Abstract: The present disclosure relates to systems, methods, and computer-readable media for securely verifying an identity of a user of a client device based on a signal transmitted by the client device. For example, systems disclosed herein include registering a client device and facility device via a cloud computing system to enable the client device and facility device to securely communicate a signal via a wireless connection. The systems disclosed herein additionally include determining whether a trigger condition applies based on a position of the client device relative to the facility device. The systems disclosed herein further include maintaining and updating a subset of user verification information to include personal verification of a registered user of the client device. Using the subset of user verification information, a biometric scanning device may efficiently and accurately verify an identity of an individual associated with the client device.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for securely verifying an identity of a user of a client device based on a signal transmitted by the client device. For example, systems disclosed herein include registering a client device and facility device via a cloud computing system to enable the client device and facility device to securely communicate a signal via a wireless connection. The systems disclosed herein additionally include determining whether a trigger condition applies based on a position of the client device relative to the facility device. The systems disclosed herein further include maintaining and updating a subset of user verification information to include personal verification of a registered user of the client device. Using the subset of user verification information, a biometric scanning device may efficiently and accurately verify an identity of an individual associated with the client device.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for securely verifying an identity of a user of a client device based on a signal transmitted by the client device. For example, systems disclosed herein include registering a client device and facility device via a cloud computing system to enable the client device and facility device to securely communicate a signal via a wireless connection. The systems disclosed herein additionally include determining whether a trigger condition applies based on a position of the client device relative to the facility device. The systems disclosed herein further include maintaining and updating a subset of user verification information to include personal verification of a registered user of the client device. Using the subset of user verification information, a biometric scanning device may efficiently and accurately verify an identity of an individual associated with the client device.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for securely verifying an identity of a user of a client device based on a signal transmitted by the client device. For example, systems disclosed herein include registering a client device and facility device via a cloud computing system to enable the client device and facility device to securely communicate a signal via a wireless connection. The systems disclosed herein additionally include determining whether a trigger condition applies based on a position of the client device relative to the facility device. The systems disclosed herein further include maintaining and updating a subset of user verification information to include personal verification of a registered user of the client device. Using the subset of user verification information, a biometric scanning device may efficiently and accurately verify an identity of an individual associated with the client device.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: The use of user-specific data to process a biometric print, such that use of the biometric print is revoked by invalidating the user-specific data. The processed print is generated by performing one-way processing of the biometric print using the user-specific data. The processed print, not the biometric print, is then provided to the authentication system for later authentication of the user. During matching, the user later provides a current biometric, resulting in generation of a current biometric print. For each of multiple users, the user-specific is obtained for that user, and at least one processed print is generated for each user based on the current biometric print. The current processed prints are used by the authentication system to match against each of the enrolled processed prints. If a match is found, the user is identified as being the user associated with the matching enrolled print.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for securely verifying an identity of a user of a client device based on a signal transmitted by the client device. For example, systems disclosed herein include registering a client device and facility device via a cloud computing system to enable the client device and facility device to securely communicate a signal via a wireless connection. The systems disclosed herein additionally include determining whether a trigger condition applies based on a position of the client device relative to the facility device. The systems disclosed herein further include maintaining and updating a subset of user verification information to include personal verification of a registered user of the client device. Using the subset of user verification information, a biometric scanning device may efficiently and accurately verify an identity of an individual associated with the client device.

Abstract: The use of user-specific data to process a biometric print, such that use of the biometric print is revoked by invalidating the user-specific data. The processed print is generated by performing one-way processing of the biometric print using the user-specific data. The processed print, not the biometric print, is then provided to the authentication system for later authentication of the user. During matching, the user later provides a current biometric, resulting in generation of a current biometric print. For each of multiple users, the user-specific is obtained for that user, and at least one processed print is generated for each user based on the current biometric print. The current processed prints are used by the authentication system to match against each of the enrolled processed prints. If a match is found, the user is identified as being the user associated with the matching enrolled print.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: A computing device is described that selectively displays or suppresses personalized information on a lock screen based on the results of a biometric user authentication process. In embodiments, a measure of confidence that a user of the computing device is an authorized user is determined based on biometric data collected by one or more biometric sensors. If it is determined that the measure of confidence satisfies a criterion, then personal information associated with the user is selectively rendered to the lock screen while the computing device is in the locked state. If it determined that the measure of confidence does not satisfy the criterion, then such personal information may be suppressed from the lock screen. The application of the foregoing technique to selectively provide or deny access to certain functionality of the computing device via the lock screen is also described.

Abstract: Apparatus and methods of passive biometric enrollment are configured to provide an introductory experience upon activation of a computer device. The introductory experience involves a user performing movements that allow collection of passive user biometrics by a sensor of the device. The sensor may collect the passive user biometrics while the user performs the movements. The computer device may calibrate one or more features of the computer device based on the movements. The computer device may receive user credentials from the user. The computer device may store a biometric profile including the passive user biometrics in association with the user credentials.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: Presence based content access control techniques are described in which presence of users is used as a basis for enforcing content restrictions. In an implementation, applications are registered to receive feedback regarding users' presence in relation to a presentation of content via a computing device. The presence of users is recognized independently of authentication of the users to access user accounts. For example, an imaging sensor such as camera may be employed for recognition of multiple users engaged with the computing device. In addition or alternatively, presence devices associated with users such as badges, key fobs, or access cards may be detected to ascertain the presence of users. Feedback indicative of the one or more users that are recognized may then be supplied to the registered applications. The feedback enables the applications to control the presentation of content by enforcing content restrictions and/or taking other presence based actions.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: Apparatus and methods of passive biometric enrollment are configured to provide an introductory experience upon activation of a computer device. The introductory experience involves a user performing movements that allow collection of passive user biometrics by a sensor of the device. The sensor may collect the passive user biometrics while the user performs the movements. The computer device may calibrate one or more features of the computer device based on the movements. The computer device may receive user credentials from the user. The computer device may store a biometric profile including the passive user biometrics in association with the user credentials.

Abstract: Presence based content access control techniques are described in which presence of users is used as a basis for enforcing content restrictions. In an implementation, applications are registered to receive feedback regarding users' presence in relation to a presentation of content via a computing device. The presence of users is recognized independently of authentication of the users to access user accounts. For example, an imaging sensor such as camera may be employed for recognition of multiple users engaged with the computing device. In addition or alternatively, presence devices associated with users such as badges, key fobs, or access cards may be detected to ascertain the presence of users. Feedback indicative of the one or more users that are recognized may then be supplied to the registered applications. The feedback enables the applications to control the presentation of content by enforcing content restrictions and/or taking other presence based actions.

Abstract: Presence based content access control techniques are described in which presence of users is used as a basis for enforcing content restrictions. In an implementation, applications are registered to receive feedback regarding users' presence in relation to a presentation of content via a computing device. The presence of users is recognized independently of authentication of the users to access user accounts. For example, an imaging sensor such as camera may be employed for recognition of multiple users engaged with the computing device. In addition or alternatively, presence devices associated with users such as badges, key fobs, or access cards may be detected to ascertain the presence of users. Feedback indicative of the one or more users that are recognized may then be supplied to the registered applications. The feedback enables the applications to control the presentation of content by enforcing content restrictions and/or taking other presence based actions.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device.

Abstract: Presence based content access control techniques are described in which presence of users is used as a basis for enforcing content restrictions. In an implementation, applications are registered to receive feedback regarding users' presence in relation to a presentation of content via a computing device. The presence of users is recognized independently of authentication of the users to access user accounts. For example, an imaging sensor such as camera may be employed for recognition of multiple users engaged with the computing device. In addition or alternatively, presence devices associated with users such as badges, key fobs, or access cards may be detected to ascertain the presence of users. Feedback indicative of the one or more users that are recognized may then be supplied to the registered applications. The feedback enables the applications to control the presentation of content by enforcing content restrictions and/or taking other presence based actions.