention is directed toward a communications server that enables individual actors on the Internet to be registered, their identities to be confirmed at an acceptable level of confidence, and their association with, and/or ownership of, certain user identifiers (such as email addresses, phone numbers, domain names, application usernames, and the like), to be verified. The invention also enables Internet actors communicate at different levels of security and to encrypt or sign digital messages and/or documents between each other while maintaining sole possession and control of their private cryptographic keys. To ensure the integrity of user information on the communications server has not been compromised, the invention includes embodiments to periodically backup crucial data in a publicly accessible blockchain format that cannot reasonably be altered, but can be independently verified.

Abstract: Example aspects include a method, apparatus, and computer-readable medium comprising identifying, by an access control system, an access attempt associated with an individual. The aspects further include confirming, by the access control system, an identity of the individual. Additionally, the aspects further include granting access to the individual by the access control system in response to confirming the identity of the individual. Additionally, the aspects further include building, by the access control system, a digital identity profile of the individual based on visual data of the individual captured contemporaneously with the access attempt.

Abstract: An operation method of a first communication node in a communication system may comprise estimating a channel state between the first communication node and a second communication node based on a pilot signal received from the second communication node; generating a first channel codebook based on the estimated channel state; transmitting information of the first channel codebook to the second communication node; receiving a response indicating whether the first channel codebook is to be used from the second communication node; when the response is an ACK indicating that the first channel codebook is to be used, generating a first secret key by using the first channel codebook; and transmitting data encrypted using the first secret key to the second communication node.

Abstract: A biometric authentication system may include a centralized database including stored biometric signature information for authenticating a user of one or more external systems. The biometric authentication system may extract data attributes from a biometric signature of the user and compare them to the stored biometric signature information in the database. The biometric authentication system may identify user identifier information associated with a signature key stored of the stored biometric signature information that matches the data attributes to authenticate the user to access secure information.

Abstract: Biometric data such as iris, facial, or fingerprint data may be obtained from a user. A public code may be generated from the biometric data, but does not obtain any of the biometric data or information that can be used to identify the user. The public code includes information that can be used to extract from the biometric data a biometric code that is suitable for bitwise comparison. Neither the underlying biometric data nor information from which the biometric data may be determined is stored as only the public code and the actual biometric feature of the user is required to generate the biometric code.

Abstract: A distributed database receives a first command and second command sent by a client for processing in the context of a transaction. The distributed database validates the transaction by computing a digest based on signatures of the first and second commands, and comparing the computed digest to a digest received from the client. The transaction is committed upon validation.