Abstract: The present invention relates to a method for authorization management in a community (106) of connected objects (103, 104, 105), a master object being determined in said community, the method comprising: receipt, by the master object (102), of a request (110, 123, 130) to carry out an action concerning: the community (106) of connected objects (103, 104, 105) or an internal object of the community (106), the internal object being distinct from the master object (102); receipt (119, 124, 137) of a list of attributes (101), by an authentication server (107) that is distinct from the master object (102); after the list of attributes is verified by the authentication server (107) and a capability of the requesting object (101) is determined based on said list of attributes, receipt (201, 211, 221) by the master object (102) of an authentication token comprising said capability; transfer (202, 212, 222) of said authentication token to said requesting object (101).

Abstract: User bioelectrical authentication is provided. A bioelectrical configuration signature of a user in physical contact with a hardware token is received, via a token reader, during a low range radio frequency user authentication process to permit a secure transaction by the user. The bioelectrical configuration signature of the user is utilized as part of the low range radio frequency user authentication process to authenticate the user to perform the secure transaction.

Abstract: A user selection assistance apparatus includes: a registration unit that registers information of a plurality of users, which includes biometric features of the respective users, in advance and creates a list; a biometric detection unit that newly detects a current biometric feature of one user; a determination unit that compares the biometric feature that is detected to the biometric features that are registered, and determines a degree of similarity therebetween; a user choosing unit that chooses, from the list, one or more registered users having a biometric feature the degree of similarity of which satisfies a predetermined reference and creates a chosen user list; a display unit that displays the chosen user list; an input unit that receives selection of a specific registered user from the chosen user list; and an execution processing unit that executes predetermined processing when the input unit receives the selection of the specific registered user.

Abstract: Methods, systems, and apparatus for operations for performing a biometric recognition attack test on a biometric recognition device. An example method includes obtaining a test object for performing the biometric recognition attack test corresponding to the target user; performing the biometric recognition attack test on the biometric recognition device, comprising: controlling a mechanical arm to place the test object in a recognition area of the biometric recognition device; controlling the mechanical arm to adjust the test object to have a plurality of different test object poses with respect to the biometric recognition device; obtaining a test result for the test object in each test object pose of the plurality of different test object poses; and determining an attack test result of the biometric recognition attack test on the biometric recognition device corresponding to the target user.

Abstract: A system is provided and includes a resource, locking elements and a controller. The resource includes multiple independently securable resources. The locking elements are respectively configured to assume a locked condition in which corresponding ones of the multiple independently securable resources are locked and an unlocked condition in which the corresponding ones of the multiple securable resources are unlocked. The controller is receptive of an instruction to authorize users to unlock the one or more of the multiple independently securable resources and is configured to perform operating system (OS) level authentication of the users and OS level control of the locking elements in accordance with the instruction to authorize users and the OS level authentication.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a device are provided. The device determines that a target event occurred at a first server in a group of servers that are jointly managed. The device obtains, for the first server, a public-private key pair including a first key and a second key. The device provides the first key to the first server such that the first server is accessible by authentication with the first key. The device provides the second key to a client device such that the first server is accessible by the client device by providing the second key to the server. Subsequently, the device revokes the first key from the first server.

Abstract: A method for authenticating a user includes transmitting, from a first electronic device at a first location via a first communications link, first biometric information of a first user, authenticating a first identity of the first user for a transaction associated with an item, transmitting, from a second electronic device at a second location via a second communications link, second biometric information of a second user, authenticating a second identity of the second user located at the second location that is different from the first location, verifying that the first user at the first location corresponds to the second user at the second location, and authorizing access to the item at the second location, responsive to verifying by the server that the first user at the first location corresponds to the second user at the second location. Related systems, devices and computer program products are also described.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: Methods and systems are provided for a multi-factor authentication technique that includes inputs of a physical key possessed by the user as a factor. Such a key may be a physical object that the user possesses and that includes truly random features not easily reproducible. The key may be custom to the user and may include inclusions or anomalies that affect a signal transmitted through the key. Such effects may impart a unique effect on signals transmitted through the key, producing a unique fingerprint to identify whether the key is authentication. An input from the user may be an additional factor within the authentication process.

Abstract: Techniques are disclosed relating to generating authentication information independent of user input. In some embodiments, an authentication application repeatedly performs operations to authenticate a client application to one or more hosts of a server system during an automated tasks. In some such embodiments, an instance of the operations includes receiving, from the client application, a request to generate authentication information. In response to the request, the authentication application may retrieve authentication data for the user and, independent of user input, generate an item of authentication information based on the authentication data. The authentication application may then output the item of authentication information to the client application, where the item of authentication information is usable by the client application to authenticate to at least one of the one or more hosts.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. An authentication session is initiated to authenticate, via iris, a person claiming to be an authorized user. An obfuscation configuration is retrieved with respect to the authorized user and used to determine a sub-obfuscation configuration in accordance with information associated with the authentication session. A set of expected features associated with the sub-obfuscation configuration is obtained. One or more pictures are captured from the iris of the person who is expected to carry out at least one obfuscation measure consistent with the sub-obfuscation configuration for the authorized user in accordance with the information related to the authentication session and are used to determine whether the person is live based on the set of expected features associated with the sub-obfuscation configuration.

Abstract: Methods for identifying potentially sensitive information and protecting such potentially sensitive information include scanning systems that collect and/or disseminate such information. Without limitation, systems collect and/or disseminate personal identification numbers (e.g., personal identification numbers, tax identification numbers, etc.), such as merchant systems, bank systems, healthcare systems, and the like, that collect, use, or disseminate sensitive information may be scanned to identify sequences of data that are likely to be sensitive, and may take actions to protect such sequences of data. Scanning and protection systems are also disclosed.

Abstract: An electronic device performs techniques related to implementing biometric authentication, including providing user interfaces for: providing indications of error conditions during biometric authentication, providing indications about the biometric sensor during biometric authentication, orienting the device to enroll a biometric feature, and providing an indication of the location of the biometric sensor to correct a detected error condition.

Abstract: Examples of the present disclosure describe systems and methods for exploit detection via induced exceptions. In an example, one or more inspection points are generated by a threat processor. For instance, an inspection point may be generated by altering aspects of one or more APIs, setting a process or hardware breakpoint, and/or modifying permissions of one or more memory pages, among other examples. The threat processor may register one or more exception handlers corresponding to the generated inspection points. As a result, when a set of software instructions encounters an inspection point and throws an exception, the threat processor may catch the exception and process a context record associated with software execution according to identify the presence of an exploit. Accordingly, inspection points ensure that the software execution state is preserved, such that the call stack, registers, and other context information is available for analysis by the threat processor.

Abstract: An information processing system, apparatus, and method. The information processing system includes a plurality of types of devices connected to the information processing apparatus via a network, acquires usage authorization information indicating authority to use any one of the plurality of types of devices in response to an operation request not dependent on a type of the device based on user identification information of a user requesting an operation, specifies user account information with respect to the device related to the operation request based on the acquired usage authorization information, and cause the device to process the requested operation through an interface corresponding to the device based on the specified account information.

Abstract: A new approach is proposed that contemplates systems and methods to support email account takeover detection and remediation by utilizing an artificial intelligence (AI) engine/classifier that detects and remediates such attacks in real time. The AI engine is configured to continuously monitor and identify communication patterns of a user on an electronic messaging system of an entity via application programming interface (API) calls. The AI engine is then configured to collect and utilize a variety of features and/or signals from an email sent from an internal email account of the entity. The AI engine combines these signals to automatically detect whether the email account has been compromised by an external attacker and alert the individual user of the account and/or a system administrator accordingly in real time. The AI engine further enables the parties to remediate the effects of the compromised email account by performing one or more remediating actions.

Abstract: A method, computer system, and a computer program product for access control is provided. The present invention may include requesting a random gesture challenge, wherein the requested random gesture challenge includes an expected response associated with an authorized user. The present invention may include, in response to receiving a video data, determining whether the received video data includes a user response matching the expected response. The present invention may include determining whether a first heartbeat signal of a user matches a second heartbeat signal measured based on the received video data. The present invention may include, in response to determining a first match between the user response included in the received video data and the expected response and a second match between the first heartbeat signal and the second heartbeat signal, authenticating the user as the authorized user of the user device.

Abstract: A computing device for authenticating a user is provided. The computing device is operative to display a first text to the user, acquire a representation of the user subvocalizing a part of the first text, derive a user phrasing signature from the acquired representation, and authenticate the user in response to determining that the user phrasing signature and a reference phrasing signature fulfill a similarity condition. Optionally, the computing device may be further operative to determine if the user is authorized to read the first text. Further optionally, the computing device may be operative to reveal obfuscated parts of the first text in response to determining that the user is authorized to read the first text, or to discontinue displaying the first text, or to obfuscate at least part of the first text, in response to determining that the user is not authorized to read the first text.

Abstract: A method for authorizing access includes generating a public identity parameter and a private identity parameter for each server, and using the public identity parameter of a first server indicated by a first credential from a resource owner to perform identity encryption on the first credential and a first random parameter so as to generate and transmit a first request message to the first server. The private identity parameter is used to decrypt the first request message. The public identity parameter of a second server indicates by the second credential to perform identity encryption on the second credential and a second random parameter so as to generate and transmit a second request message. The second server uses the private identity parameter to perform decryption on the second request message, and the method determines, according to the decrypted second credential, a resource to be provided to the client.

Abstract: Provided are an unlocking method and a virtual reality device, including displaying A candidate icons, the A candidate icons including M password icons related to latest operations; in response to an operation of selecting an unlocking icon from the A candidate icons, acquiring the selected unlocking icon; and performing an unlocking operation according to the selected unlocking icon and the M password icons related to the latest operations. According to the unlocking method and apparatus provided by the embodiments of the present invention, by setting password icons related to latest operations, passwords can be updated in real time, so that the passwords are not easy to crack, and it is unnecessary to repeatedly and manually set the passwords.