Abstract: Method, systems, devices, and techniques for access control provisioning are described. A monitoring system configured to monitor a property includes an access control device that is configured to receive an access control request and provide access to a portion of the property in response to the request. The system also includes a control unit or board that is configured to transmit, through a particular relay out of multiple relays, the access control request. The control unit further receives data indicating that the access control device received the access control request and determines that the particular relay corresponds to the access control device.

Abstract: Embodiments relate to the processing of information associated with a user of a portable electronic key to limit use of the key by unauthorized persons. The portable electronic key includes an input device configured to receive user input information from a holder of the key. A user verification procedure is performed based on the user input information. The user input information can include biometric information associated with the holder of the key. The user verification procedure includes a determination that the user input information corresponds to authorized user information stored in a memory of the key. Based in part on execution of the user verification procedure, the portable electronic key can be configured to initiate an unlocking event at an entry point.

Abstract: Disclosed is a method, a computer program application, and a system for initiating communication, the system including at least one radio transceiver configured for short range communication, a proximity component and a computer program application provided in an external device, the radio transceiver being configured to communicate with the computer program application, and the proximity component being configured to be identified by the external device, wherein the external device upon identifying the proximity component is configured to initiate communication with the radio transceiver enabling exchange of data verifying one or more electronic objects associated with the user or the computer program application or the external device.

Abstract: A processor-implemented access control method includes receiving credential and policy directory information to configure an access controller to allow self-provisioning of the access controller through periodic, automated query of the directory by the access controller; acquiring from the directory, credential and policy information for one or more individuals who may require access; storing in a local cache the acquired credential and policy information; receiving an access request to allow an individual access; comparing the access request to the credential and policy information in the cache; and when the comparison indicates a match, granting the individual access.

Abstract: This invention is related to structures of contactless smart cards. The essence of this invention is in that it represents a device containing a microchip installed on a substrate, and an antenna, the leads of which are connected to the leads of the microchip, and a capacitor, connected in parallel to the frame antenna and forming together with the latter the antenna of the contactless smart card in the form of a resonance circuit, while the substrate represents a ring, the outer surface of which carries electrically conductive loops, which form the frame antenna and are coated with open-circuit screening foil, which is coated with a protecting coating that forms a hermetically sealed body. The device achieves the required technological result, related to improved service reliability.

Abstract: An RFID system includes an RFID tag, an RFID reader, and a server. The RFID tag communicates to the server via encrypted information. The information may be encrypted with synchronized encryption keys. In this manner, the reader need not decrypt the information from the RFID tag. The effectiveness of malicious readers is thereby reduced, resulting in improved RFID tag security.

Abstract: Provided is a computer-implemented method for product management The method can include obtaining user Identification information from a user, wherein the identification code is associated with a financial account, of the user; validating, by a processor, that the identification information is authentic based on registration information that was previously received; providing first access signal to a locking mechanism of a locking enclosure to unlock the locking mechanism based on the validating, wherein the locking enclosure securely stores a purchasable product; obtaining product identification information from a scan of a bar code associated with the product providing the product information that was obtained to be rendered on a display; receiving an indication from the user that the product information is correct; and providing a second access signal to the locking mechanism to lock the locking mechanism based on the indication that was received.

Abstract: According to an example, with respect to hash based device configuration management, a device configuration status and a device configuration hash value associated with a configuration file for a device may be ascertained. Based on a determination that the device configuration hash value matches an application configuration hash value, an application configuration status for the device may be modified to correspond to the device configuration status. If there is no match, a determination may be made as to whether the device has permission to locally modify the configuration for the device, and if not, a configuration file may be sent to the device to modify the configuration for the device. If the device has permission, the configuration file that is associated with the device configuration hash value may be requested, and a configuration record associated with the device may be updated based on the requested configuration file.

Abstract: Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of data are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request, and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data center may be out of the scope of compliance monitoring, auditing, and reporting for one or more data security standards.

Abstract: A network translation computing device for processing consolidated messages is disclosed. The network translation computing device receives a web-based authentication response including a plurality of data elements in a web-based format. The network translation computing device translates the plurality of data elements from the web-based format to a network-based format. The network translation computing device generates a network-format authorization request message including the plurality of data elements in the network-based format. The network translation computing device transmits the network-format authorization request message to an issuer of the transaction card to initiate an authorization process of the transaction.

Abstract: The invention includes various embodiments of apparatus and methods for human-machine visualization interfaces and processes for providing actionable information on elements of networks, networks, and systems of networks ability to support one or more organizational elements, missions associated with the one or more organizational elements, and capabilities of the organizational elements.

Abstract: A method of monitoring biometric data for an individual includes detecting that the individual has moved within a predetermined range of a fixed display device. The method further includes wirelessly receiving a sensed biometric parameter of the individual at a receiver associated with the fixed display device. After determining that the individual has moved within the predetermined range and that the sensed biometric parameter is an authorized parameter for display based on a user profile of the individual, the sensed biometric parameter is displayed on the fixed display device. The method further includes detecting that the individual has moved outside of the predetermined range, and removing the sensed biometric parameter from the fixed display device.

Abstract: A device for controlling a user input device to prevent inadvertent activation of the user input device includes a user input device for receiving user commands and an activation trigger associated with the input device. The activation trigger includes a mechanism that prevents incidental actuation. When the activation trigger is actuated, the input device is enabled to receive user commands for an amount of time dictated by a timer, and disabled when the timer has exhausted the amount of time.

Abstract: An approach is provided for performing sorting of physical mail items using Augmented Reality (A/R) glasses. A/R glasses acquire an image of a physical mail item to be sorted and generate image data that represents the image. A unique value is generated for the image, for example, by processing the image data for the image using one or more hash functions to generate a hash value. The hash value is used to obtain sorting information for the mail item from a mail item manager. The A/R glasses use the sorting information to assist the user in sorting the mail item by displaying the name of a sort location for the mail item, visually distinguishing the sort location from other sort locations, displaying information about the mail item, providing “out of view” assistance, etc. The A/R glasses may allow the user to override the sort location specified for the mail item and override information is sent to the mail item manager.

Abstract: Various systems and methods for capability access management are disclosed herein. In one example, a system includes a memory and a processor to send a signed custom capability description (SCCD) received from a first vendor to the memory for storage. The system may send an application received from a second vendor to the memory for storage. The system attempts to match the application to an authorization listing of the SCCD, where the application can be modified to allow access to a previously inaccessible custom capability in response to the application matching the authorization listing of the SCCD.

Abstract: A system in accordance with present embodiments includes a plurality of wearable devices and a virtual queue control system configured to maintain respective virtual queues for respective attractions and in communication with the plurality of virtual queuing attraction stations. The virtual queue control system is configured to receive communications from the plurality of virtual queuing stations and add guests to the respective virtual queues based on the communications.

Abstract: A system is configured to perform operations that include causing a merchant device to display a first visual code. The operations further include receiving a request to initiate a payment transaction between a consumer and a merchant, the request to initiate the payment transaction being transmitted to the system in response to a consumer device of the consumer scanning the first visual code displayed by the merchant device. The operations also include causing funds to be transferred from an account of the consumer to an account of the merchant. Further, the operations include in response to determining, based on one or more criteria, an occurrence of a code change event, causing the merchant device to display a second visual code in replacement of the first visual code.

Abstract: Provided are methods and systems for network access control. A method for network access control may commence with determining whether a client device is a trusted source or an untrusted source. The determination may be performed using a SYN packet received from the client device. The SYN packet may include identifying information for the client device. When it is determined that the client device is neither the trusted source nor the untrusted source, the method may continue with transmitting a SYN/ACK packet to the client device. The SYN/ACK packet may include a SYN cookie and identifying information for a network device. The method may further include receiving an ACK packet from the client device that may include the identifying information for the client device, identifying information for the network device, and the SYN cookie. The method may continue with establishing a connection with a network for the client device.

Abstract: Distributed muster includes distributing to different mobile devices an identity of an assigned muster location of an ocean-going vessel, and associating each mobile device both with a corresponding passenger of the ocean-going vessel, and also with the assigned muster location. Thereafter, a timer initiates that defines a period during which a muster drill must be completed by all of the passengers and, in response, a message is transmitted to each mobile device that the muster drill has commenced. During the period, as each mobile device is sensed within a geographically defined area of a correspondingly assigned muster location, a record of the completion of the muster drill by the passenger associated with the sensed mobile device is recorded in the memory. As well, subsequent to a lapsing of the timer, a listing is displayed of any passenger not recorded as having completed the muster drill.

Abstract: A data storage library system includes a data storage library, at least one environmental conditioning unit, at least one data storage drive retained within the data storage library, and at least one access door for providing access to an interior portion of the data storage library. The system also includes a library controller, wherein the library controller is configured to initiate a service mode prior to and during a service procedure performed within the data storage library, and further wherein at least one operational state within the at least one data storage drive is changed during the service mode. The change in the at least one operational state may be, for example, an increase in temperature within the at least one data storage drive, or the insertion of a data storage cartridge into the at least one data storage drive during the service mode.

Abstract: Systems and methods are described for remote monitoring of a premises. A remote device may be authenticated and may be granted access to a premises management system configured to monitor a premises.

Abstract: In one embodiment, a system includes a media storage device, a processor, and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to associate a first subset of storage space on the media storage device with a first group of applications executing on a hardware processor. The logic is also configured to cause the processor to receive a request from an application to access the first subset of storage space on the media storage device. Moreover, the logic is configured to cause the processor to prevent any application other than an application from the first group of applications from accessing the first subset of storage space on the media storage device. Other systems, methods, and computer program products for defending against ransomware attacks on devices and systems using application authority assignment are described according to more embodiments.

Abstract: A first communication apparatus including a control device configured to: receive a specific signal from a second communication apparatus; determine whether an inter-device distance between the communication apparatuses is equal to or smaller than a first distance; cause a server to supply printing data to a printer when the inter-device distance is equal to or smaller than the first distance; again receive the specific signal from the second communication apparatus; determine whether the inter-device distance is equal to or smaller than a second distance that is smaller than the first distance by using a second reception radio wave intensity of the again-received specific signal; and cause the printing execution unit to execute printing in accordance with the printing data when it is determined that the inter-device distance is equal to or smaller than the second distance.

Abstract: Systems and methods for data visualization are disclosed. An example method includes: obtaining, via a user device, first user biometric data from a user; comparing the first user biometric data with first stored user biometric data. The first stored user biometric data are stored in a hardware secure element of the user device. The method further includes: determining that the first user biometric data matches the first stored user biometric data; and in response to the determining, transmitting a payment token to a merchant device. The payment token is configured to enable a payment to be made from a payment account associated with the user to a merchant associated with the merchant device.

Abstract: An approach is provided for performing sorting of physical mail items using Augmented Reality (A/R) glasses. A/R glasses acquire an image of a physical mail item to be sorted and generate image data that represents the image. A unique value is generated for the image, for example, by processing the image data for the image using one or more hash functions to generate a hash value. The hash value is used to obtain sorting information for the mail item from a mail item manager. The A/R glasses use the sorting information to assist the user in sorting the mail item by displaying the name of a sort location for the mail item, visually distinguishing the sort location from other sort locations, displaying information about the mail item, providing “out of view” assistance, etc. The A/R glasses may allow the user to override the sort location specified for the mail item and override information is sent to the mail item manager.

Abstract: A method of user identity verification by a server, where the server pre-configures, by use of collected user information, verification information corresponding to accounts of users in a user verification information data store, the verification information including a plurality of verification security challenges and a plurality of respective first verification answers. The method includes detecting a condition to whether initiate a user identity verification is satisfied, where an account ID of a user is obtained from the condition. The method also includes inquiring the pre-configured user verification information about verification information matching the account ID and transmitting security challenges of the inquired verification information to the client.

Abstract: A customer may collect a package from an automated collection point (ACP) operated by an entity having a central computer system, even when there is no functional communications link between the ACP and the central computer system. A first collection code is generated at the central computer system by means of an algorithm based on a data item particular to the package, such as a package identification code (package ID). The first collection code is sent to the customer who inputs it at the ACP, where it is validated independently using a corresponding algorithm based on a corresponding data item which is independently available to the ACP, preferably the same package ID which is carried by the package and scanned when the package is delivered.

Abstract: A method for generating and provisioning payment credentials to a mobile device lacking a secure element includes: generating a card profile associated with a payment account, wherein the card profile includes at least payment credentials corresponding to the associated payment account and a profile identifier; provisioning, to a mobile device lacking a secure element, the generated card profile; receiving, from the mobile device, a key request, wherein the key request includes at least a mobile identification number (PIN) and the profile identifier; using the mobile PIN; generating a single use key, wherein the single use key includes at least the profile identifier, an application transaction counter, and a generating key for use in generating a payment cryptogram valid for a single financial transaction; and transmitting the generated single use key to the mobile device.

Abstract: An electronic device may include a dielectric cover layer defining a finger sensing surface and at least one optical image sensor below the dielectric cover layer. The electronic device may also include at least one optical element associated with the at least one optical image sensor. Light sources may be below the dielectric layer and may be selectively operable in subsets of light sources. A controller may be configured to sequentially operate respective adjacent subsets of light sources while acquiring biometric image data from the at least one optical image sensor.

Abstract: Automated tissue stiffness measurement devices and methods can identify cancerous lesions with high sensitivity and specificity. Systems and methods are presented to measure tissue stiffness using applied force, illumination and imaging techniques. The systems and methods can use structured illumination to characterize a tissue surface.

Abstract: A system and method for generating virtual objects, the data for the virtual object is retrieved at least in part from a tag. The tag comprises a transparent physical surface and a visually imperceptible structure constructed in the transparent physical surface. The tag encodes the data for the virtual objects in the visually imperceptible structure. When detected by the appropriately configured capture devices, the visually imperceptible structure produces a depth pattern that is reflected in phase shifts between regions in the tag.

Abstract: A method of creating a 3-dimensional facial reconstruction of a user of a transit system includes detecting a user within a range of an image capture device positioned at a transit access point. A plurality of images of a first portion of the user's face are captured using the image capture device while the user passes through the range of the image capture device. A plurality of positions of the user may be detected as the user passes through the range of the image capture device. The plurality of images are combined with the plurality of positions and a relative angle and position of the user's face are calculated based on the combination of the plurality of images and the plurality of positions. A 3-dimensional model of the first portion of the user's face is generated based on the calculated relative angle and position and the 3-dimensional model is stored.

Abstract: An apparatus that operates with a detachable unit mounted therein, includes: a storage unit configured to store a public key; and a verification unit configured to verify data held by the mounted unit, based on the public key. The data includes attribute information indicating an attribute of the unit, and authentication information generated from target information including the attribute information with a secret key paired with the public key and from which the target information is restorable, and the verification unit is further configured to detect an anomaly in the attribute information or the authentication information included in the data, by determining whether the attribute information included in the target information restored from the authentication information using the public key matches the attribute information included in the data.

Abstract: Methods and systems for customizing hides are provided. In particular, one or more embodiments comprise a tanning control system that improves profitability and customer satisfaction by facilitating the customization of hides according to customer orders. Furthermore, one or more embodiments enable the tanning control system to improve efficiency and responsiveness by producing packages of hides that exactly match customer orders. Additionally, one or more embodiments enhance the traceability of hides by capturing data related to the customization of hides.

Abstract: A user permission allocation method includes acquiring currently collected facial feature information of a user; determining a difference degree of the current facial feature information of the user according to the acquired facial feature information of the user and facial feature information included in stored standard sample information; and allocating a user permission to the user according to the determined difference degree. Compared with a manner of using a fixed face threshold, a difference degree of current facial feature information of the user is determined, and when a user permission is allocated to the user, an external factor that affects the collected facial feature information is used as a reference factor, which means that a higher difference degree of the collected facial feature information indicates a lower user permission allocated to the user, so that the user permission of the user is dynamically allocated.

Abstract: A method for installing an application in a security element of a portable end device comprises the following steps: the installation device receives an installation job for installing a pre-specified application on a pre-specified security element. The job is processed by the installation device which receives the installation job from the pre-specified security element itself or from a further security element different from the pre-specified security element.

Abstract: Devices, systems, and methods of detecting user identity, differentiating between users of a computerized service, and detecting possible attackers; as well as password-less user authentication, and password-less detection of user identity. A system or a computing device requires a user to perform a particular unique non-user-defined task, the task optionally being an on-screen connect-the-dots task. The system monitors user interactions, extracts user-specific features that characterizes the manner in which the user performs the tasks; and subsequently relies on such user-specific features as a means for user authentication, optionally without utilizing a password or passphrase. Optionally, a user interface anomaly or interference is intentionally introduced in order to elicit the user to perform corrective gestures, which are optionally used for extraction of additional user-specific features.

Abstract: A smart storage locker can be used to store an individual's mobile device while the individual is at work, school or another location where mobile devices should be restricted. The smart storage locker will therefore prevent the individual from carrying his or her mobile device while in such restricted environments. In addition to storing mobile devices, the smart storage locker can also be configured to automatically detect an individual's identity when the individual's mobile device is secured within the smart storage locker. This detection can then be employed to track when the individual is present at a particular location while not having access to, and therefore not using, his or her mobile device.

Abstract: Various features described herein may allow an authorized user to provide a guest with access to a secured location through use of an encoded image containing steganographically encoded access information. The encoded access information may be recognizable by a security system, and the security system may grant access to the secured location when the encoded image is presented to the security system. The authorized user may request the generation of the encoded image on an authorized computing device, and the encoded image may be provided to the guest on a guest computing device. When a monitoring device associated with the security system captures the encoded access information, the security system may, for example, open a door at the secured location.

Abstract: An image forming apparatus that is an authenticating apparatus includes an authentication-processing unit, a display area, a display-control unit and a re-entry-processing unit. The authentication-processing unit executes user authentication by comparing an entered password with a set password. The display area displays an entire entered password so as to be visible when non-matching characters are included in the entered password. The display-control unit causes a re-entry screen on which an input field is arranged in which correction characters are entered to be displayed. The re-entry-processing unit corrects the non-matching characters of the entered password based on correction characters that are entered in the input field. The authentication-processing unit compares the entered password that is corrected by the re-entry-processing unit with the set password.

Abstract: A device receives, from a short-range wireless communication device associated with a safe deposit box, first data identifying a first transaction card, and identifies a bank employee associated with the first data. The device determines whether the bank employee is authorized to access the safe deposit box, and starts a timer when the bank employee is authorized to access the safe deposit box. The device receives, from the short-range wireless communication device, second data identifying a second transaction card, and determines whether the second data is received prior to an expiration of the timer. The device identifies a customer associated with the second data when the second data is received prior to the expiration of the timer, and determines whether the customer is authorized to access the safe deposit box. The device causes the safe deposit box to be unlocked when the customer is authorized.

Abstract: Described herein is a technique that may prevent unauthorized personnel from editing files without permission. A processing apparatus may include: an operating unit configured to display an operation screen for editing an integrated file containing: non-encrypted data corresponding to an item file; a drawing file; and encrypted data obtained by encrypting the item file; a memory unit configured to store the integrated file; and an arithmetic unit configured to: (a) compare the item file with data obtained by decrypting the encrypted data; and (b) combine and display the item file and the drawing file on the operation screen according to a result of comparison performed in (a).

Abstract: The invention relates to designs of contactless smart cards. The subject matter of the invention is a device comprising a microchip arranged on a substrate, a loop antenna, the pins of which are connected to pins of the microchip, and also a capacitor connected in parallel with the loop antenna and therewith forming an antenna of the device in the form of a resonant circuit, the substrate being in the form of a band wound into a ring and made of a flexible dielectric material, on the outer surface of which a strip of electrically conductive material is applied, forming the loop antenna, which together with the microchip is coated with a protective coating, forming a sealed casing.

Abstract: A cloud computing system includes a first set of network computers providing a pool of virtual-enterprise resources integrated from lower-level cloud infrastructure including software as a service, platform as a service and infrastructure as a service. A second set of network computers form a soft gate providing access to the pool of virtual-enterprise resources by enterprise users accessing the cloud computing system via an external network. A third set of network computers form a business box providing for creation, management and use of certification cards to define the virtual-enterprise resources and to control use of the virtual-enterprise resources by the enterprise users. The soft gate and business box implement a card-creation flow that creates customized certification cards, and a card-usage flow that validates user privileges based on presentation of certification cards as a condition to granting access to virtual-enterprise resources.

Abstract: Method and devices for making access decisions in a secure access network are provided. The access decisions are made by a portable credential using data and algorithms stored on the credential. Since access decisions are made by the portable credential non-networked hosts or local hosts can be employed that do not necessarily need to be connected to a central access controller or database thereby reducing the cost of building and maintaining the secure access network.

Abstract: Provided is a method for access control, performed by an access control apparatus, including obtaining access authorization information that is communicated to the access control apparatus having at least one access authorization parameter and first check information; using at least the communicated access authorization parameters, the communicated first check information and a second key from a key pair, which second key is stored in the access control apparatus, to perform a first check on whether the communicated first check information has been produced by performing cryptographic operations by means of access authorization parameters corresponding to the communicated access authorization parameters using at least one first key from the key pair, and deciding whether access can be granted, based on the first check delivers a positive result and it is established that at least one predefined set of the communicated access authorization parameters respectively provides access authorization.

Abstract: An apparatus for a vehicle key, an apparatus for a vehicle control system, and an apparatus for a mobile device. The apparatus includes a first interface to communicate with a vehicle control system and a second interface to communicate via a radio connection. The apparatus also includes a control module to receive proximity information from the vehicle control system via the first interface and to establish a radio connection via the second interface if the proximity information indicates spatial proximity of the vehicle key to the vehicle control system.

Abstract: A method for controlling a self-balancing vehicle to park is disclosed. The method is performed by the self-balancing vehicle and includes: sending a message of requesting for parking assistance to a surveillance camera device for controlling the self-balancing vehicle to park; receiving a first response message returned from the surveillance camera device according to the message of requesting for parking assistance, the first response message including parking instruction information for controlling the self-balancing vehicle to travel from a current location of the self-balancing vehicle to a target location; and controlling the self-balancing vehicle to travel from the current location to the target location and to park according to the parking instruction information.

Abstract: A secondary validator includes a communications interface with a first antenna and a second antenna having a shorter signal range than the first antenna. The validator also includes a processor and a memory having instructions that, when executed by the processor cause the validator to receive, using the first antenna, vehicle information from a first vehicle that is within a signal range of the first antenna. The vehicle information includes route information associated with the first vehicle. The validator provides an indication for a passenger that has exited the first vehicle to check out, reads checkout information from a fare media using the second antenna, detects another vehicle present within a signal range of the first antenna, and provides the checkout information and at least a portion of the transit vehicle information to a primary validator positioned on the another vehicle for subsequent transmission to a transit system back office.

Abstract: This inventor provides a kind of recognition method and device, including the following stages: S1: get the first feature vector by putting the depth image of current best view of the object to be recognized to feature extractor; S2: get the output of pooling layer by putting the first feature vector to first hidden layer, then get the classification by putting the output of pooling layer to a hierarchical classifier; S3: generate the partial region of current view according to the output of pooling payer and view observation vector; S4: get the second feature vector by putting the partial region to second hidden layer, and the second feature vector includes the output of pooling layer and information of current view; S5: generate the next best view using a fully connected layer and the second feature vector; S6: repeat S1 to S5 until reach the leaf node of the hierarchical classifier. This inventor scans and recognizes the unknown scene, while solving the problem of next best view.