Abstract: An information processing system includes an information processing apparatus and an apparatus connected to the information processing apparatus, the information processing apparatus including a processor, and a memory storing instructions which, when executed, cause the processor to act as a display control unit configured to acquire display data through a network and display a screen based on the display data. The display control unit is configured to input data specified in the display data to a first application, identified by identification information specified in the display data, among a plurality of applications installed in the information processing apparatus.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: In an approach for accessing data and applications on a device, a processor adds a first accessibility profile and a second accessibility profile, wherein the first accessibility profile and the second accessibility profile are each associated with a single-user profile of a device. A processor configures a first level of access for the first accessibility profile and a second level of access for the second accessibility profile, wherein the first level of access includes a different level of accessibility permissions than the second level of access. A processor assigns a first password to access the first accessibility profile and a second password to access the second accessibility profile, wherein the first password and the second password are each associated with the single-user profile.

Abstract: An apparatus and a method for controlling security in an electronic device are provided. The operating method of an electronic device includes detecting at least one touch input, detecting at least one of a touch area, a touch shape, or the number of touches, which correspond to each of the at least one touch input, and creating a reference pattern for the unlocking, based on at least one of the touch area, the touch shape, or the number of touches, which correspond to each of the at least one touch input. Other embodiments may be provided.

Abstract: Steering an authentication request to a determined authentication device based on a correlation between a user equipment (UE) identity and an authentication device is disclosed. The authentication request comprises an updateable subscriber identity. The authentication request can be associated with the UE identity, which can be correlated to an authentication device as a result of a prior authentication event. The updateable subscriber identity can have been updated during the prior authentication event, such that the authentication device has record of the updated subscriber identity. Therefore, the authentication device can to perform an authentication based on the updated subscriber identity while other authentication devices lacking record of the updated subscriber identity would be unable to perform the authentication. The disclosed subject matter can be operable with existing deployed authentication systems with little to no modification of those systems.

Abstract: Disclosed are a method and a device for a mobile terminal to change user information, and a terminal, comprising that: a second mobile terminal obtains a wireless fidelity (wifi) hotspot shared name of a first mobile terminal by wifi searching; the second mobile terminal resolves the wifi hotspot shared name of the first mobile terminal to obtain the user information of the first mobile terminal, and the user information of the first mobile terminal is saved. In the embodiments of the present document, the operation of adding contact information is performed according to the wifi hotspot name by opening the wifi hotspot, which saves the step of the user inputting information, brings convenience to the user and saves the time.

Abstract: A method is provided for facilitating service-specific security while avoiding a full authentication and key agreement exchange each time a service is activated on a device. Multiple services on a single device and sharing the same session link (e.g., radio link or radio bearer) and the same physical network may nonetheless obtain distinct service-specific network connectivity root keys from which service-specific security/session keys may be derived. In such case, instead of performing a full authentication and key agreement exchange with an operator or provider (e.g., home subscription server or HSS), the device may authenticate a network slice using a security credential established during a prior authentication with another network slice.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information.

Abstract: A computer-implemented method, the method being performed in a system comprising an electronic lock and a client device comprising a central processing unit, a localization signal receiver and a memory, the computer-implemented method comprising: receiving at least one localization signal using the localization signal receiver; measuring a strength of the received localization signal; using the central processing unit to extract a identifier from the received localization signal; determining a location of the client device based at least on the measured strength of the received localization signal and the extracted identifier; and causing the electronic lock to unlock based on the determined location.

Abstract: An identification apparatus includes: a sensor face in which a plurality of sensor electrodes and a ground portion are provided on one and the same plane; wherein: a conductive portion or conductive portions formed in an identification object are configured so that when the identification object is placed on the sensor face, the conductive portion or the conductive portions can electrically connect a corresponding one or corresponding ones of the sensor electrodes with the ground portion; and a change of electrostatic capacitance occurring when the corresponding sensor electrode or electrodes are electrically connected with the ground portion is detected so that an ID of the identification object can be identified. Thus, it is possible to provide an identification apparatus which can be manufactured inexpensively without using expensive devices such as RFIDs and which is improved in terms of the degree of freedom for design.

Abstract: The disclosure relates to a method of operating a system, the system comprising a near field communication, NFC, tag, an NFC device associated with a user of the system and a computer, the method comprising: the NFC device requesting a message from the NFC tag; the NFC tag generating a message comprising a representation of a counter value; the NFC tag sending the message to the NFC device; the NFC device generating a request comprising the representation of the counter value in response to receiving the message; the NFC device sending the request to a computer; the NFC device submitting user authentication data to the computer; and the computer executing an operation on verification of the counter value and the authentication data.

Abstract: Systems and methods for providing actions for users of a computer device from a lock screen interface are provided. A computing device may comprise a touch-sensitive display screen that may allow a user to scroll through a set of user interfaces that may comprise a set of lock screen interfaces—one of which may be associated with the user, if authorized for using the computing device. The computing device may allow the user to scroll to one of the following: a set of locked screen interfaces, a set of sign-in interfaces, a set of applications allowed for use (e.g., a camera) by the computer device (even if the user is not signed-in) and a new mode of functionality for computing device (e.g., a children's entertainment application). The computer system may allow swiping from multiple discernible directions to allow the scrolling through user interfaces in a natural manner.

Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. An event auditor passively monitors network traffic and provides network activity data indicative of network flows to a network privilege manager. The network privilege manager determines a current network context based on the network activity data. In response to the current network context, the network privilege manager selects a security policy and generates one or more flow policy directives in accordance with the selected policy.

Abstract: A system providing enhanced security for device based transactions, constituted of: a server associated with a network address; a first device associated with a user, the first device in communication with the server over a first communication channel responsive to an obtained server network address; a second device associated with the user arranged to obtain the server network address from the first device; and a mobile device server in communication with the second device over a second communication channel, the mobile device server in communication with the server via a third communication channel, the mobile device server arranged to: obtain the server network address from the second device over the second communication channel; obtain the server network address from a trusted source; and authorize to the server over third communication channel a transaction only in the event that the server network addresses are consonant.

Abstract: A system and a method of connecting devices via a Wireless-Fidelity (Wi-Fi) network are provided. The method of communication-connecting an external device to an Access Point (AP) via a Wi-Fi network is performed by a device and includes operations of receiving device information of the external device from the external device that operates in an AP mode, accessing the external device that operates in the AP mode, by using the device information, and providing connection information relating to the AP to the external device, and wherein, when the connection information is provided to the external device, the external device terminates operating in the AP mode, and the external device then accesses the AP based on the connection information.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: In a driver installation system, a client device includes: a device information display processing section acquiring, from a peripheral device via a server device, an image of a device information screen of the peripheral device targeted for driver installation and causing a display section to display the image; a selection acceptance section accepting selection of the device information screen from an operator; a device information reading section reading a device information from the selected device information screen; and a driver installation processing section receiving, from the server device, a driver installation file of the peripheral device indicated by the device information and install the driver of the peripheral device into the client device.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A computer-implemented method to provide transcripts of multimedia messages is disclosed. The method may include receiving, at a server, a message with an attached media file. The message may be directed to a user device. The server may be configured to receive and direct messages to the user device. The method may further include separating the media file from the message before the message is provided to the user device. The method may also include generating, at a transcription system, a transcript of audio data in the media file. The method may also include providing the message to the user device for presentation of the message on the user device. The method may further include providing the transcript and the media file to the user device for presentation of the transcript and the media file on the user device.

Abstract: A wearable device includes: a touch screen; an acceleration sensor configured to generate an acceleration signal; an optical sensor using a light source and configured to generate a touch interrupt signal; and a control unit configured to detect a wearing state of the wearable device, the wearing state of the wearable device including a not-wearing state for the wearable device, a wrist wearing state, and a hand gripping state on the basis of the acceleration signal and the touch interrupt signal, and to execute a function corresponding to the wearing state of the wearable device.

Abstract: Novel tools and techniques are provided for remotely configuring and orchestrating multifunctional cloud devices located on customer premises, in some cases, using a smart cloud adaptive device. In some embodiments, the smart cloud adaptive device, which might have one or more wireless programmable radios configured to communicate with a network termination device, might communicate with a cloud configuration server over a network via the one or more wireless programmable radios (and, in some embodiments, through the network termination device). The smart cloud adaptive device might transmit device identification information associated with a customer and/or service codes indicative of services to be provided to the customer. The smart cloud adaptive device might receive one or more configuration files from the cloud configuration server based on the service codes, and enable functionality among a plurality of functionalities to provision the services, based on the one or more configuration files.

Abstract: An electronic apparatus and a booting method thereof are provided. Control a sensing unit to sense a barcode before an operation system is executed by the electronic apparatus. Determine whether the barcode meets a preset barcode. Continue a booting operation of the electronic apparatus if the barcode meets the preset barcode.

Abstract: An access control device that at least assists in controlling the ingress/egress through an entryway. According to certain embodiments, the access control device is operably coupled to an entryway device so as to at least assist in controlling the ability to displace an entryway device from a closed positon and/or from an open position. The access control device is structured for communication with a plurality of components of a security management system, and thus may be programmed by one or more modes, including, for example a manual program mode, an off-line managed mode, a wireless off-line management mode, a wireless real-time mode, and/or an off-line real-time mode.

Abstract: A printing process system includes processing circuitry configured to render content to generate image data to be used for displaying the content by a web browser; accept a print instruction to print out the content, which is displayed by the web browser by using the generated image data, the print instruction being input by a user via a display device coupled to the printing process system; and convert the image data, which is the same as the image data used for displaying the content by the web browser, into page description language data, and output the page description language data to a printer configured to output printed matter on which an image, which matches an image of the content displayed by the web browser, is printed based on the page description language data.

Abstract: Techniques to provide secure mobile access to a cloud-based service are disclosed. In various embodiments, a request to access the cloud-based service is received from a mobile device. A security certificate associated with the request is used to synthesize a basic authentication header associated with the request. The synthesized basic authentication header is sent to the cloud-based service on behalf of the mobile device.

Abstract: A method and apparatus of access control in an electronic apparatus implementing the method are provided. The method of operating an electronic apparatus includes detecting an access request to a resource from an application included in a first area of a memory by a processor of the electronic apparatus, in response to the access request, executing an access control module included in a second area of the memory to calculate a hash value of the application by the processor, determining whether a record exists in the memory, the record corresponding to the hash value and identification information of the application, by executing the access control module by the processor, and allowing access to the resource by the processor when the record exists in the memory.

Abstract: Communicating media data over a communication system in which a first communication instance for a user of the communication system is implemented at a first user terminal, and a second communication instance for the user of the communication system is implemented at a second user terminal. The user is simultaneously logged into the communication system via: (i) the first communication instance at the first user terminal, and (ii) the second communication instance at the second user terminal. A media communication session is established between the first and second communication instances, wherein the media communication session is authenticated on the basis of the same user being simultaneously logged into the communication system via both the first and second communication instances. Media data is communicated in the media communication session from the first communication instance at the first user terminal to the second communication instance at the second user terminal.

Abstract: Techniques for securely instantiating applications associated with computing resource service provider services on hardware that is controlled by third parties and/or customers of the computing resource service provider are described herein. A request to instantiate an application is received and fulfilled by selecting a computer system from computer systems that are controlled by a third party and/or a customer of the computing resource service provider. The computer system is selected based at least in part on the hardware capabilities of the computer system associated with instantiating a secure execution environment. The application is then instantiated within a secure execution environment operating on the computer system.

Abstract: A system and method to access a machine through a mobile device includes sending a machine key to a controller on-board the machine, and a mobile device key to the mobile device using a remote server. The mobile device sends a mobile device ID to the controller. The controller determines the mobile device key based on the mobile device ID and the machine key. The controller sends a random number to the mobile device. The mobile device processes the random number to derive a first processed random number, and sends the first processed random number to the controller. The controller processes the random number to derive a second processed random number. The controller enables a start button to send a request to start the machine, when the first processed random number matches the second processed random number. The controller starts the machine upon receiving the request to start the machine.

Abstract: A security system detects anomalous activity in a network. The system logs user activity, which can include ports used, compares users to find similar users, sorts similar users into cohorts, and compares new user activity to logged behavior of the cohort. The comparison can include a divergence calculation. Origins of user activity can also be used to determine anomalous network activity. The hostname, username, IP address, and timestamp can be used to calculate aggregate scores and convoluted scores.

Abstract: A method of equality verification using relational encryption including receiving a relational key that includes a first relational key component and a registration ciphertext that includes an encryption of a first plaintext data set. The method includes storing the registration ciphertext without decrypting the registration ciphertext. After the storing of the registration ciphertext, the method includes receiving an authentication request and communicating a safeguard data set that includes a random challenge in response to the authentication request. The method includes receiving an encrypted response that is generated based on the safeguard data set and a second plaintext data set. The method includes verifying a relationship between the encrypted response and the registration ciphertext using the relational key without decrypting the encrypted response and without decrypting the registration ciphertext. The relationship indicates that equality exists between the first and the second plaintext data sets.

Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

Abstract: A display device (1) includes a display section (20), a detection section (30), a storage (40), and a controller (10). The detection section (30) detects a touch region (210) of the display region in which a user touches. The storage (40) stores therein a pattern (400). The controller (10) includes a determination section (101) and a display controller (103). The determination section (101) determines whether or not the touch region (210) matches the pattern (400). The display controller (103) causes the display section (20) to display a soft key array (220) upon the determination section (101) determining match.

Abstract: There is disclosed a modular data storage and access platform with jurisdictional control. The platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services. In an embodiment, the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage without removing the data from the platform.

Abstract: An intermediary access device enables a user electronic device to communicate with a vehicle's onboard computer system. A first wireless transceiver of the intermediary access device is used to establish a secure wireless communication channel between the intermediary access device and a vehicle on-board computer system. A second wireless transceiver of the intermediary access device is used to establish a user-initiated communication channel between the intermediary access device and a user electronic device. User commands and vehicle information can then be transmitted between the vehicle on-board computer system and the user electronic device via the intermediary access device in a safe, secure and efficient manner.

Abstract: A system may be configured to allow for network-based authentication of a user device, which may reduce or eliminate the need for a user to provide credentials. The authentication may be performed when the user device attempts to access content provided by a third party content provider. The network-based authentication may be performed by, or in conjunction with, a device that (a) is associated with the same telecommunications network as the user device, and (b) can authenticate the identity of the user device.

Abstract: Disclosed are various embodiments for provisioning account credentials via a trusted channel. An account configuration manager automatically determines a credential reset format that is associated with an account. The account configuration manager then automatically requests a security credential reset for the account using the credential reset format. A security credential communication is received via a trusted channel of communication that is linked to the account for reset purposes. The account configuration manager parses the security credential communication to determine a security credential for the account.

Abstract: Provided are a mobile terminal for providing a one-time password (OTP) and an operation method thereof. The mobile terminal includes a first one-time password (OTP) generating module configured to provide identification information regarding each of a plurality of pieces of OTP data to a user, and output an OTP provided according to any one identification information selected by the user, and a second OTP generating module based on mobile trusted module (MTM) configured to transfer the identification information regarding each of the plurality of pieces of OTP data to the first OTP generating module according to a corresponding request from the first OTP generating module, generate an OTP by using OTP data corresponding to the selected identification information, and transfer the generated OTP to the first OTP generating module.

Abstract: A method for connecting a mobile device to a vehicle system of a vehicle. The method includes the following: generating a passkey based on at least one of vehicle information and an image accessible to an occupant of the vehicle; transmitting instructions for composing the passkey to the mobile device; and connecting the mobile device to the vehicle system subsequent to entry of the passkey at the mobile device.

Abstract: Method and apparatus for authentication of a user to a server that involves the user performing a requested act and that further involves relative movement between the user and a camera wherein fiducial marks are captured.

Abstract: A system, apparatus, and method are described for a secure IoT wireless network configuration. For example, one embodiment of an Internet of Things (IoT) hub comprises: a local wireless communication interface to establish local wireless connections with one or more IoT devices and/or IoT extender hubs; a network router to establish network connections over the Internet on behalf of the IoT devices and/or IoT extender hubs; an authentication module pre-configured with a passphrase and a hidden service set identifier (SSID), the authentication module to receive a connection requests from the IoT devices and/or an IoT extender hubs and to grant the connection requests when the IoT devices and/or IoT extender hubs use the pre-configured passphrase and hidden SSID; and a firewall of the IoT hub to block all outgoing and incoming connection requests other than those directed to designated servers of an IoT service with known host names.

Abstract: A computer-implemented system and method for receiving a request to associate one or more application instance definitions with an application identity of an application configured with a set of permissions to access computer resources in an environment of a computing resource service provider. The system and method cause a computer system to store the one or more application instance definitions in association with the application identity of the application. The system and method also cause the computer system to evaluate a request originating from an application corresponding to the application identity and the application instance definition to determine if fulfillment of the request complies with the permissions.

Abstract: A user of a mobile device is authenticated in a manner that enables the user access to a credential that has been issued by a credential-issuing organization. One or more keys are identified that are associated with the credential and that enable access to one or more physical resources associated with the credential-issuing organization. A physical orientation of the user's mobile device is determined. A display arrangement of one or more control icons that enable usage of the one or more keys is determined based on a physical orientation of the one or more physical resources relative to the determined physical orientation of the mobile device. The one or more control icons are displayed in accordance with the determined display arrangement.

Abstract: Systems and methods of determining image characteristics are provided. More particularly, a first image having an unknown characteristic can be obtained. The first image can be provided to a plurality of user devices in a verification challenge. The verification challenge can include one or more instructions to be presented to a user of each user device. The instructions being determined based at least in part on the first image. User responses can be received, and an unknown characteristic of the first image can be determined based at least in part on the received responses. Subsequent to determining the unknown characteristic of the first image, one or more machine learning models can be trained based at least in part on the determined characteristic.

Abstract: Internet user passwords are securely managed. A formation component can enable a user to create a master account on a web server, the master account comprising a master username and password. An access component can enable the user to access a plurality of password protected websites from a web browser or non-browser software application resident on the user's computing device when the user logs into the master account by entering the valid master username and password. A selection component can log the user into a website of the plurality of password protected websites when the user selects a hyperlink associated with the website, selects a linked image associated with the website, or selects the website from a pulldown list contained in a toolbar of a web browser. A display component can open a web browser or tab associated with the website.

Abstract: Systems, devices, apparatuses, and methods of the present invention distribute authentication across multiple users. A data sensitivity model can define the sensitivity of different types of data. When an application requests access to a particular data item, the sensitivity of that data item can be determined. If the data item has a low sensitivity, access to the data item can be granted. If the data item has a high sensitivity, the system can request authentication before granting access to the data item.

Abstract: A technique verifies a compound software code using a modularized architecture. The compound software code may be divided into smaller components or modules that provide various functions (e.g., services) of the code. A set of properties may be defined for the modules, such that the verification technique may be used to verify that the modules manifest those properties, wherein at least one property may be security related and the remaining properties may be related to the services of the modules. The compound software code is divided into smaller modules to facilitate verification of the properties related to the services provided by the modules. Properties of the modules may be verified in accordance with an enhanced verification procedure to demonstrate that the modules manifest those properties and transform those modules into verified code bases (VCBs).

Abstract: Systems and methods for securing or encrypting data or other information arising from a user's interaction with software and/or hardware, resulting in transformation of original data into ciphertext. Generally, the ciphertext is generated using context-based keys that depend on the environment in which the original data originated and/or was accessed. The ciphertext can be stored in a user's storage device or in an enterprise database (e.g., at-rest encryption) or shared with other users (e.g., cryptographic communication). The system generally allows for secure federation across organizations, including mechanisms to ensure that the system itself and any other actor with pervasive access to the network cannot compromise the confidentially of the protected data.

Abstract: A method for operating a security element, preferably in the form of a chip card, having a processor, and a memory. stores an operating system comprising an operating-system kernel and at least one additional operating-system module for supplying optional operating-system functionalities, and at least one access permission associated with the operating-system module and determining whether the operating-system module can be accessed during operation of the security element. The method comprises the step of changing the access permission for the operating-system module for supplying optional operating-system functionalities in reaction to the receiving of a message from a server. The message from the server may be an OTA message sent from the server to the security element via a mobile radio network.