Abstract: In a driver installation system, a client device includes: a device information display processing section acquiring, from a peripheral device via a server device, an image of a device information screen of the peripheral device targeted for driver installation and causing a display section to display the image; a selection acceptance section accepting selection of the device information screen from an operator; a device information reading section reading a device information from the selected device information screen; and a driver installation processing section receiving, from the server device, a driver installation file of the peripheral device indicated by the device information and install the driver of the peripheral device into the client device.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A computer-implemented method to provide transcripts of multimedia messages is disclosed. The method may include receiving, at a server, a message with an attached media file. The message may be directed to a user device. The server may be configured to receive and direct messages to the user device. The method may further include separating the media file from the message before the message is provided to the user device. The method may also include generating, at a transcription system, a transcript of audio data in the media file. The method may also include providing the message to the user device for presentation of the message on the user device. The method may further include providing the transcript and the media file to the user device for presentation of the transcript and the media file on the user device.

Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.

Abstract: An access control device that at least assists in controlling the ingress/egress through an entryway. According to certain embodiments, the access control device is operably coupled to an entryway device so as to at least assist in controlling the ability to displace an entryway device from a closed positon and/or from an open position. The access control device is structured for communication with a plurality of components of a security management system, and thus may be programmed by one or more modes, including, for example a manual program mode, an off-line managed mode, a wireless off-line management mode, a wireless real-time mode, and/or an off-line real-time mode.

Abstract: Novel tools and techniques are provided for remotely configuring and orchestrating multifunctional cloud devices located on customer premises, in some cases, using a smart cloud adaptive device. In some embodiments, the smart cloud adaptive device, which might have one or more wireless programmable radios configured to communicate with a network termination device, might communicate with a cloud configuration server over a network via the one or more wireless programmable radios (and, in some embodiments, through the network termination device). The smart cloud adaptive device might transmit device identification information associated with a customer and/or service codes indicative of services to be provided to the customer. The smart cloud adaptive device might receive one or more configuration files from the cloud configuration server based on the service codes, and enable functionality among a plurality of functionalities to provision the services, based on the one or more configuration files.

Abstract: An electronic apparatus and a booting method thereof are provided. Control a sensing unit to sense a barcode before an operation system is executed by the electronic apparatus. Determine whether the barcode meets a preset barcode. Continue a booting operation of the electronic apparatus if the barcode meets the preset barcode.

Abstract: A printing process system includes processing circuitry configured to render content to generate image data to be used for displaying the content by a web browser; accept a print instruction to print out the content, which is displayed by the web browser by using the generated image data, the print instruction being input by a user via a display device coupled to the printing process system; and convert the image data, which is the same as the image data used for displaying the content by the web browser, into page description language data, and output the page description language data to a printer configured to output printed matter on which an image, which matches an image of the content displayed by the web browser, is printed based on the page description language data.

Abstract: Techniques to provide secure mobile access to a cloud-based service are disclosed. In various embodiments, a request to access the cloud-based service is received from a mobile device. A security certificate associated with the request is used to synthesize a basic authentication header associated with the request. The synthesized basic authentication header is sent to the cloud-based service on behalf of the mobile device.

Abstract: A method and apparatus of access control in an electronic apparatus implementing the method are provided. The method of operating an electronic apparatus includes detecting an access request to a resource from an application included in a first area of a memory by a processor of the electronic apparatus, in response to the access request, executing an access control module included in a second area of the memory to calculate a hash value of the application by the processor, determining whether a record exists in the memory, the record corresponding to the hash value and identification information of the application, by executing the access control module by the processor, and allowing access to the resource by the processor when the record exists in the memory.

Abstract: Communicating media data over a communication system in which a first communication instance for a user of the communication system is implemented at a first user terminal, and a second communication instance for the user of the communication system is implemented at a second user terminal. The user is simultaneously logged into the communication system via: (i) the first communication instance at the first user terminal, and (ii) the second communication instance at the second user terminal. A media communication session is established between the first and second communication instances, wherein the media communication session is authenticated on the basis of the same user being simultaneously logged into the communication system via both the first and second communication instances. Media data is communicated in the media communication session from the first communication instance at the first user terminal to the second communication instance at the second user terminal.

Abstract: Techniques for securely instantiating applications associated with computing resource service provider services on hardware that is controlled by third parties and/or customers of the computing resource service provider are described herein. A request to instantiate an application is received and fulfilled by selecting a computer system from computer systems that are controlled by a third party and/or a customer of the computing resource service provider. The computer system is selected based at least in part on the hardware capabilities of the computer system associated with instantiating a secure execution environment. The application is then instantiated within a secure execution environment operating on the computer system.

Abstract: A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

Abstract: A method of equality verification using relational encryption including receiving a relational key that includes a first relational key component and a registration ciphertext that includes an encryption of a first plaintext data set. The method includes storing the registration ciphertext without decrypting the registration ciphertext. After the storing of the registration ciphertext, the method includes receiving an authentication request and communicating a safeguard data set that includes a random challenge in response to the authentication request. The method includes receiving an encrypted response that is generated based on the safeguard data set and a second plaintext data set. The method includes verifying a relationship between the encrypted response and the registration ciphertext using the relational key without decrypting the encrypted response and without decrypting the registration ciphertext. The relationship indicates that equality exists between the first and the second plaintext data sets.

Abstract: A display device (1) includes a display section (20), a detection section (30), a storage (40), and a controller (10). The detection section (30) detects a touch region (210) of the display region in which a user touches. The storage (40) stores therein a pattern (400). The controller (10) includes a determination section (101) and a display controller (103). The determination section (101) determines whether or not the touch region (210) matches the pattern (400). The display controller (103) causes the display section (20) to display a soft key array (220) upon the determination section (101) determining match.

Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

Abstract: A system and method to access a machine through a mobile device includes sending a machine key to a controller on-board the machine, and a mobile device key to the mobile device using a remote server. The mobile device sends a mobile device ID to the controller. The controller determines the mobile device key based on the mobile device ID and the machine key. The controller sends a random number to the mobile device. The mobile device processes the random number to derive a first processed random number, and sends the first processed random number to the controller. The controller processes the random number to derive a second processed random number. The controller enables a start button to send a request to start the machine, when the first processed random number matches the second processed random number. The controller starts the machine upon receiving the request to start the machine.

Abstract: There is disclosed a modular data storage and access platform with jurisdictional control. The platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services. In an embodiment, the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage without removing the data from the platform.

Abstract: An intermediary access device enables a user electronic device to communicate with a vehicle's onboard computer system. A first wireless transceiver of the intermediary access device is used to establish a secure wireless communication channel between the intermediary access device and a vehicle on-board computer system. A second wireless transceiver of the intermediary access device is used to establish a user-initiated communication channel between the intermediary access device and a user electronic device. User commands and vehicle information can then be transmitted between the vehicle on-board computer system and the user electronic device via the intermediary access device in a safe, secure and efficient manner.

Abstract: A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that (a) is associated with the same telecommunications network as the user device, and (b) can authenticate the identity of the user device.

Abstract: Provided are a mobile terminal for providing a one-time password (OTP) and an operation method thereof. The mobile terminal includes a first one-time password (OTP) generating module configured to provide identification information regarding each of a plurality of pieces of OTP data to a user, and output an OTP provided according to any one identification information selected by the user, and a second OTP generating module based on mobile trusted module (MTM) configured to transfer the identification information regarding each of the plurality of pieces of OTP data to the first OTP generating module according to a corresponding request from the first OTP generating module, generate an OTP by using OTP data corresponding to the selected identification information, and transfer the generated OTP to the first OTP generating module.

Abstract: A method for connecting a mobile device to a vehicle system of a vehicle. The method includes the following: generating a passkey based on at least one of vehicle information and an image accessible to an occupant of the vehicle; transmitting instructions for composing the passkey to the mobile device; and connecting the mobile device to the vehicle system subsequent to entry of the passkey at the mobile device.

Abstract: Disclosed are various embodiments for provisioning account credentials via a trusted channel. An account configuration manager automatically determines a credential reset format that is associated with an account. The account configuration manager then automatically requests a security credential reset for the account using the credential reset format. A security credential communication is received via a trusted channel of communication that is linked to the account for reset purposes. The account configuration manager parses the security credential communication to determine a security credential for the account.

Abstract: Method and apparatus for authentication of a user to a server that involves the user performing a requested act and that further involves relative movement between the user and a camera wherein fiducial marks are captured.

Abstract: A computer-implemented system and method for receiving a request to associate one or more application instance definitions with an application identity of an application configured with a set of permissions to access computer resources in an environment of a computing resource service provider. The system and method cause a computer system to store the one or more application instance definitions in association with the application identity of the application. The system and method also cause the computer system to evaluate a request originating from an application corresponding to the application identity and the application instance definition to determine if fulfillment of the request complies with the permissions.

Abstract: A user of a mobile device is authenticated in a manner that enables the user access to a credential that has been issued by a credential-issuing organization. One or more keys are identified that are associated with the credential and that enable access to one or more physical resources associated with the credential-issuing organization. A physical orientation of the user's mobile device is determined. A display arrangement of one or more control icons that enable usage of the one or more keys is determined based on a physical orientation of the one or more physical resources relative to the determined physical orientation of the mobile device. The one or more control icons are displayed in accordance with the determined display arrangement.

Abstract: A system, apparatus, and method are described for a secure IoT wireless network configuration. For example, one embodiment of an Internet of Things (IoT) hub comprises: a local wireless communication interface to establish local wireless connections with one or more IoT devices and/or IoT extender hubs; a network router to establish network connections over the Internet on behalf of the IoT devices and/or IoT extender hubs; an authentication module pre-configured with a passphrase and a hidden service set identifier (SSID), the authentication module to receive a connection requests from the IoT devices and/or an IoT extender hubs and to grant the connection requests when the IoT devices and/or IoT extender hubs use the pre-configured passphrase and hidden SSID; and a firewall of the IoT hub to block all outgoing and incoming connection requests other than those directed to designated servers of an IoT service with known host names.

Abstract: Systems and methods of determining image characteristics are provided. More particularly, a first image having an unknown characteristic can be obtained. The first image can be provided to a plurality of user devices in a verification challenge. The verification challenge can include one or more instructions to be presented to a user of each user device. The instructions being determined based at least in part on the first image. User responses can be received, and an unknown characteristic of the first image can be determined based at least in part on the received responses. Subsequent to determining the unknown characteristic of the first image, one or more machine learning models can be trained based at least in part on the determined characteristic.

Abstract: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.

Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.

Abstract: A technique verifies a compound software code using a modularized architecture. The compound software code may be divided into smaller components or modules that provide various functions (e.g., services) of the code. A set of properties may be defined for the modules, such that the verification technique may be used to verify that the modules manifest those properties, wherein at least one property may be security related and the remaining properties may be related to the services of the modules. The compound software code is divided into smaller modules to facilitate verification of the properties related to the services provided by the modules. Properties of the modules may be verified in accordance with an enhanced verification procedure to demonstrate that the modules manifest those properties and transform those modules into verified code bases (VCBs).

Abstract: The present disclosure includes: a communication module; a memory that stores a secret key encryption and restoration program; and a processor that executes the program, wherein when a request for restoration of a secret key is received from a user, the processor restores the secret key of which restoration is requested on the basis of restoration information received from each of a key management server and one or more trusted devices according to execution of the program, the secret key of the user is generated and encrypted by the processor in response to the request from the user, and the restoration information is generated corresponding to the secret key and then transmitted to each of the key management server and the one or more trusted devices through the communication module.

Abstract: A method for implementing secured messages via public e-mail services includes: receiving a content of an original message to be transmitted to a recipient; parsing the content of the original message into a plurality of segments; dividing the plurality of segments into a first group of segments and a second group of segments; generating a first message including the first group of segments and a second message including the second group of segments; and forwarding the first message via a first messaging service and the second message via a second messaging service different from the first messaging service. Further, a method includes receiving the first and the second messages via the first and the second messaging services and merging the first and the second messages to generate the original message.

Abstract: A method for operating a security element, preferably in the form of a chip card, having a processor, and a memory. stores an operating system comprising an operating-system kernel and at least one additional operating-system module for supplying optional operating-system functionalities, and at least one access permission associated with the operating-system module and determining whether the operating-system module can be accessed during operation of the security element. The method comprises the step of changing the access permission for the operating-system module for supplying optional operating-system functionalities in reaction to the receiving of a message from a server. The message from the server may be an OTA message sent from the server to the security element via a mobile radio network.

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

Abstract: A system and a method for performing purchase transactions over a network are provided. The system includes a server controlled by a service provider, including a link to a network; a processor circuit, the processor circuit configured to receive purchase requests from a mobile phone, and to transfer funds from a user account to a vendor account; and a memory circuit storing a plurality of mobile phone numbers and a plurality of personal identification numbers (PINs), wherein each mobile phone number and PIN is associated with a user account. A non-transitory machine-readable medium may include a plurality of machine-readable instructions which when executed by one or more processors of a server controlled by a service provider are adapted to cause the server to perform a method as above.

Abstract: A method for controlling a vehicle cabin climate is provided. The method includes the steps of receiving and aggregating data relating to one or more inputs, wherein at least some of the data is acquired at the vehicle and some of the data is acquired from sources located remotely from the vehicle. The method further includes using a climate control module to determine an optimal cabin climate based on the aggregated data, and controlling one or more climate features according to the optimal cabin climate.

Abstract: According to an aspect of the present invention, there is a method, computer program product, and/or system that performs the following steps (not necessarily in the following order): (i) presenting a first challenge-response test to a requestor seeking access to a first application; (ii) receiving a first answer to the first challenge-response test from the requestor; (iii) storing a first test-answer set; and (iv) selecting a subsequent challenge-response test, based at least in part on the first test-answer set. The first test-answer set includes the first answer and a first test indicator. At least the selecting step is performed by computer software running on computer hardware.

Abstract: Methods, apparatus, and computer program products for controlling access to an electronic device based on biometric input are described. An example of such a method includes receiving a current biometric input, determining template similarity scores for the current biometric input, if at least one template similarity score satisfies a template similarity score criterion, then updating a false user counter value in a first numerical direction and performing an authentication process on the current biometric input, else, determining stored biometric input similarity scores for the current biometric input, if at least one stored biometric input similarity score satisfies a stored biometric input similarity score criterion, then maintaining the false user counter value, else, replacing a previously stored biometric input with the current biometric input, and updating the false user counter value in a second numerical direction opposite to the first numerical direction.

Abstract: In searching an index in an original search structure for a database, portion(s) of the index are determined to be stored in a memory in an alternate search structure. The alternate search structure with the portion(s) is created and stored in the memory. The index is searched by traversing the alternate search structure and possibly the original search structure. The alternate search structure may be traversed more efficiently than the original search structure. The number of portions of the index may be a tunable parameter or selected based on a performance improvement/expense ratio. The search of the index begins at the alternate search structure. During traversal of the one or more portions in the alternate search structure, if traversal is to continue at a portion in the original search structure, the identity of this portion is obtained. The traversal is continued at this identified portion in the original search structure.

Abstract: In searching an index in an original search structure for a database, portion(s) of the index are determined to be stored in a memory in an alternate search structure. The alternate search structure with the portion(s) is created and stored in the memory. The index is searched by traversing the alternate search structure and possibly the original search structure. The alternate search structure may be traversed more efficiently than the original search structure. The number of portions of the index may be a tunable parameter or selected based on a performance improvement/expense ratio. The search of the index begins at the alternate search structure. During traversal of the one or more portions in the alternate search structure, if traversal is to continue at a portion in the original search structure, the identity of this portion is obtained. The traversal is continued at this identified portion in the original search structure.

Abstract: A method and an apparatus for client authentication. The server receives from a client a request for identity authentication corresponding to a user account. A social relationship similarity is computed as a result of matching social relationship data of the client and the stored social relationship data of the user account. If the similarity meets a preset passing condition, the client is allowed to pass the identity authentication.

Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.

Abstract: The various technologies presented herein relate to binding data (e.g., software) to hardware, wherein the hardware is to utilize the data. The generated binding can be utilized to detect whether at least one of the hardware or the data has been modified between an initial moment (enrollment) and a later moment (authentication). During enrollment, an enrollment value is generated that includes a signature of the data, a first response from a PUF located on the hardware, and a code word. During authentication, a second response from the PUF is utilized to authenticate any of the content in the enrollment value, and based upon the authentication, a determination can be made regarding whether the hardware and/or the data have been modified. If modification is detected then a mitigating operation can be performed, e.g., the hardware is prevented from utilizing the data. If no modification is detected, the data can be utilized.

Abstract: The present relates to a method and device for controlling access from the device to a card via a Near Field Communication (NFC) interface of the device. An Access Control List (ACL) is stored at a memory of the device. The ACL comprises application signatures and corresponding card identifiers. A request is received at a processor of the device from a specific application executing on the device. The request is for accessing a particular NFC enabled card via the NFC interface of the device. The request comprises a particular card identifier of the particular card and a specific signature of the specific application. A determination is made by the processor based on the specific signature, the particular card identifier and the ACL. The determination consists in whether the specific application is granted or alternatively denied access to the particular card via the NFC interface.

Abstract: A social graph may be modeled as a collection of claims. Each claim is associated with an author, an audience, and an assertion about a fact. Probabilistic information may be collected from various sources for a claim, enabling a social networking system to evaluate a truthfulness of the assertion made in the claim. User-declared profile information may be evaluated as claims. A user, entity, or application may make claims about any assertions made in the social networking system. Reputation scores may be determined for users based on evaluations of their historical assertions. Claims may be evaluated for truthfulness using a probabilistic prediction model using heuristics analysis, regression analysis, and machine learning methods. A claims-based profile of users may be provided to viewers based on the contexts in which the claims were made. Viewers may view claims made about users, such as the users' biographical information, contact information, expertise, and interests.

Abstract: A navigation system stores navigation data in an access-protected manner. The navigation system includes navigation units that utilize the navigation data retained in a memory. The system includes a module for authenticating the access code. The system may include a module for generating an access protection code for storing the navigation data in memory. The access code and the access protection code may be used in a complementary scheme to secure the navigation data set.

Abstract: Although current conferencing applications provide many abilities, some of these abilities are limited. Various embodiments described herein provide one or more of systems, methods, software, and data structures that allow a document, or other file type, to be used to connect to a network-based conference, such as over the Internet, where a view of a local copy of the document is synchronized between participants. Participation abilities of certain network-based conference participants may be limited in such embodiments. Such limits may be enforced locally for each participant, on a server by preventing data representative of certain actions from being broadcast to other participants, or in other ways as described and would be readily apparent herein.

Abstract: Authenticating users comprises a computing device that receives a manual authentication input of a user and initiates a first user session between the user and the user computing device. The device communicates a request for a first user authorization data from an authentication technology associated with the one or more computing devices and receives the first user authentication data. The user or the device terminates the first user session and subsequently receives an input of the user to initiate a second user session. The device communicates a request for second user authentication data from the authentication technology and compares the first user authentication data and the second user authentication data. The device identifies a match of one or more features of the first user authentication data and one or more features of the second user authentication data and authorizes the user to conduct the second user session.