Abstract: A method and system for processing a transaction based on biometric data and access data is disclosed. Different accounts and providers may be used to process transactions, using different message formats, based on user-configured mappings. In one example, the method includes receiving, by a message processing system, an authorization request message from an access device, the authorization request message comprising a biometric template and access data. An interaction entity record identifier, associated with an interaction entity from among a plurality of different interaction entities that process messages in different message formats, may be retrieved. The authorization request message may be converted from a first format to a second format, the second format being compatible with message processing by the interaction entity. The converted authorization request message may be transmitted to the interaction entity for determining whether to authorize the transaction.

Abstract: A server may include at least one server processor configured to execute an application. A desktop virtualization system may include at least one desktop virtualization processor. The desktop virtualization processor may be configured to instantiate a virtual desktop; authenticate a user of a client device; in response to authenticating the user of the client device, place the client device in communication with the virtual desktop through at least one network; launch a secure browser in the virtual desktop; and using the secure browser, place the client device in communication with the server through the at least one network. The application may be configured to perform processing in response to at least one command from the client device. The processing may include generating a one-time passcode, establishing a code word not communicated through the at least one network, and sending a message including the one-time passcode to a sender client device.

Abstract: Systems and methods related to a lock for providing contactless secure access to an automobile are described. A current state of the lock can be changed based on an exchange of information, via a wireless interface, between a mobile device and the lock. The exchange of information includes a use of a sharable digital key associated with at least one of a set of persons authorized to change a state of the lock. The exchange of information is configurable to operate in a first mode or a second mode. In the first mode, no identity-related information from at least one set of persons attempting to change the state of the lock to is required. In the second mode, identity-related information from at least one of a set of persons attempting to change the state of the lock is required.

Abstract: An authentication method for a user to access service providers through an online enabled device, an offline authentication device configured to authenticate a user to service providers through online enabled devices, and a user authentication system comprising a authentication device, an online enabled device and online service providers.

Abstract: Examples disclosed herein relate to integrity monitoring of a computing system. Trust of state information is verified. Kernel code and module code are loaded into memory that is accessible to a device separate from a processor that loads the kernel code and module code. A measurement module is verified and loaded into memory. The state information can correspond to multiple symbols. The measurement module can measure the state information corresponding to each of the respective symbols to generate a set of initial measurements. The set of initial measurements can be provided to a device for integrity monitoring.

Abstract: A security authentication system for a website provides a safe login without having to directly enter an ID and a password on a user device requesting login to the website. A first user device receives one-time use authentication information from a second user device after the second user device received the one-time use authentication information from an authentication server without the authentication server receiving user login authentication information from the second user device. A request is transmitted to the authentication server based on the one-time use authentication information and the user login authentication information. In response to the request, one-time password (OTP) information is received from the authentication server. The OTP information is presented by the first user device, such that the OTP information can be entered into the second user device and used in a request to log in to the website.

Abstract: A heterogeneous device authentication system and method authenticate heterogeneous devices in various manners according to user environments. The heterogeneous device authentication system includes an authentication information matching device communication-connected with a plurality of heterogeneous devices and configured to match a plurality of user authentication information of different authentication means to the heterogeneous devices. The authentication information matching device includes a controller and a communication unit communication-connected with the heterogeneous devices.

Abstract: Authentication methods and systems are disclosed. In one non-limiting example, an authentication method may include detecting a user within an image, determining that the image further includes additional recognizable data, analyzing the additional recognizable data and one or more biometric features of the user, and determining that the additional recognizable data and the one or more biometric features of the user correspond to valid additional recognizable data and valid biometric features of an enrolled user, respectively. The method may further include enabling the user to access a protected asset based on determining that the additional recognizable data and the one or more biometric features of the user correspond to valid additional recognizable data and valid biometric features of an enrolled user, respectively.

Abstract: Systems and methods can allow for secure cross-device sharing of transient data using direct transient data sharing (“DTDS”). A source destination can share data using local DTDS with an agent on a first device. The agent can send the data to a hub server that runs a security control process and data formatting process. The hub server can determine risk scores for the source and destination devices and allow the sharing to occur if a safety threshold is met. Then an agent on the destination device can receive the transient data and use local DTDS to send the data to a destination application.

Abstract: Various embodiments are generally directed to performing an authentication persistence check and, based on the check, allowing a previously successful authentication to persist on a user apparatus. The check may involve a stability check on the user apparatus. If the user apparatus is stable, device fingerprinting on the apparatus may be performed, the result of which may be compared to a snapshot of apparatus taken at the time of successful authentication. If the comparison reveals changes or drifts that are within a predetermined threshold, then the persistence of the authentication is allowed.

Abstract: An example method of logging in an automation user to a container image registry in a virtualized computing system is described, the container image registry managing container images for deploying containers in the virtualized computing system. The method includes: receiving, at a credential manager in the container image registry, a login request from a service executing in the virtualized computing system representing the automation user, the login request for image access to the container image registry and including an automation token; authenticating the automation token as credentials of a robot account in the container image registry corresponding to the automation user; and authorizing the automation user as identified in the automation token of the login request in response to the robot account having privilege for the image access.

Abstract: In an authority management method for providing interoperability across different locations and networks, an identity information database and an authority information database are established. Biological image information is obtained from users and registered in the database or an associated database. Biometric image information and an access request of a user are obtained. If there is certain identity information matching the biometric image information of the user in the identity information database, information as to authority and extent of authority are certain identity information queried from the authority information database. The access request is determined to be allowed or not allowed according to the certain authority information. If the access request is to be granted, and allowed in respect of a desired activity, an operation instruction is generated accordingly. A system for administering such method and device applying method are also disclosed.

Abstract: A contact may select to use a biometric input to access help and services related to the contact. On a portable computing device, a user may contact a help service. The help service contact address may be known and an app may execute if the contact attempts to communicate with the contact address. The app may receive the biometric data, compare it to known biometric data for the user and determine if the received biometric data is sufficiently close to the stored biometric data, the communication may be forwarded to a help or service agent.

Abstract: System and method for establishing secure conference calls. In one example system, a central conference call server establishes point-to-point connections with accessory devices comprising a secure element and connected to corresponding participant devices. The conference call server includes an interface to a plurality of secure elements configured to perform scrambling and unscrambling of media signals communicated to and from the accessory devices. In another example, one of the participant devices operates as the central conference call server. In other examples, participant devices communicate on a conference call via point-to-point connections between all accessory devices connected to the participant devices. The accessory devices include secure elements for decryption and encryption of media signals communicated between the accessory devices.

Abstract: Disclosed are various aspects of voice skill session lifetime management. In some examples, an inaudible sonic check-in announcement is detected. An inaudible sonic request for check-in authentication is emitted by a voice-activated device. An inaudible sonic authentication is detected. The inaudible sonic authentication includes a service provider identifier. The inaudible sonic check-in announcement is identified as authentic based on task data retrieved based on the service provider identifier. An inaudible sonic approval to perform a task specified in the task data is emitted by the voice-activated device.

Abstract: Techniques for secure authentication in virtual reality are provided. A virtual reality application executing on a virtual reality device can provide virtual reality environment. The virtual reality application may communicate with a server that provides a plurality of objects for display in the VR environment. The environment can include an object that, once selected, may initiate an authentication process. Once initiated, an authentication application may be launched on the VR device, so that a private authentication environment may be provided to the user. The user may be prompted to provide a biometric sample using one or more input devices coupled to the VR device. The biometric sample can then be sent to the authentication server, so that an authentication result may be determined from a comparison of the sample to a biometric template established during registration.

Abstract: A facility for performing accurate and real-time privacy-preserving biometrics verification in a client-server environment is described. The facility receives the user's biometrics data such as face, voice, fingerprint, iris, gait, heart rate, etc. The facility then processes and applies various privacy-preserving techniques to this data to complete enrollment and authenticate users, including but not limited to: encrypting data with a key using homomorphic encryption techniques and sending the encryption to the server; the server computes directly on the encryption and returns the result, which is also encrypted under the same key, to the client; the client optionally performs post-processing and decryption (in any order) and obtains the enrollment or authentication result. The facility may repeat this process to increase security level, resulting in more than 1 round trip between the client and the server.

Abstract: A distributed identity system with local identification includes an identity system device and at least one local electronic device. The local electronic device locally stores at least a portion of identity information and the biometric identification information stored by the identity system device. The local electronic device determines identities by comparing received digital representations of biometrics with locally stored biometric identification information, performs actions using locally stored identity information included in the local copy, and uploads data related to the actions to the identity system device upon occurrence of an upload condition.

Abstract: A method of performing finite field addition and doubling operations in an elliptic curve cryptography (ECC) authentication scheme as a countermeasure to side-channel attack. The addition and doubling operations are executed using atomic patterns that involve the same sequence and number of operation types, so that the noise consumption and electromagnetic emanation profile of circuitry performing the operations is identical regardless of operation. A subtraction operation using such an atomic pattern is also disclosed.

Abstract: An adaptive user authentication system is disclosed that executes user authentication by verifying user identity using different authentication steps based on a risk score. The risk score enables determining if the requesting user's identity is to be verified. If it is determined that the user identity is to be verified, a sequence of authentication steps is implemented wherein more and more data is collected regarding the user as the user fails to be authenticated at each of the authentication steps. A first authentication step includes a numerical-based authentication step followed by a second authentication step including a live image authentication. If the user fails to be authenticated at either the first or the second authentication steps then a third authentication step to verify the user's passport is implemented.