Abstract: An application creating apparatus generates first authentication information using an authentication element is provided. The apparatus includes an application module when the application module is created, inserts the first authentication information into the application module, and distributes the application module. A user digital device that executes the application module checks the authentication element and the first authentication information included in the application module, generates second authentication information for the authentication element, and determines whether to execute the application module based on a result of comparison between the first authentication information and the second authentication information.

Abstract: Methods, devices, and systems are provided for retrofitting an existing access control system with one or more supplemental access devices that add access control capabilities to the existing system. A supplemental access device can be configured as a retrofit keypad. The retrofit keypad adds the ability for a user to provide additional credential and/or security information to an access control system via one or more interface keys on the retrofit keypad. The retrofit keypad may be a portable device such as an RFID device, wireless communication device, near field communication (NFC) device, etc., and/or combinations thereof.

Abstract: A method of operating an appliance includes enabling an operation restriction. The operation restriction limits activation of the appliance and requires an authorization prior to activating the appliance. The method also includes receiving a request to activate the appliance. The method further includes receiving an override key via a user interface physically connected to the appliance. The method further includes disabling the operation restriction after the override key is received, and activating the appliance after the override key is received.

Abstract: Provided is a method for access control, performed by an access control apparatus, including obtaining access authorization information that is communicated to the access control apparatus having at least one access authorization parameter and first check information; using at least the communicated access authorization parameters, the communicated first check information and a second key from a key pair, which second key is stored in the access control apparatus, to perform a first check on whether the communicated first check information has been produced by performing cryptographic operations by means of access authorization parameters corresponding to the communicated access authorization parameters using at least one first key from the key pair, and deciding whether access can be granted, based on the first check delivers a positive result and it is established that at least one predefined set of the communicated access authorization parameters respectively provides access authorization.

Abstract: An image processing method for iris recognition of a predetermined subject, comprises acquiring through an image sensor, a probe image illuminated by an infra-red (IR) illumination source, wherein the probe image comprises one or more eye regions and is overexposed until skin portions of the image are saturated. One or more iris regions are identified within the one or more eye regions of said probe image; and the identified iris regions are analysed to detect whether they belong to the predetermined subject.

Abstract: Electronic locking devices, systems, and methods may employ an accelerometer to detect an acceleration associated with displacement of a portion of an electronic locking device, for example, displacement of a housing that includes a display of the electronic locking device. Responsive to such an acceleration being detected, a message is transmitted to a device remote from the locking device. The message may include a photograph and or audio signal. Concurrently with the transmission of the message, a greeting may be played and/or displayed.

Abstract: In one embodiment, a storage and privacy system stores and manages information associated with users and ensures and enforces access-control rules specified for the stored information.

Abstract: Features are disclosed relating to a network-based consent management system that securely manages various aspects of consenting and agreeing to engage in physical relationships, including sexual relationships. For example, the system can manage processes such as requesting and obtaining consent, agreeing to provide consent, declining to provide consent, preemptively providing or declining consent without a consent request, verifying identities of individual users, verifying users' capacity to consent, and the like. In addition, the system can securely maintain a record of consent agreements and refusals. Thus, users of the system can initiate or otherwise participate in certain physical interactions with other users, secure in the knowledge that the participants have provided unambiguous informed consent and that a record of such consent has been created and securely stored by a third party.

Abstract: A new image-based representation and an associated reference image is disclosed called the emotion avatar image (EAI), and the avatar reference, respectively, which leverages the out-of-plane head rotation. The method is not only robust to outliers but also provides a method to aggregate dynamic information from expressions with various lengths. The approach to facial expression analysis can consist of the following steps: 1) face detection; 2) face registration of video frames with the avatar reference to form the EAI representation; 3) computation of features from EAI using both local binary patterns and local phase quantization; and 4) the classification of the feature as one of the emotion type by using a linear support vector machine classifier.

Abstract: A mobile communications system is described in which the network configures a mobile relay node that is mounted in a moving vehicle (such as a train) with expected tracking area information for the route along which the vehicle is expected to travel. UEs associated with the mobile relay node are provided with the list and do not perform tracking area updates if the movement of the vehicle corresponds to the stored list. Where advance knowledge of the route is not available, the mobile relay node is configured with a fixed tracking area and a fixed radio cell so that associated UEs do not detect a change in the tracking area or in the radio cell and so do not perform tracking area updates towards the network or the network does not need to control the UEs mobility while having a radio connection with the network.

Abstract: Systems and methods are presented for managing physical access to an access-controlled area using a local access control system. In certain embodiments, information that may be used in access control determinations managed by a remote domain controller may be communicated to a local access control system for use in connection with local access control determinations performed by the access control system independent of the domain controller. In some embodiments, such a configuration may allow for access control determinations to be performed when communication with the domain controller is interrupted and/or otherwise limited.

Abstract: Systems, methods and apparatus are disclosed for remote management of payment terminals. Public keys, or other security elements can be received from a certification authority and distributed to the payment terminals. A merchant, or other entity affiliated with the payment terminals, can monitor the status of the software and security elements of the payment terminals.

Abstract: An apparatus for controlling the power delivered from an AC power source to an electrical load may include a controllably conductive device. The apparatus may also include a first wireless communication circuit that may be operable to communicate on a first wireless communication network via a first protocol and the first communication circuit may be in communication with the controller. The apparatus may also include a second communication circuit that may be operable to communicate on a second communication network via a second protocol. The controller may be further operable to control the first wireless communication circuit to communicate configuration data with the first wireless communication network via the first protocol. The controller may also be operable to control the second wireless communication circuit to communicate operational data with the second communication network via the second protocol.

Abstract: A device for transmitting in multiple coupling modes has a transmission module (11), at least one periphery module (18), and an antenna (16, 17) for each of the multiple coupling modes. Further, in a method of switching between multiple coupling modes, switching is conducted between at least polling and listening phases of first and second coupling modes. The device and the method enable a seamless switching between e.g. a near field communication and a body coupled communication. Such a coupling or switching is particularly useful for performing secure transactions whereby through body coupled communication a body-worn tag is interrogated which provides a secure code for a transaction initiated through near field communication with a transaction terminal.

Abstract: A portable device having a built-in electronic component has normal mode, in which the electronic component functions, and power saving mode, in which power less than that consumed in the normal mode is consumed. The portable device is provided with: a use state detection unit that detects the in-use state or the non in-use state of the portable device; and a mode control unit that shifts the mode of the portable device to the power saving mode, in the cases where a fixed time has elapsed after the use state detection unit detected that the state of the portable device is shifted to the non in-use state.

Abstract: A device for providing information about a smart key for use in vehicles includes a communicator which receives information about at least one function, performed by the smart key, of controlling a vehicle; and a controller which sets a usage restriction for the at least one function. The communicator may provide information about the at least one function including the usage restriction to an external device.

Abstract: In one embodiment, a method includes sending, to a user device, a token, wherein the token includes a token identifier and a signature based on a key and data regarding a cloud service provider, receiving, from the cloud service provider, a validation request for the user device, wherein the validation request includes the token identifier, and sending, to the cloud service provider in response to the first validation request, a validation response based on the key.

Abstract: A system and method for facilitating wireless transactions using a smart card includes a smart card interface configured to be coupled to the smart card when the smart card is accepted into the opening and configured to provide a data communication link with one or more processers in the smart card; a wireless transceiver configured to engage in wireless data communication with a transaction terminal when the smart card interface is coupled to the smart card; and a power source configured to supply power to the wireless transceiver and the smart card interface.

Abstract: Described are a login information transmission method, a code scanning method and apparatus, and a server. The login information transmission method includes: receiving user account number information and two-dimension code information sent from a client after the client logs in to an application and scans a two-dimension code; verifying the received user account number information and two-dimension code information; sending a confirmation request to the client, so as to request the client to confirm an application to be logged in to if verification passes; and sending login confirmation information to a corresponding application server, so as to instruct the application server to notify the client to log in to the application when confirmation pass information sent from the client is received.

Abstract: An operation management apparatus includes a searching unit and a transmitting unit. According to a request from a register terminal, the searching unit searches for operation instruction information to be printed by the register terminal from a storage storing the operation instruction information showing contents of an operation instruction. The transmitting unit transmits to the register terminal print instruction information so that the register terminal prints the operation instruction information searched by the searching unit and confirmation information to notify that the operation instruction information is confirmed or that the contents of the operation instruction shown in the operation instruction information is finished.

Abstract: A method and system in which facial image representations stored in a database are defined by facial coordinates in a plane common to other images in the database in order to facilitate comparison or likeness of the facial images by comparing the common plane facial coordinates, the common plane being determined by the locations of the eyes and mouth corners; at least one input operatively connected to the at least one processor and configured to input the corners of the eyes and mouth coordinates; the at least one processor configured to convert inputted coordinates for the corners of the eyes and mouth into estimated common plane coordinates by minimizing the error between the inputted corners of the eyes and mouth coordinates and the estimated coordinates corners of the eyes and mouth obtained from the least square estimation model of the common plane coordinates of the corners of eyes and mouth.

Abstract: In some implementations, a system may control an environment in which biometric data is entered when a user enrolls data for a user account or authenticates after having enrolled user data. Enrollment and/or authentication may be required to occur under one or more conditions. In some implementations, data from an electronic device associated with a user may be used to determine whether conditions on enrollment and/or authentication have been satisfied.

Abstract: An access control system provides authentication and notification. A visitor to a facility, for example, authenticates to the access control system. Once an identity of the visitor is confirmed, the access control system sends a notification to a host, such as an employee. The notification informs the host of the arrival of the visitor.

Abstract: A fingerprint recognition method and apparatus are provided for quickly and accurately authenticating a user using a direction of a fingerprint. The fingerprint recognition method includes sensing a fingerprint input from a user; creating fingerprint data including a direction angle of the fingerprint input; and authenticating the user based on the fingerprint data.

Abstract: A system is provided that includes a security system that protects a secured geographic area, a near field or Bluetooth device proximate an entry of the secured geographic area that captures an identifier of a wireless portable device carried by a user as the user enters the secured geographic area, a sensor of the security system that detects a threat within the secured geographic area, and a processor of the security system that transmits an evacuation map to the wireless portable device based upon the captured identifier, wherein the evacuation map depicts safe geographic exits from the secured geographic area on the evacuation map.

Abstract: One-to-many comparisons of callers' voice prints with known voice prints to identify any matches between them. When a customer communicates with a particular entity, such as a customer service center, the system makes a recording of the real-time call including both the customer's and agent's voices. The system segments the recording to extract at least a portion of the customer's voice to create a customer voice print, and it formats the segmented voice print for network transmission to a server. The server compares the customer's voice print with multiple known voice prints to determine any matches, meaning that the customer's voice print and one of the known voice prints are likely from the same person. The identification of any matches can be used for a variety of purposes, such as determining whether to authorize a transaction requested by the customer.

Abstract: An electronic transaction verification system for use with transaction tokens such as checks, credit cards, debit cards, and smart cards that gathers and transmits information about the transaction token and biometric data. Customers can be enrolled in the system by receiving customer information that includes at least a biometric datum, associating the received customer information with a transaction instrument issued to the customers and storing the received customer information and the issued transaction instrument information in a database for future reference.

Abstract: A portable electronic key for use with an electronic locking device comprises a wireless communications module, a processor, and a software application configured to transmit, receive, and respond to electronic messages related to access control information. The electronic messages are formatted according to a request-response protocol. The wireless communications module is configured to use a standardized communication protocol to establish a wireless communications link with a networking device operably associated with a remote administration device located away from the portable electronic key. The software application periodically exchanges, via the wireless communications link, request-response messages related to access control information with a server application of the remote administration device.

Abstract: An automated system and method for authenticating entities or individuals attempting to access a computer application, network, system or device using a wireless device is provided. The system employs one or more short-range wireless interfaces (e.g. BLUETOOTH or Wi-Fi) or long-range wireless interfaces (e.g. cellular or WiMAX)to detect the presence or location of the wireless device and it's proximity to the secure system to be accessed. The wireless device incorporates a unique identifier and secure authentication key information associated with the user of the wireless device. An authentication result is generated and may be used for a variety of applications. The application may process the result and determine the degree of access for which the entity or individual is allowed.

Abstract: Network access control systems and methods are provided herein. A method includes receiving at a network device a SYN packet from a client device over a network, determining if the client device is a trusted source for the network using the SYN packet, if the client device is a trusted resource, receiving an acknowledgement (ACK) packet from the client device that includes identifying information for the client device plus an additional value, and identifying information for the network device, and establishing a connection with the network for the client device.

Abstract: A credential reader update system includes a server operable to provide a credential reader update via a cellular telephone interface, and a plurality of credential readers. Each credential reader communicates with a presented credential at a credential reader frequency, wherein each credential reader has a credential reader interface having a range. A portable update device is movable into and out of the range, and is operable to receive the credential reader update via the cellular telephone interface. A credential reader update application is included in the portable update device, and is operable to uniquely identify the particular credential reader to be updated.

Abstract: Various embodiments of the present invention provide systems and methods for performing updates of credentials used in relation to RFID readers. As an example, some embodiments of the present invention provide methods for updating credentials capable of authorization to an RFID reader. Such methods include providing a cellular telephone that includes a memory, a cellular telephone interface, and an nfc interface. An access is received via the cellular telephone interface, and is stored to the memory.

Abstract: The present disclosure discloses a method and network device for using mobile devices with validated user network identity as physical identity proof. Responsive to successfully authenticating a client device for network access, a system generates a network credential for the client device and transmits the network credential to the client device. Further, the system detects that the client device is within a range of a short range wireless device that is associated with a particular physical action. Consequently, the system validates the network credential that the client device possesses. Based on the network credential, the system determines that the client device has permissions for performing the particular physical action, and causes performance of the particular physical action.

Abstract: A computer may identify an individual according to one or more biometrics based on various physiological aspects of the individual, such as metrics of various features of the face, gait, fingerprint, or voice of the individual. However, biometrics are often computationally intensive to compute, inaccurate, and unable to scale to identify an individual among a large set of known individuals. Therefore, the biometric identification of an individual may be supplemented by identifying one or more devices associated with the individual (e.g., a mobile phone, a vehicle driven by the individual, or an implanted medical device). When an individual is registered for identification, various device identifiers of devices associated with the individual may be stored along with the biometrics of the individual. Individuals may then be identified using both biometrics and detected device identifiers, thereby improving the efficiency, speed, accuracy, and scalability of the identification.

Abstract: The present disclosure relate generally to image signal processing, color science and signal encoding. Digital watermarking can be applied to color image data through use of a luminance contrast sensitivity function and a chrominance contrast sensitive function. Of course, other features, combinations and claims are disclosed as well.

Abstract: The present invention relates to verification of the contents of a data file prior to external recipient communication. Specifically, the invention provides for a data file registration repository that registers information associated with data files. In specific embodiments, data registration occurs automatically be capturing the file header metadata. Prior to communicating the file to an external recipient, the payload of the data file is interrogated to determine actual content and the actual content is compared to the registered information to insure that the data being communicated is the same as what the data file is purported to contain (i.e., matches the registered information). Other verifications, such as date type authorization, recipient authorization and the like may also occur in conjunction with the content verification. If the verification(s) is successful, the data is authorized to be placed in the data channel for communication to the external recipient.

Abstract: The present disclosure relates to a wearable radio device for access control. The radio device has an inside portion and an outside portion. The inside portion includes a first transponder and a second transponder. A first barrier is located between the first transponder and the second transponder. A second barrier is located between the first transponder and the second transponder in an outside portion of the wearable device.

Abstract: A secured party audio and audio/video communication system and method providing administration, management and control that includes a portable secured communication device in possession solely of a secured party positioned in a secured environment, the portable secured communication device being exclusive to the secured party and communicatively connectable only to a secured connection management system, in a secured connection management system hosting a secured communication device interface, hosting a remote communication device interface, storing in the database information related to the secured party, the portable secured communication system, and the external party, at least one of which includes a predetermined connection parameter, creating the selective communication between the portable secured communication device and only the remote communication device response to the stored database information and controlling a duration of the communication as a function of the predetermined connection parame

Abstract: A device to extract a biometric feature vector includes a memory and a circuitry. The circuitry is configured to obtain a biometric image, to generate a plurality of small region images from the biometric image so that variability of biometric information amounts among the plurality of small region images is equal to or less than a predetermined value, to extract biometric local feature amounts from the small region images and to generate a biometric feature vector by combining the biometric local feature amounts in accordance with a predetermined rule, the biometric feature vector indicating a feature for identifying the biometric image.

Abstract: Systems and methods are described herein for expanding the functionality of a print scanner. The scanner may be programmed to invoke a different function if only a portion of a print is detected rather than a full print. In this manner, it would be possible for a user to share a user equipment device such as a smartphone with a friend. The user may wish to share his or her smartphone, and may activate access to the browser that does not include any of the cookies, private passwords, or other login information during a session by using just the tip of the user's finger on a fingerprint scanner, as opposed to the user's full fingerprint. When the user wishes to again have his or her personal information accessible in the browser, the user may activate the browser using the user's full fingerprint.

Abstract: A method for localizing the position of a wireless device (7) in an environment (2) includes a wireless network (1) having at least one access point (3), wherein the method includes the step of receiving, by the wireless device (7), a radio frequency signal (10) which is transmitted by the at least one access point (3) and which comprises basic information for connecting to the at least one access point (3), wherein the radio frequency signal (10) includes geographic information (20) about the geographic position of at least one electronic radio frequency device (5) located in the environment (2) and not connected to the wireless network (1).

Abstract: A method of determining a pair of a target transmission node and a target reception node distributedly and concentratedly using a cooperation header in a multi-hop network performing interference neutralization, is provided. The method of distributedly determining the pair of the transmission node and the reception node includes determining whether any of other reception nodes broadcasts a pair configuration message to configure a pair between a corresponding one of the other reception nodes and the transmission node. The method further includes configuring the pair between the transmission node and the reception node based on the determination.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by a portable credential using data and algorithms stored on the credential. Since access decisions are made by the portable credential non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database thereby reducing the cost of building and maintaining the secure access network.

Abstract: Methods and systems for generating and validating electronic tickets are disclosed. The systems include a server that is configured to host a centralized website through which a computer application may be downloaded into a plurality of user devices. The server is further configured to issue electronic tickets to the user devices that have downloaded the computer application; embed an encrypted visual identifier that is unique to an event in each electronic ticket; generate instructions to be issued to an event administrator that identifies a decrypted form of the visual identifier for each event; and include instructions within each electronic ticket that may be executed by an event administrator to convert the encrypted visual identifier that is shown in the electronic ticket of each user device into the decrypted form of the visual identifier.

Abstract: Wireless wearable authenticators (WWAs) are provided using attachment to confirm user possession of the WWA. A user is authenticated by receiving authentication information from a wireless, wearable authentication (WWA) device of the user. The authentication information indicates whether the user has substantially continuously worn the WWA since a prior session where the user proved his or her identity to a relying device while wearing the WWA. The user is authenticated based on an evaluation of the authentication information. The authentication information comprises, for example, a credential ? and a current session label J. A value of the current session label J can provide the indication of whether the user has substantially continuously worn the WWA since a prior session where the user proved his or her identity to a relying device while wearing the WWA.

Abstract: A Central-Entity centralizes users' personal and financial information in a secure environment in order to prevent the distribution of user's information in e-commerce. This information is then used to create digital identity for the users. The digital identity of each user is dynamic, non-predictable and time dependent, because it is a combination of a user name and a dynamic, non-predictable and time dependent secure code that will be provided to the user for his identification. The user provides his digital identity to an External-Entity such as merchant or service provider. The External-Entity is dependent on Central-Entity to identify the user based on the digital identity given by the user. The External-Entity forwards the user's digital identity to the Central-Entity for identification and authentication of the user and the transaction.

Abstract: A first request for a transfer of data is transmitted in response to the use of a user device; it is determined that the first request for the transfer of data has been declined; an event is detected that indicates that the transfer of data in response to the use of the user device can be accepted; and a second request for the transfer of data is transmitted in dependence on detecting that the event has occurred.

Abstract: Embodiments of the invention relate to providing a health care provider access to an electronic record of a patient may be provided. A determination is made as to whether the health care provider is logged onto a computer system in a physical area assigned to the patient. Whether the health care provider is logged onto the computer system during working hours of the provider is also ascertained. The health care provider is provided with access to the electronic record of the patient via the computer system if the determining resolves to true and the ascertaining resolves to true.

Abstract: In one embodiment, a system receives a request for user privilege information associated with an object of a first database. The system determines a class of a second database that corresponds to the object and accesses user privilege records that the second database associates with the class. The system determines a subset of the user privilege records that correspond to a selected user. Each of the subset of user privilege records comprise a privilege and a user privilege value indicating whether the selected user is authorized for that privilege. The subset of user privilege records are consolidated into a privilege matrix comprising a first axis listing the selected user, a second axis listing the privileges, and for each intersection of selected user and privilege, a corresponding user privilege value determined from the subset of user privilege records. The system communicates the privilege matrix in response to the request.

Abstract: Concepts and technologies are disclosed herein for spoofing bone conduction signals. According to one aspect, a device can compare a first unique body signature associated with a first user to a second unique body signature associated with a second user to determine a first unique effect of a first body of the first user on a signal and a second unique effect of a second body of the second user on the signal. The device can generate an authentication signal based upon the first unique effect and the second unique effect to include signal characteristics that, after propagating through the first body of the first user, are representative of the second unique body signature. The device can transmit the authentication signal through the first body of the first user to an authentication device that authenticates the first user on behalf of the second user.