Abstract: In one embodiment, a user login device may create a user identifier template 400 for identifying a user by implicitly capturing one or more biometric identifier readings. A user login device may capture an enrollment biometric identifier reading of a user during an operational user action. The user login device may apply the enrollment biometric identifier reading in creating a user identifier template 400.

Abstract: The techniques and systems disclosed herein pertain to preventing unauthorized access to computing resources by unauthorized persons by deploying biometric security. To implement biometric security, the computing device, possibly by the OS, may obtain samples of one or more biometric factors unique to the owner. The computing device may construct pattern-matching templates corresponding to the biometric samples, which may be stored for later use when a protected resource is requested. Computing resources may be selected for protection by a biometric security mechanism by an authorized user or by other techniques or default settings. Before allowing certain restricted actions, the OS may request that the user provide one of the previously registered biometric samples. If the biometric sample matches the user's stored pattern-matching template, the OS may grant access to the computing resource, otherwise, the OS may deny access to the computing resource.

Abstract: In one embodiment, a user login device may create a user identifier template 400 for identifying a user by implicitly capturing one or more biometric identifier readings. A user login device may capture an enrollment biometric identifier reading of a user during an operational user action. The user login device may apply the enrollment biometric identifier reading in creating a user identifier template 400.

Abstract: The techniques and systems disclosed herein pertain to preventing unauthorized access to computing resources by unauthorized persons by deploying biometric security. To implement biometric security, the computing device, possibly by the OS, may obtain samples of one or more biometric factors unique to the owner. The computing device may construct pattern-matching templates corresponding to the biometric samples, which may be stored for later use when a protected resource is requested. Computing resources may be selected for protection by a biometric security mechanism by an authorized user or by other techniques or default settings. Before allowing certain restricted actions, the OS may request that the user provide one of the previously registered biometric samples. If the biometric sample matches the user's stored pattern-matching template, the OS may grant access to the computing resource, otherwise, the OS may deny access to the computing resource.

Abstract: A biometric identity broker can obtain exclusive control of biometric sensors communicationally coupled to a computing device, and can create biometric unit components for each of the sensors. Each biometric unit component can utilize a sensor plug-in, a processing plug-in and a storage plug-in, that can either be provided with the sensor or can be default plug-ins, in order to provide a baseline level of functionality irrespective of the functionality provided by, or with, the sensor to which the biometric unit is associated. A factor-specific service provider can act across all biometric units associated with sensors directed to a common biometric factor and can arbitrate among multiple clients simultaneously awaiting input and can manage multiple identities associated with a single biometric template based on the sensor receiving the biometric input. The biometric identity broker, factor-specific service providers and biometric units can be part of the trusted computing base.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: Multiple images including a face presented by a user are accessed. One or more determinations are made based on the multiple images, such as a determination of whether the face included in the multiple images is a 3-dimensional structure or a flat surface and/or a determination of whether motion is present in one or more face components (e.g., eyes or mouth). If it is determined that the face included in the multiple images is a 3-dimensional structure or that that motion is present in the one or more face components, then an indication is provided that the user can be authenticated. However, if it is determined that the face included in the multiple images is a flat surface or that motion is not present in the one or more face components, then an indication is provided that the user cannot be authenticated.

Abstract: A method and system for enforcing a security policy encoded in an instruction set of a security virtual machine is provided. A security system provides a security virtual machine that executes security programs expressed in the instruction set of the security virtual machine. The security system stores the security program in an instruction store of the security virtual machine. When a security enforcement event occurs, the security virtual machine executes the instructions of its instruction store using data of the security enforcement event to enforce the security policy.

Abstract: Multiple images including a face presented by a user are accessed. One or more determinations are made based on the multiple images, such as a determination of whether the face included in the multiple images is a 3-dimensional structure or a flat surface and/or a determination of whether motion is present in one or more face components (e.g., eyes or mouth). If it is determined that the face included in the multiple images is a 3-dimensional structure or that that motion is present in the one or more face components, then an indication is provided that the user can be authenticated. However, if it is determined that the face included in the multiple images is a flat surface or that motion is not present in the one or more face components, then an indication is provided that the user cannot be authenticated.

Abstract: A biometric identity broker can obtain exclusive control of biometric sensors communicationally coupled to a computing device, and can create biometric unit components for each of the sensors. Each biometric unit component can utilize a sensor plug-in, a processing plug-in and a storage plug-in, that can either be provided with the sensor or can be default plug-ins, in order to provide a baseline level of functionality irrespective of the functionality provided by, or with, the sensor to which the biometric unit is associated. A factor-specific service provider can act across all biometric units associated with sensors directed to a common biometric factor and can arbitrate among multiple clients simultaneously awaiting input and can manage multiple identities associated with a single biometric template based on the sensor receiving the biometric input. The biometric identity broker, factor-specific service providers and biometric units can be part of the trusted computing base.

Abstract: A system and method for distributed peer attack alerting is disclosed. The method includes accessing a peer community wherein the peer community comprises a plurality of nodes comprising a network and wherein at least one of the plurality of nodes comprises an attack identifier. The method further includes identifying an attack at one of the plurality of nodes. In addition, the method includes transmitting an alert to the plurality of nodes, the alert comprising information associated with the attack and automatically configuring at least one attack identifier associated with one of the plurality of nodes in response to the alert.

Abstract: A computer related security mechanism requires that a human participate in an access verification sequence. Upon a request to access secure data, a puzzle is provided to the requester. Proper solution of the puzzle requires human participation. The puzzle is chosen such that its solution is within the capabilities of a human, but beyond the current state of the art for computer systems. The puzzled can be visually and/or audibly rendered to the user. In one configuration, the puzzle is obtained via a library of pluggable puzzle generators. Puzzle generators in the library can be replaced as the state of the art of computing technology improves.

Abstract: A system and method for distributed peer attack alerting is disclosed. The method includes accessing a peer community wherein the peer community comprises a plurality of nodes comprising a network and wherein at least one of the plurality of nodes comprises an attack identifier. The method further includes identifying an attack at one of the plurality of nodes. In addition, the method includes transmitting an alert to the plurality of nodes, the alert comprising information associated with the attack and automatically configuring at least one attack identifier associated with one of the plurality of nodes in response to the alert.