Abstract: An airflow management device is described that assists air cooling, exchange, and circulation of interior spaces by creating inward and outward airflow through a window opening. The device measures temperatures outside and inside a room, and determines when to exhaust warmer ceiling air and to draw cooler outside air. The exhaust component of the device captures warmer air at a higher level of the room and exhausts it through a window opening at a lower level. The intake component of the device draws cooler outside air through the window opening and discharges it into the room at a lower level than exhaust inflow. By expelling air from a high level and drawing it at a lower level, the room vertical temperature gradient is maintained thus optimizing cooling effectiveness. By microcontroller regulation of inflow and outflow, air pressure equilibrium between outside and inside is maintained thus maximizing airflow efficiency.

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on one or more environmental properties (e.g., ambient noise level, ambient luminosity, temperature, etc.), or one or more physiological properties of a user (e.g., heart rate, blood pressure, etc.), or both. Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity, as inferred from these properties. In addition, the illustrative embodiment enables the authentication challenge type to be tailored to particular environmental conditions (e.g., noisy environments, dark environments, etc.).

Abstract: An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage.

Abstract: An apparatus and methods are disclosed for authenticating users of wireless telecommunications terminals. In particular, the present invention enables the timing and type of authentication challenges to vary based on one or more of: the user's current geo-location, the current day and time, the presence or absence of other nearby users, and the identity of any nearby users. In accordance with the illustrative embodiment, the re-authentication time period (i.e., the length of time between authenticating and re authenticating a user) and the authentication challenge type (e.g., username/password, fingerprint recognition, etc.) can be determined based on these factors. The present invention is advantageous in that it enables the shortening of the re-authentication time and the selection of a more secure type of authentication challenge when it is more likely that a user's wireless telecommunications terminal might be accidentally left behind or stolen.

Abstract: Methods and apparatus are disclosed for authenticating a user based on the geo-location history of a geo-location-enabled wireless device (e.g., a GPS-enabled wireless telecommunications terminal, a smart card, an RFID tag, etc.). In a first illustrative embodiment, a user of a geo-location-enabled wireless telecommunications terminal (e.g., a GPS-enabled cell phone, a GPS-enabled notebook computer, etc.) who attempts to access a restricted resource is challenged with one or more questions that are generated from the terminal's geo-location history. In a second illustrative embodiment, a user of a data-processing system who attempts to access a restricted resource is asked to provide a username Z. The user is then challenged with one or more questions that are generated from the geo-location history of a wireless device that is associated with username Z (e.g., a cell phone that belongs to the user whose username is Z, etc.).

Abstract: An apparatus and methods are disclosed for authenticating users of wireless telecommunications terminals. A user is authenticated by instructing the user to travel to a geo-location, where the geo-location is referred to by an identifier that the user has previously associated with the geo-location. When the user chooses identifiers that are meaningful to the user, but that do not indicate the associated geo-locations to other people, the user can be securely authenticated via the following procedure: (i) select one of the identifiers that the user has defined, (ii) instruct the user to “go to <identifier>,” and (iii) declare the user authenticated if and only if the user visits the geo-location associated with <identifier>before a timeout expires.

Abstract: Method and apparatus for securing the transmission of DTMF signals by a telephone over a telephone line. If the telephone is operating in a mode wherein another party may hear any DTMF tone generated by the telephone, such as over the loudspeaker of a speakerphone or as part of a conference call, the telephone prevents generation of an audible signal which predictably corresponds to the actual DTMF value of any button pushed by the user.

Abstract: A method and system for resetting passwords in which an authenticated user who requests a new password is substantially immediately provided with one portion of the reset password while a second portion of the password is sent to a location to which the legitimate user for which the password is provided has access, such as a voice mailbox.

Abstract: A method and an apparatus are disclosed that enable an enhanced, interactive voice response (IVR) system to securely authenticate a user at a telecommunications terminal, without some of the disadvantages in the prior art. In particular, after the user at the telecommunications terminal requests access to a resource, the controlling IVR system of the illustrative embodiment issues a random challenge sequence to the user, along with interspersed “camouflage elements” and one or more directions as to how to respond. The user is then free to speak a returned sequence that answers the combined challenge sequence and interspersed camouflage elements; as a result, an eavesdropper overhearing the user hears what sounds like a random number or string. In short, the technique of the illustrative embodiment uses a challenge-response exchange of a substitution cipher interspersed with camouflage elements.

Abstract: A method and apparatus are disclosed that enable a user who forgets one of his two passwords to securely recover the forgotten password. After a user logs in using one of his two passwords, the illustrative embodiment reveals the other password to the user. The passwords are stored in a persistent table in both hashed and encrypted forms, but not in their original forms. The illustrative embodiment is advantageous over the prior art, where forgotten passwords are reset to a default value, in two ways. First, it avoids the inconvenience of a user having to log in using the default password, think up a new string that would make a good password, and change the password from the default to the new string. Second, it avoids the use of default-value passwords that might compromise security.

Abstract: The enclosure assembly comprises a stationary member including at least two substantially parallel sidewalls, the sidewalls, the sidewalls partially defining a cavity in which the fingerprint sensor is disposed. An access piece, configured to move relative to the stationary member, has a surface area larger than the surface area of the fingerprint sensor and further includes a conductive portion electrically coupled to ground. A movement apparatus is preferably mechanically coupled to the stationary member and the moveable access piece. The movement apparatus is configured to maintain the moveable access piece in a position covering the fingerprint sensor and yet to allow motion of the moveable access piece relative to the stationary member so as to expose the fingerprint sensor. According to another embodiment, a method for enrolling a composite image of an object using a fingerprint sensor is provided.

Abstract: The enclosure assembly comprises a stationary member including at least two substantially parallel sidewalls, the sidewalls, the sidewalls partially defining a cavity in which the fingerprint sensor is disposed. An access piece, configured to move relative to the stationary member, has a surface area larger than the surface area of the fingerprint sensor and further includes a conductive portion electrically coupled to ground. A movement apparatus is preferably mechanically coupled to the stationary member and the moveable access piece. The movement apparatus is configured to maintain the moveable access piece in a position covering the fingerprint sensor and yet to allow motion of the moveable access piece relative to the stationary member so as to expose the fingerprint sensor. According to another embodiment, a method for enrolling a composite image of an object using a fingerprint sensor is provided.

Abstract: A method and apparatus are provided for evaluating the security of authentication information that is extracted from a user. The disclosed authentication information security analysis techniques determine whether extracted authentication information can be obtained by an attacker. The extracted authentication information might be, for example, personal identification numbers (PINs), passwords and query based passwords (questions and answers). A disclosed authentication information security analysis process employs information extraction techniques to verify that the authentication information provided by a user is not easily obtained through an online search. The authentication information security analysis process measures the security of authentication information, such as query based passwords, provided by a user. Information extraction techniques are employed to find and report relations between the proposed password and certain user information that might make the proposed password vulnerable to attack.

Abstract: A method and apparatus are provided for extracting information from a user's memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.

Abstract: A method and apparatus are provided for generating passwords that may be memorized by a user, yet not easily guessed by an attacker. A user is presented with one or more textual, audio or visual hints. A password is automatically generated based on the selected hint (and possibly further input from the user). The presented hints may include poems, songs, jokes, pictures or words. The generated password and selected hint can be presented to the user during enrollment for further reinforcement and stored in a user database for subsequent reinforcement and verification. The enrollment process may schedule the sending of one or more reminder messages to the user containing the hint to reinforce the password in the user's memory.

Abstract: A query directed password scheme is disclosed that employs attack-resistant questions having answers that generally cannot be correlated with the user using online searching techniques, such as user opinions, trivial facts, or indirect facts. During an enrollment phase, the user is presented with a pool of questions from which the user must select a subset of such questions to answer. Information extraction techniques optionally ensure that the selected questions and answers cannot be correlated with the user. A security weight can optionally be assigned to each selected question. The selected questions should optionally meet predefined criteria for topic distribution. During a verification phase, the user is challenged with a random subset of the questions that the user has previously answered and answers these questions until a level of security for a given application is exceeded as measured by the number of correct questions out of the number of questions asked.

Abstract: A three party authenticating protocol is disclosed. During an enrollment phase, a user contacts a call center and is directed to a user verification server. The user verification server instructs the user to select and answer a number of questions that will be used for verification. The selected questions along with identifying indices for each question are stored at the user's location and at the user verification server. The user verification server sends the question indices to the call center, which in turn sends these indices to the user to obtain answer indices for each question. During a verification phase, the user contacts the call center and an authentication module asks the user to provide an asserted identity. The authentication module provides a random selection of question indices from those selected by the user. The user provides answer indices for each question to the authentication module. If the number of correctly matching answers exceeds a threshold, then the user is verified.

Abstract: Slices of image data are collected and frames of image data within the slices are compared and used to determine the overlap between slices so that full images may be reconstructed. Slice and frame image correlation methods are also used to compensate for image stretch. Slice and frame correlation techniques are disclosed that may be used to determine swipe start, swipe stop and swipe too fast conditions as well as anti-spoof techniques.

Abstract: A method of operating a personal verification system includes acquiring with a sensor a first image of a first biometric feature, removing background noise associated with the sensor from the image, and storing at least a portion of the first image. The method also includes acquiring with the sensor a second image of a second biometric feature and comparing at least a portion of the second image with the first image. If the second image is substantially different from the first image, the second image is displayed.

Abstract: The enclosure assembly comprises a stationary member including at least two substantially parallel sidewalls, the sidewalls, the sidewalls partially defining a cavity in which the fingerprint sensor is disposed. An access piece, configured to move relative to the stationary member, has a surface area larger than the surface area of the fingerprint sensor and further includes a conductive portion electrically coupled to ground. A movement apparatus is preferably mechanically coupled to the stationary member and the moveable access piece. The movement apparatus is configured to maintain the moveable access piece in a position covering the fingerprint sensor and yet to allow motion of the moveable access piece relative to the stationary member so as to expose the fingerprint sensor. According to another embodiment, a method for enrolling a composite image of an object using a fingerprint sensor is provided.