Abstract: Techniques are disclosed for generating, utilizing, and validating traceable image CAPTCHAs. In certain embodiments, a traceable image is displayed, and a trace of the image is analyzed to determine whether a user providing the trace is human. In certain embodiments, a computing device receives a request for an image, and in response, creates a traceable image based upon a plurality of image elements. The computing device transmits data representing the traceable image to cause a second computing device to display the traceable image via a touch-enabled display. The computing device receives a user trace input data generated responsive to a trace made at the second computing device, and determines whether the trace is within an error tolerance range of the set of coordinates associated with the traceable image. The computing device then sends a result of the determination.

Abstract: A data processing apparatus including circuitry for performing data processing, a plurality of registers; and a data store including regions having different secure levels, at least one secure region (for storing sensitive data accessible by the data processing circuitry operating in the secure domain and not accessible by the data processing circuitry operating in a less secure domain) and a less secure region (for storing less secure data). The circuitry is configured to determine which stack to store data to, or load data from, in response to the storage location of the program code being executed. In response to program code calling a function to be executed, the function code being stored in a second region, the second region having a different secure level to the first region, the data processing circuitry is configured to determine which of the first and second region have a lower secure level.

Abstract: Described systems and methods allow protecting a computer system from malware, such as return-oriented programming (ROP) exploits. In some embodiments, a set of references are identified within a call stack used by a thread of a target process, each reference pointing into the memory space of an executable module loaded by the target process. Each such reference is analyzed to determine whether it points to a ROP gadget, and whether the respective reference was pushed on the stack by a legitimate function call. In some embodiments, a ROP score is indicative of whether the target process is subject to a ROP attack, the score determined according to a count of references to a loaded module, according to a stack footprint of the respective module, and further according to a count of ROP gadgets identified within the respective module.

Abstract: Systems, apparatuses, methods, and computer-readable mediums for preventing return oriented programming (ROP) attacks. A compiler may insert landing pads adjacent to valid return targets in an instruction sequence. When a return instruction is executed, the processor may treat the return as suspicious if the target of the return instruction does not have an adjacent landing pad. Additionally, each landing pad may be encoded with a color, and a colored launch pad may be inserted into the instruction stream next to each return instruction. When a return instruction is executed, the processor may determine if the target of the return has a landing pad with the same color as the launch pad of the return instruction. Return-target pairs with color mismatches may be treated as suspicious and the offending process may be killed.

Abstract: Disclosed herein are methods, systems, and computer-readable media for blocking attempts at runtime redirection and attempts to change memory permissions during runtime. The present disclosure describes features that enable runtime detection of an attempt to redirect routines or change memory permissions, and determining whether to allow or deny the attempt. Such features may include changing memory write permissions on memory segments, such as those segments used by dynamic loaders after call associations have been saved or otherwise created. Other features may include swapping the addresses of system routines (e.g., open, read, write, close, etc.) to new routines that perform the same function as well as additional functionality configured to detect attempts to redirect or change memory permissions. Once detected by the new routine during runtime, a determination may be made to deny or allow the call based on a policy.

Abstract: Described systems and methods allow protecting a computer system from malicious software. In some embodiments, a security application divides a set of monitored executable entities (e.g., processes) into a plurality of groups, wherein all members of a group are related by filiation or code injection. The security application may further associate a set of scores with each entity group. Such group scores may be incremented when a member of the respective group performs certain actions. Thus, even though actions performed by individual members may not be malware-indicative per se, the group score may capture collective malicious behavior and trigger malware detection. In some embodiments, group membership rules vary according to whether an entity is part of a selected subset of entities including certain OS processes, browsers and file managers. When an entity is determined to be malicious, anti-malware measures may be taken against a whole group of related entities.

Abstract: A control flow enforcement solution for ensuring that a program or portion thereof behaves as expected during execution upon a processor. A reference control flow is pre-determined for the program using, for example, a control flow graph (CFG). The CFG is then analysed to provide a set of rules which describe how the program should behave under normal execution. As the program executes it is monitored and the rules are evaluated to enable detection of any unexpected control flow. An embodiment of this disclosure is configured to respond upon detection that a rule has been violated. The response can take the form of any appropriate intervention such as a processor interrupt, memory fault, processor reset or generation of an alert. In this way, an embodiment of this disclosure may provide a particularly effective mechanism for detecting and defending against malicious activities such as return oriented programming attacks.

Abstract: A data processing system supports remeasurement of a virtual machine monitor (VMM). In one example process, the VMM may obtain a secret value from a trusted platform module (TPM) of the processing system. The VMM may provide the secret value from the VMM to a measurement agent executing in system management mode (SMM) of the processing system. The measurement agent may be a system management interrupt (SMI) transfer monitor (STM) that can create virtual machines to execute in SMM, for example. However, the VMM may verify the measurement agent before providing the secret value to the measurement agent. The measurement agent may generate a remeasurement value for the VMM, use the secret value that was obtained from the TPM to certify the remeasurement value, and communicate the remeasurement value to a requesting program, via the VMM. Other embodiments are described and claimed.

Abstract: A portable desktop device and method for host computer system hardware recognition and configuration are provided. The portable desktop device causes on a first boot, the host computer system to recognize hardware devices connected thereto, and to configure hardware configuration files of the portable desktop O/S in accordance with the recognized hardware. Once the hardware configuration files have been configured, the system is rebooted. On the second boot, the host computer determines that the portable desktop has been configured for its hardware, and initiates start-up of the portable desktop.

Abstract: A system, method, and computer program product are provided for controlling loading of an operating system, including mounting an image of an operating system in a pre-boot environment of a programmable device, identifying an untrusted component of the operating system registered to be automatically loaded or loaded during a boot-up stage of the operating system that is predetermined to be early, and substituting a trusted component for the untrusted component.

Abstract: The field of the invention relates to systems and methods for advanced dynamic analysis scanning for vulnerabilities using a universal translator. In an embodiment, the system includes a dynamic analysis scanner subsystem communicatively coupled to a networked computing system; the scanner subsystem is configured to crawl one or more dynamic web pages of the networked computing system, generate test data for the networked computing system, transmit the generated test data to the networked computing system, and record the networked computing system's response to the generated test data. The scanner may further comprise a universal translator configured to detect vulnerabilities and generate test data for the dynamic web pages of the networked computing system. The scanner subsystem may further comprise a smart scheduler.

Abstract: A system for detecting security vulnerabilities in web applications, the system including, a black-box tester configured to provide a payload to a web application during a first interaction with the web application at a computer server, where the payload includes a payload instruction and an identifier, and an execution engine configured to detect the identifier within the payload received during an interaction with the web application subsequent to the first interaction, and determine, responsive to detecting the identifier within the payload, whether the payload instruction underwent a security check prior to execution of the payload instruction.

Abstract: Technologies for authenticity assurance for I/O data include a computing device with a cryptographic engine and one or more I/O controllers. A metadata producer of the computing device performs an authenticated encryption operation on I/O data to generate encrypted I/O data and an authentication tag. The metadata producer stores the encrypted I/O data in a DMA buffer and the authentication tag in an authentication tag queue. A metadata consumer decrypts the encrypted I/O data from the DMA buffer and determines whether the encrypted I/0 data is authentic using the authentication tag from the authentication tag queue. For input, the metadata producer may be embodied as the cryptographic engine and the metadata consumer may be embodied as a trusted software component. For output, the metadata producer may be embodied as the trusted software component and the metadata consumer may be embodied as the cryptographic engine. Other embodiments are described and claimed.

Abstract: Technologies for trusted I/O (TIO) include a computing device with a cryptographic engine and one or more I/O controllers. The computing device executes a TIO core service that has a cryptographic engine programming privileged granted by an operating system. The TIO core service receives a request from an application to protect a DMA channel. The TIO core service requests the operating system to protect the DMA channel, and the operating system verifies the cryptographic engine programming privilege of the TIO core service in response. The operating system programs the cryptographic engine to protect the DMA channel in response to verifying the cryptographic engine programming privilege of the TIO core service. If a privileged delegate determines that a user has confirmed termination of protection of the DMA channel, the TIO core service may unprotect the DMA channel. Other embodiments are described and claimed.

Abstract: Technologies for trusted I/O attestation and verification include a computing device with a cryptographic engine and one or more I/O controllers. The computing device collects hardware attestation information associated with statically attached hardware I/O components that are associated with a trusted I/O usage protected by the cryptographic engine. The computing device verifies the hardware attestation information and securely enumerates one or more dynamically attached hardware components in response to verification. The computing device collects software attestation information for trusted software components loaded during secure enumeration. The computing device verifies the software attestation information. The computing device may collect firmware attestation information for firmware loaded in the I/O controllers and verify the firmware attestation information.

Abstract: A system and method for executing privileged code in a process are described. The method includes establishing, by an authorized library, a privileged function. The privileged function has a first privilege level used by a processor that is executing the privileged function, while preserving a different privilege level for a process invoking the privileged function. The method includes communicating, to a computer process, access information of the privileged function, to allow the computer process to invoke the privileged function. The method includes executing the privileged function for the computer process. Executing the privileged function includes setting a processor that is being used by the computer process to use the first privilege level associated with the privileged function, executing the privileged function with that processor at the first privilege level, then restoring that processor to a previous privilege level, and returning control of that processor to the computer process.

Abstract: A computer-implemented method included: receiving, by an access manager, a query from a source; communicating the query from the access manager to a translator; translating the query into a next generation access control (NGAC) input; communicating the NGAC input to an NGAC engine, the NGAC engine including access control data; receiving the NGAC input; determining an authorization response; communicating the authorization response to the translator; translating the authorization response into a response statement; communicating the response statement to the access manager; communicating, if the response statement comprises a permitted statement: a permitted query to a database from the access manager, the permitted query comprising a data operation; and performing the data operation on data in the database; and blocking access by the source to data in the database if the response statement comprises a deny statement.

Abstract: A processor implementing techniques for supporting configurable security levels for memory address ranges is disclosed. In one embodiment, the processor includes a processing core a memory controller, operatively coupled to the processing core, to access data in an off-chip memory and a memory encryption engine (MEE) operatively coupled to the memory controller. The MEE is to responsive to detecting a memory access operation with respect to a memory location identified by a memory address within a memory address range associated with the off-chip memory, identify a security level indicator associated with the memory location based on a value stored on a security range register. The MEE is further to access at least a portion of a data item associated with the memory address range of the off-chip memory in view of the security level indicator.

Abstract: A device includes a thermal infrared sensor and a processor, operatively coupled to the thermal IR sensor. The processor is configured to determine that the device has been successfully unlocked by a user using a security procedure, obtain a thermal signature for the user using thermal sensor data from the thermal infrared sensor, monitor proximity of the user to the device using the thermal signature and maintain the device unlocked if the thermal signature is detectable and is within the detection proximity of the thermal infrared sensor.

Abstract: Embodiments of the present invention disclose a method, computer program product, and system for data obfuscation and right-protection. An initial matrix Xi, represents the initial data set of the application and final matrix Xf is obtained from Xi. The final matrix Xf is obtained by performing one of the following operations Xf=(P(Xi)+E)F; Xf=P(Xi)F+E; and Xf=P(XiF)+E. Where P(.) is a projection operator that projects an input initial matrix in a space having a lower dimension than the input matrix, E represents a noise matrix, and F represents a matrix as a perturbation series. The matrix F is represented as a perturbation series, whose leading term is the identity matrix I, one or more higher-order terms of the perturbation series embedding a secret, multiplicative noise, so as for a matrix multiplied by the matrix F is right-protected.

Abstract: A system and method for electronic signature validation is provided. Embodiments may include analyzing at least one government identification document, wherein analyzing includes authenticating the at least one government identification document. Embodiments may further include extracting personally identifiable information pertaining to a user from the at least one government identification document and displaying a digital copy of a document to be signed to the user. Embodiments may also include capturing an electronic signature of the document by the user and receiving personally identifiable information, wherein the personally identifiable information pertains to the user and enables the user to be uniquely identified. Embodiments may further transmitting a document signing transaction session.

Abstract: Disclosed are systems, apparatus, methods, and computer readable media for creating and sharing social files in a feed system. In one embodiment, a request is received to perform an action related to a social file. The social file may provide access to a first document file within a social networking system. The first document file may be capable of being displayed on a display device. A determination may be made as to whether the requested action complies with a permission configuration record associated with the social file. The permission configuration record may identify one or more user accounts permitted to access the social file.

Abstract: Systems and methods for secure data exchange and data tampering prevention. A secure data system receives electronic data files from data entities and stores the files in a first storage. Each file includes data values collected by a respective data entity over a predefined time period. A benchmark system determines plural randomized snapshot times corresponding to the predefined time period. A data mapping is created between the first storage and plural second storage, based on the snapshot times and the number of files. Data values samples in each file are selectively transferred from the first storage to the plural second storage according to the data mapping. Each second storage stores samples synthesized from among the data entities associated with a single respective snapshot time. A benchmark data value is determined based on the synthetized samples stored in the plural second storage associated with the snapshot times.

Abstract: A method for sharing verified identity documents is disclosed. The method is performed at one or more electronic devices. The client device obtains identity information of a user and a document. The client device extracts identity information from the document. The client device determines that the identity information of the user and the extracted identity information substantially match, and generates at least one verification rating for the document. The client device sends the document, the data extracted from the document, and the at least one verification rating to a server system remote from the client device. This information is then provided by the server system to another party upon approval by the user to share the information with that party.

Abstract: A method of destroying file contents of a file includes storing the file in a predefined file format; integrating an algorithm that destroys file contents and has predefined trigger criteria into the file; checking the predefined trigger criteria when the file is opened; destroying file contents if at least one predefined trigger criterion is satisfied; and modifying the integrated algorithm if the predefined trigger criteria are not satisfied, wherein a first part of the algorithm is integrated into a first part of the file called by an executing program or an executing operating system when the file is opened, and modifying of the integrated algorithm includes modifying the storage structure of the algorithm so that it occurs in changed form after the opening of the file and cannot be recognized as before.

Abstract: Systems, methods, and apparatus of tracking user information dissemination are disclosed herein. In one or more embodiments, the disclosed method involves matching, by a processor(s), a first service provider(s) to an address(es) (e.g., an email address and/or a postal address) related to a user(s) and/or personal identifiable information (PII) related to the user(s). The method further involves aggregating, by a processor(s), the number of times a second service provider(s) utilizes the address(es) to mail the user(s) and/or sends at least a portion of the PII to the user(s) and/or to another user(s). Further, the method involves generating, by the processor(s), a ranking of trustworthiness for the first service provider(s) based on the number of times all of the second service provider(s) utilizes the address(es) to mail the user(s) and/or sends at least a portion of the PII to the user(s) and/or to another user(s).

Abstract: Systems and methods are described for mediating user access to patient records and genomic data. At least one database is configured to store the genomic data. A server is in communication with the database. The server comprises storage, an authorization module and a function module. The storage stores at least one function defining a portion of the genomic data to be retrieved from the at least one database and the generation of a result set therefrom. The authorization module is configured to maintain function permissions for each of the at least one function. The function permissions define conditions under which the function can be invoked against a subset of the genomic data, restrictions on the portion of the genomic data defined by the function, and restrictions on the generation of the result set.

Abstract: A method for detecting instances of exfiltration by an application. The method includes performing a first set of runs on a first computation device, and performing a second set of runs on a second computation device. Each set of runs involves running the application a plurality of times; and for each run, capturing packets transmitted by the computation device. In some embodiments the packets within the first set of runs are compared to identify differences caused by environmental noise, such as run-to-run changes in the information sent to the first device by remote servers. Comparisons between (i) runs performed on the first device and (ii) runs performed on the second device, with differences caused by environmental noise removed, may then be used to assess whether the application exfiltrates personal information, such as a phone number, that has different values on the first device and on the second device.

Abstract: Technologies for secure programming of a cryptographic engine include a computing device with a cryptographic engine and one or more I/O controllers. The computing device establishes, an invoking secure enclave using secure enclave support of a processor. The invoking enclave configures channel programming information, including a channel key, and invokes a processor instruction with the channel programming information as a parameter. The processor generates wrapped programming information including an encrypted channel key and a message authentication code. The encrypted channel key is protected with a key known only to the processor. The invoking enclave provides the wrapped programming information to untrusted software, which invokes a processor instruction with the wrapped programming information as a parameter. The processor unwraps and verifies the wrapped programming information and then programs the cryptographic engine.

Abstract: An electronics device comprising one or more modules that implement a security-related operation in an obfuscated manner to thereby provide the security-related operation with resistance against a hardware attack, wherein the electronics device is either (a) a printed electronics device or (b) a device created using e-beam lithography.

Abstract: The invention relates to a device (1) for transmitting data between at least one data-generating unit (2a-2f) and a remote communication unit (5a-5c). The device (1) has at least one interface (6a-6d) for an internet-based communication protocol to communicate securely with the remote communication unit (5a-5c) via a non-proprietary, preferably publicly accessible network (7), and at least one interface (8a-8i) for a communication protocol that is close to the hardware to communicate with the data-generating unit (2a-2f). The device also has a security controller (9) which is able to control communications via the internet-based interface(s) (6a-6d) and via the interfaces (8a-8i) that are close to the hardware, whereby a secure memory (10) with defined memory areas (A, B, C, D) is allocated to the security controller (9). At least one certificate (a, b, c) is assigned to at least one memory area (A, B, C, D).

Abstract: An electronic device of an aspect of the present disclosure includes an underwater detection unit and at least one processor. The underwater detection unit is configured to detect whether or not the electronic device is underwater. The at least one processor is configured to determine whether or not the electronic device has been lost when the underwater detection unit detects that the electronic device is underwater. The at least one processor is configured to determine that the electronic device has been lost when a predetermined condition is satisfied.

Abstract: Methods, computer program products and systems for providing video tracking. The method includes receiving a first signal from a radio frequency identification (RFID) tag. A location of the RFID tag is determined in response to the first signal. An image that includes the location of the RFID tag is recorded. The location of the RFID tag is marked on the image, resulting in a marked image.

Abstract: Internet of Things beauty and personal care application system which may include products, a mirror, digital camera, reader identifying product, communication transceivers, sensors, servers and databases. These link images and data via a mobile application, allowing a plurality of applications via a single interface. Users can enhance makeup application by using professional guidance based on users applied makeup, the environment, products selected, other products available, or presented to users from a product database. Further, the system may provide virtually enhanced images via its mobile application, based on users' skin tone, time of day, lighting, weather, activity, etc., enabling an enhanced user experience, and facilitating user engagement. The result is a beauty and personal care application system providing direct digital identification, 2-way linkage that collects data, applying machine learning algorithms via the network system.

Abstract: A piece of jewellery, wherein the jewellery comprises at least one tag or chip programmed with at least a unique identification code, and a tag reader is configured to read the tag or chip when the tag reader and the piece of jewellery touch, or come into close contact and, display a message or content associated with the unique identification code.

Abstract: A system and method for identifying persons near a mobile device includes a wireless signaling system including an incoming wireless signal receiver, a device motion sensing system including at least a first sensor and a controller configured to determine whether the device is being moved in accordance with a predetermined gesture and to responsively enter a personnel data collection mode. In the personnel data collection mode, the device may transmit a query and receives an identification signal from at least one other device and identifies a user of the device based on the received identification signal. The predetermined gesture is a spinning gesture in an embodiment. In an embodiment, a thermal sensor is used to identify or enumerate personnel. The identification signal may be one of a Bluetooth ID and a WiFi ID.

Abstract: There is set forth herein an indicia reading apparatus comprising two or more light sensing assemblies. In one embodiment, the indicia reading apparatus can comprise a linear light sensing assembly and an area light sensing assembly, and can be operative to determine the range between the apparatus and the indicia. In one embodiment, the indicia reading apparatus can be operative to apply a range-assisted gain to the data output by one or more of the linear light sensing assembly and the area light sensing assembly to increase the likelihood of indicia reading and improve expected indicia read time.

Abstract: The device includes an illumination; a camera configured to acquire at least one image of at least one portion of a symbol, the running substrate being illuminated by the illumination; and a processor connected to the camera and configured to be suitable for implementing an image-processing step in which the acquired image is processed by the processor and decoded. The camera used is linear and the illumination is a dark field illumination. Furthermore, the device is configured to carry out, prior to the processor processing step, a plurality of image acquisitions with the linear camera of various portions of the symbol.

Abstract: A method for deconvolution of digital images includes obtaining a degraded image from a digital sensor, a processor accepting output from the digital sensor and recognizing a distorted element within the image. The distorted element is compared with a true shape of the element to produce a degrading function. The degrading function is deconvolved from at least a portion of the image to improve image quality of the image. A method of indirectly decoding a barcode includes obtaining an image of a barcode using an optical sensor in a mobile computing device, the image comprising barcode marks and a textual character. The textual character is optically recognized and an image degrading characteristic is identified from the textual character. Compensating for the image degrading characteristic renders previously undecodable barcode marks decodable. A system for deconvolution of digital images is also included.

Abstract: Various algorithms are presented that enable an image of a data matrix to be analyzed and decoded for use in obtaining information about an object or item associated with the data matrix. The algorithms can account for variations in position and/or alignment of the data matrix. In one approach, the image is analyzed to determine a connected region of pixels. The connected region of pixels can be analyzed to determine a pair of pixels, included in the connected region of pixels, that is separated a greatest distance wherein a first pixel and second pixel of the pair of pixels is associated with image coordinates. Using the image coordinates of the pair of pixels, a potential area of the image that includes the visual code can be determined and the potential area can be analyzed to verify the presence of a potential data matrix.

Abstract: A communication apparatus operating as an access point of a wireless network displays an image, received a communication parameter from other communication apparatus that read the image, and creates a wireless network using the received communication parameter. Thereafter, the communication apparatus displays an image in response to a user instruction and communicates with other communication apparatuses that have read the image through the wireless network.

Abstract: An electronic device having a fingerprint verification function is provided. The electronic device includes a display; a touch recognition sensor pattern for recognizing a touch input on the display; a fingerprint recognition sensor pattern for recognizing a fingerprint input on the display; and a processor functionally connected to the display, the touch recognition sensor pattern and the fingerprint recognition sensor pattern. The processor determines whether a fingerprint recognition mode is executed, and selectively activates the touch recognition sensor pattern and the fingerprint recognition sensor pattern according to whether the determined fingerprint recognition mode is executed.

Abstract: A capacitive fingerprint sensing apparatus including sensing electrodes, a scanning driver, a sensing driver and a processing module is disclosed. In a self-capacitive sensing mode, the scanning driver drives a pair of adjacent scanning lines among the scanning lines and the sensing driver performs self-capacitive sensing through at least one sensing line among the sensing lines to obtain a first fingerprint sensing signal. In a mutual-capacitive sensing mode, the scanning driver drives the pair of adjacent scanning lines and the sensing driver performs mutual-capacitive sensing through at least two adjacent sensing lines among the sensing lines to obtain a second fingerprint sensing signal. The processing module generates a first fingerprint pattern and a second fingerprint pattern according to the first fingerprint sensing signal and the second fingerprint sensing signal and combines the first fingerprint pattern and the second fingerprint pattern into a combined fingerprint pattern.

Abstract: A light guiding structure for fingerprint recognizing sheet is adapted between a circuit board and a protecting sheet for encompassing an image capture device. The light guiding structure includes a frame, side-emitting LEDs, and a light guiding sheet. The middle portion of the frame is defined as a hollowed portion. Conductive pairs are located on the frame and extended out of the frame to form a first contact and a second contact. The side-emitting LEDs are assembled to the frame and electrically connected to the conductive pairs. The light guiding sheet covers on the hollowed portion. The side-emitting LEDs are assembled around the periphery of the light guiding sheet. The light guiding structure can be directly assembled on the circuit board and encompass the image capture device, and therefore an electronic device can be provided with a fingerprint recognizing sheet having the light guiding structure.

Abstract: A frame utilized in a fingerprint recognition plate, a manufacturing method thereof, and a light guide mechanism with the frame including the frame with a hollow portion, light emitting diodes, and a light guide plate. The manufacturing method includes: forming a frame containing mixed materials having plastic materials and metallic materials in a manner of injection molding, forming patterns on the frame in a manner of laser engraving, and forming electric conductive portions in the patterns of the frame in a manner of electroplating or electroless plating. The frame is formed with electric conductive circuit. The light emitting diodes are mounted on the electric conductive portions of the frame by surface mount technology (SMT) process. Light rays emitted by the light emitting diodes can be transmitted in the light guide plate. When the frame is formed via the laser engraving process combining with electroplating process, the frame can be minimized.

Abstract: A biometric identification apparatus includes a control module, a fingerprint identification module including a fingerprint scan controller and a fingerprint receiver, a pulsatile blood flow detection module including one or multiple light sources and a photo detector, and a holder body defining a fingerprint identification zone and a pulsatile blood flow identification zone. In application, the user simply needs to press the fingertip of one single finger on the fingerprint identification zone and pulsatile blood flow identification zone of the holder body so that the biometric identification apparatus can detect user's fingerprint and pulsatile blood flow signals, fetch and convert characteristic data of detected signals, and then match fetched fingerprint and pulsatile blood flow characteristic data with respective reference data for security access control. The application of this dual-biometric identification technology greatly increases the cracking difficulty, achieving better anti-theft function.

Abstract: Disclosed is a fingerprint sensor integrated type touch screen device that includes a touch screen having at least one fingerprint & touch area and a plurality of touch areas, each touch area including Tx electrode lines of a first group crossing Rx electrode lines of the first group, and touch sensors at crossings of the Tx electrode lines of the first group and the Rx electrode lines of the first group; and a touch integrated circuit (IC) that supplies a sensor driving signal of a same phase to the Tx electrode lines of the first group, groups first effective Rx channels of the Rx electrode lines of the first group as a bundle, and simultaneously senses the first effective Rx channels through a first touch sensing part, wherein first ineffective Rx channels of the Rx electrode lines of the first group are electrically disconnected from the first touch sensing part.

Abstract: The application of light field imaging in the capture of biometric images enables image processing to use continuous focus adjustment of a single image to construct an image of a biometric feature that is in focus across an expanded depth of field. Because a single image is the source of all information, the final image is formed without requiring combination of multiple images that may have physically moved between capture of the images. Light field imaging can be accomplished through multiple methods including plenoptic cameras or focus stacking cameras. The use of near infrared wavelengths in images captured using light fields optimizes the deployment of biometric systems by eliminating intense visible light currently implemented to capture some biometrics. The use of near infrared wavelengths for light field imaging enhances iris capture as the iris display more useful characterization under near infrared illumination.

Abstract: An imaging apparatus includes image capturing circuitry configured to capture an image including a reference pupil showing an entire shape of a pupil of an eye of a user and an image including a partial pupil showing a portion of the pupil, and a controller configured to determine a difference value between a first center that is determined based on the entire shape of the reference pupil and a second center that is determined based on a partial shape of the reference pupil, to determine an error correction value for correcting an error related to a center of the partial pupil based on the difference value, and to determine the center of the partial pupil by using the error correction value.

Abstract: A novel system, device and method of validation is provided for sensing a biometric such as a fingerprint, where biometric data corresponding to the biometric entity such as a fingerprint is then transmitted to a host configured to perform a plurality of authentication processes to authenticate the biometric data. At least one of the plurality of authentication steps is then validated. Alternatively, a portion of the biometric data may be retained, where biometric data corresponding to the biometric is then transmitted to a host configured to perform a plurality of authentication steps to authenticate the biometric data. At least one of the plurality of authentication steps is then validated.