Abstract: Embodiments of this application relate to systems and methods which allow for 3-D printed objects, such as eyeglasses and wristwatches, for example, to be customized by users according to modification specifications that are defined and constrained by manufacturers. These modification specifications may be constrained by the manufacturers based on factors relating to the printability of a modified design.

Abstract: A trigger instruction is received to set a password input interface. A setting of a term represented by a key is triggered. A selection or input of the term represented by the key on the password input interface is received. A first corresponding relationship between the key and the represented term is established. The password input interface is displayed. An electronic device sets terms, which are commonly used by a user to set a password, in a same password input interface. Thus, when a user password includes different types of terms, the user inputs the password without switching among different input interfaces to ensure that the user input the password conveniently.

Abstract: A host machine has a web browser. A user of the host machine also has a mobile device. A time-based, one-time password (TOTP) authentication scheme leverages a plug-in associated with the browser to automatically inject a received TOTP code into an element of an HTML-based TOTP authentication page, and to programmatically submit the HTML form (e.g., by mimicking the “click to submit” button on the TOTP form). Typically, the TOTP code is obtained following a successful completion of a push notification interaction between a cloud service, which stores TOTP shared secrets that are used to generate the TOTP codes, and the user of the mobile device.

Abstract: An example method of exchanging documents between users includes receiving a first document from a first client computer associated with a first user, associating the document with a collaborative workspace, and transmitting a representation of the collaborative workspace to the first client computer and a second client computer associated with a second user. The representation visually depicts the document in a shared environment. The method also includes presenting, on the first client computer and the second client computer, the representation of the collaborative workspace.

Abstract: A service controller of an information handling system provides a login user interface to a remotely located user. The service controller includes a factory-installed random unique password as its default password. If the service controller is in its original state, the service controller may grant access to the remote user based on original access input that differs from the default password. If the service controller verifies the user's access entitlement, remote access may be granted to the remote user and the remote user may modifying the default password. Access may be granted to the remote user based on user input that includes the user's credentials for accessing a database of asset, owner, and entitlement information maintained by the system supplier. Access may also be granted based on original access input including or indicative of the service controller license.

Abstract: Data can be scanned using a network managed appliance. The network managed appliance may integrate commercial hardware elements connected through a basic or simplified operating system environment expressly developed for the appliance, thus being more malware resistant and less vulnerable to attacks from the scanned data or other sources. The network managed appliance may be a self-contained apparatus with an integrated chassis, designed and configured as “single-purpose” device. Such appliances may be connected to an appliance management network including central management servers in communication with appliances in remote locations. The central management servers may ensure that scanning software and the definitions lists for each of the appliances are current and match an enterprise-approved configuration. In addition, an antivirus appliance may facilitate creation and management of user rights assignments for those files.

Abstract: An access control device that at least assists in controlling the ingress/egress through an entryway. According to certain embodiments, the access control device is operably coupled to an entryway device so as to at least assist in controlling the ability to displace an entryway device from a closed position and/or from an open position. The access control device is structured for communication with a plurality of components of a security management system, and thus may be programmed by one or more modes, including, for example a manual program mode, an off-line managed mode, a wireless off-line management mode, a wireless real-time mode, and/or an off-line real-time mode.

Abstract: A combination includes a user-portable computing device, and an identity selector adapted for interoperable use with the user device. The user computing device includes a security token service that issues security tokens in reference to a portfolio of user identities stored as information cards on the user device. The issuance of security tokens employs user attribute information that is stored onboard the user device. The identity selector exports the information cards from the user device and determines which user identity satisfies a security policy promulgated by a relying party as part of an authentication process within the context of an online interaction. The identity selector generates a token request based on one of the eligible user identities, and forwards the token request to the user device to invoke the token issuance operation. The identity selector presents the issued security token to the relying party to comply with the security policy.

Abstract: A request including a user identifier is received from a third party to authenticate an access attempt by a person. The input of the user identifier is not accompanied by a password. A listing of associated mobile devices is transmitted to the third party. The person selects a mobile device to which an authentication notification should be sent. The notification is pushed to the mobile device. A user of the device views the notification and verifies whether the access should be allowed or denied. If access should be allowed, a first one-time password (OTP) is generated and transmitted to an authentication server. The server generates a second OTP. If the second OTP matches the first OTP, the server notifies the third party that access should be permitted. If the second OTP does not match the first OTP, the server notifies the third party that access should be blocked.

Abstract: Implementations relate to peer-to-peer discovery, connection, and data transfer providing privacy protection and increased security features.

Abstract: The password entry device includes a first display control unit, a tap determination unit, a second display control unit, and a password-entry acceptance unit. The tap determination unit determines which of the characters displayed in the first style by the first display control unit have been tapped. The second display control unit performs control operations to display the characters, which are determined by the tap determination unit that they were tapped, in a second area, which differs from the first area of the touch panel, in a second style, which differs from the first style. The password-entry acceptance unit accepts the entry of the characters that make up the password with the characters displayed in the second style by the second display control unit.

Abstract: A method and system for controlling casting to a media renderer is provided. A casting control system receives from a requesting device a request to cast media to the media renderer. In response to receiving the request, the casting control system identifies a gatekeeper for the media renderer and notifies the gatekeeper that a request has been received to cast media to the media renderer. After the casting control system receives from the gatekeeper an indication to grant or deny the request, the casting control system allows or denies the casting of the media to the media renderer.

Abstract: A method, non-transitory computer readable medium, and storage node computing device that identifies a subset of a plurality of sections of a shelf that is unowned based on a determined ownership status of a plurality of storage devices hosted by the shelf. Obtained section discriminant data is applied to one of a plurality of ordered storage node identifiers to identify one section of the subset of the sections. Ownership of one or more of the storage devices corresponding to the one section is obtained.

Abstract: Systems and methods for controlling access to an online account are described. An access control message including an action to be performed on an online account can be sent from a mobile device to a server. The server may identify the mobile device based on identifying information in the access control message. Upon identifying the mobile device, the server may determine whether the user has authority to initiate the action to be performed on the online account. Upon determining that a user of the mobile device does have authority to initiate the indicated action, the action indicated in the access control message may be taken with respect to the online account.

Abstract: Determining whether to allow access to a message is disclosed. A message is received from a sender. The message is associated with a first time-to-live (TTL) value. A determination is made that the first time-to-live value has not been exceeded. The determination is made at least in part by obtaining an external master clock time. In response to the determination, access is allowed to the message.

Abstract: The present disclosure relates to electronic devices and methods for managing re-enrollment. According to the present disclosure, a method for managing re-enrollment of an electronic device may comprise storing data necessary for re-enrollment to manage the electronic device, reading the stored data corresponding to any one of initialization of the electronic device and deletion of a pre-stored management agent, sending a request for information necessary for authentication using the read data, and receiving at least one of the information necessary for authentication and a management agent installation file received corresponding to the request.

Abstract: The present invention provides a separated intelligent control system comprising a WiFi intelligent controller. The WiFi intelligent controller comprises: a WiFi unit for performing network communication; a microprocessor connected with the WiFi unit for data transmission via the WiFi unit, the data comprising programs or instructions; and at least one multi-use interface. The multi-use interface comprises a plurality of pins. The plurality of pins is connected to the microprocessor. The microprocessor is used to change function of the plurality of pins of the multi-use interface via firmware. The WiFi intelligent controller can be independently and freely combined with external modules with different functions so as to achieve the desired functions of users. The combination of application is strengthened, so that users can freely combine or restructure each module at any time to be used in different appliances and situations.

Abstract: A risk engine can be configured to produce a total risk score by combining a set of risk factors. A risk policy can define a percentage that is to be assigned to each risk factor that is present in a request to access a web-accessible application. The percentage can represent the amount of risk that can be attributed to the access request when the risk factor is present in the request. The risk policy can also define which mitigating factors apply to each risk factor. Each mitigating factor can also be assigned a percentage by which the mitigating factor will reduce the risk factor when the mitigating factor and risk factor are present in the access request. The risk factors can then be combined to produce the total risk score. The total risk score can be generated as a percentage between 0% and 100%.

Abstract: A custom file system in a containerized software architecture facilitates the instantiation of application containers. Each container is composed of one or more application image layers. An application container instance includes read-only application image layer data shared among application container instances associated with the same application container. An application container instance may also include read/write application container instance data that is specific to the application container instance.

Abstract: The embodiments set forth systems and techniques to authenticate a user device for device services, such as by transferring or extending a trusted device status from a separate and trusted associated user device, which can be paired with the user device. This can be done automatically without requiring the user to sign in at or on behalf of the user device, and the automated process can include verifying a trusted status for the associated user device, receiving data items from both devices, evaluating the data items, and facilitating an authentication of the user device when the evaluating returns a favorable result. Data items can include provisioned machine identifiers, temporally limited one-time user passwords, and a provisioned password reset key. Authentication or trusted device status transfer can be achieved by way of an authentication token that is given to the user device.

Abstract: A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session.

Abstract: According to an embodiment, an image processing apparatus includes a display unit, an operation unit, a processing unit, a storage unit, and a control unit. The display unit is configured to display an operation screen on which a processing mode and setting information may be selected. The operation unit is configured to receive an operation instruction from the operation screen displayed on the display unit and to transmit a processing job based on the operation instruction. The processing unit is configured to execute a process based on the processing job received from the operation unit. The storage unit is configured to store use history information indicating the processing jobs. The control unit is configured to customize the operation screen according to the use history information stored by the storage unit and cause the display unit to display the customized operation screen.

Abstract: A cryptographic ASIC and method for autonomously storing data into a one-time programmable memory in isolation. Internal circuitry provides programming pulses of a given voltage magnitude and duration for changing the state of selected memory elements. Use of internal circuitry reduces pin count and increases reliability and security over devices relying on external circuitry to provide programming pulses. In one embodiment, the stored data comprises cryptographic data for enforcing a derivative key hierarchy for managing an information stream, such as a blockchain.

Abstract: Methods and systems for verifying the identity and trustworthiness of a user of an online system are disclosed. In one embodiment, the method comprises receiving online and offline identity information for a user and comparing them to a user profile information provided by the user. Furthermore, the user's online activity in a third party online system and the user's offline activity are received. Based on the online activity and the offline activity a trustworthiness score may be calculated.

Abstract: Techniques for virtual Representational State Transfer (REST) interfaces are provided. A proxy is interposed between a client and a REST service over a network. The proxy performs independent authentication of the client and provides credentials to the client and for the client to authenticate to the REST service using a REST service authentication mechanism. The proxy inspects requests and responses and translates the requests and responses into formats expected by the client and the REST service. Moreover, the proxy enforces policy and audits the requests and responses occurring between the client and the REST service over the network.

Abstract: There are provided means for implementing an interface to populate and update an entity graph through socially relevant user challenges including, for example, means of a social network system to perform operations including monitoring a user's interactions with the social network system; initiating a contextually relevant challenge for the user of the social network system based on the user's interactions monitored; identifying a plurality of concepts within an entity graph of the social network system contextually relevant to the user of the social network system; selecting one of the plurality of concepts within the entity graph upon which to base the contextually relevant challenge for the user; constructing an inquiry for the contextually relevant challenge based on missing data of the concept selected or based on data to be updated within the concept selected; presenting the contextually relevant challenge having the inquiry therein to the user; and receiving a challenge response from the user responsiv

Abstract: A method and system for controlling online user account using a mobile device. The method includes receiving an option to lock an online account of a user from a service provider. The computer-implemented method also includes locking the online user account by using a mobile device. Further, the computer-implemented method includes initiating a user action at a later point of time. Furthermore, the computer-implemented method includes receiving an alert to unlock the online user account in order to perform the user action and obtaining an unlock password from the service provider. Moreover, the computer-implemented method includes unlocking the online user account with the unlock password by using the mobile device and performing the user action subsequent to the unlocking, thereby controlling the online user account using the mobile device. The system includes a computing device, a web browser, a service provider and a mobile device.

Abstract: A secure method for resetting the password for an account is disclosed. During the setup of the account, the user can provide the service provider with a media file, and when the user asks the service provider to reset the password for the account, the user will be prompted with several media files. The user can be asked to identify the media file that the user provided to the service provider at the time of the setup of the account. If the user properly identifies the media file, the password will be reset.

Abstract: A system for viewing session takeover is provided. A plurality of user accounts have access to patient medical data images. A locking mechanism is operable by each user to prevent access to patient medical data until subsequent user authentication, without terminating a viewing session. A storage medium maintains configuration parameters associated with the primary user account. A session controller establishes a viewing session by retrieving the patient medical data for viewing on the display. The session controller applies the configuration parameters associated with the primary user account to the viewing session of the secondary user. A log records each user access associated with each viewing session.

Abstract: An information processing system includes an information processing apparatus and an apparatus connected to the information processing apparatus, the information processing apparatus including a processor, and a memory storing instructions which, when executed, cause the processor to act as a display control unit configured to acquire display data through a network and display a screen based on the display data. The display control unit is configured to input data specified in the display data to a first application, identified by identification information specified in the display data, among a plurality of applications installed in the information processing apparatus.

Abstract: A card server that provides a card object to a mobile computing device in response to receiving a card request from the mobile computing device. The mobile computing device can utilize the card object to display an application card at the mobile computing device. The application card may include one or more multi-value data fields. A multi-value data field refers to a data field with multiple values. A multi-value data field may include a collapsed view, and an expanded view. The card object may specify a collapsed-view descriptor that can be displayed in the collapsed view. The card object may specify the values of the multi-value data field. Additionally, the card object may specify a filtering parameter that can be utilized to filter the values in the expanded view.

Abstract: A system and method for authentication policy orchestration may include a user device, a client device, and a server. The server may include a network interface configured to be communicatively coupled to a network. The server may further include a processor configured to obtain, from a client device via the network, a transaction request for a transaction, determine an authorization requirement for the transaction request based, at least in part, on a plurality of authorization policies, individual ones of the plurality of authorization policies being separately configurable by at least one of a relying party and an authorizing party, and complete the transaction based on the authorization requirement having been met.

Abstract: In an approach for accessing data and applications on a device, a processor adds a first accessibility profile and a second accessibility profile, wherein the first accessibility profile and the second accessibility profile are each associated with a single-user profile of a device. A processor configures a first level of access for the first accessibility profile and a second level of access for the second accessibility profile, wherein the first level of access includes a different level of accessibility permissions than the second level of access. A processor assigns a first password to access the first accessibility profile and a second password to access the second accessibility profile, wherein the first password and the second password are each associated with the single-user profile.

Abstract: Steering an authentication request to a determined authentication device based on a correlation between a user equipment (UE) identity and an authentication device is disclosed. The authentication request comprises an updateable subscriber identity. The authentication request can be associated with the UE identity, which can be correlated to an authentication device as a result of a prior authentication event. The updateable subscriber identity can have been updated during the prior authentication event, such that the authentication device has record of the updated subscriber identity. Therefore, the authentication device can to perform an authentication based on the updated subscriber identity while other authentication devices lacking record of the updated subscriber identity would be unable to perform the authentication. The disclosed subject matter can be operable with existing deployed authentication systems with little to no modification of those systems.

Abstract: An apparatus and a method for controlling security in an electronic device are provided. The operating method of an electronic device includes detecting at least one touch input, detecting at least one of a touch area, a touch shape, or the number of touches, which correspond to each of the at least one touch input, and creating a reference pattern for the unlocking, based on at least one of the touch area, the touch shape, or the number of touches, which correspond to each of the at least one touch input. Other embodiments may be provided.

Abstract: Disclosed are a method and a device for a mobile terminal to change user information, and a terminal, comprising that: a second mobile terminal obtains a wireless fidelity (wifi) hotspot shared name of a first mobile terminal by wifi searching; the second mobile terminal resolves the wifi hotspot shared name of the first mobile terminal to obtain the user information of the first mobile terminal, and the user information of the first mobile terminal is saved. In the embodiments of the present document, the operation of adding contact information is performed according to the wifi hotspot name by opening the wifi hotspot, which saves the step of the user inputting information, brings convenience to the user and saves the time.

Abstract: A method is provided for facilitating service-specific security while avoiding a full authentication and key agreement exchange each time a service is activated on a device. Multiple services on a single device and sharing the same session link (e.g., radio link or radio bearer) and the same physical network may nonetheless obtain distinct service-specific network connectivity root keys from which service-specific security/session keys may be derived. In such case, instead of performing a full authentication and key agreement exchange with an operator or provider (e.g., home subscription server or HSS), the device may authenticate a network slice using a security credential established during a prior authentication with another network slice.

Abstract: An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user's privacy preferences regarding the disclosure of identity information.

Abstract: The disclosure relates to a method of operating a system, the system comprising a near field communication, NFC, tag, an NFC device associated with a user of the system and a computer, the method comprising: the NFC device requesting a message from the NFC tag; the NFC tag generating a message comprising a representation of a counter value; the NFC tag sending the message to the NFC device; the NFC device generating a request comprising the representation of the counter value in response to receiving the message; the NFC device sending the request to a computer; the NFC device submitting user authentication data to the computer; and the computer executing an operation on verification of the counter value and the authentication data.

Abstract: An identification apparatus includes: a sensor face in which a plurality of sensor electrodes and a ground portion are provided on one and the same plane; wherein: a conductive portion or conductive portions formed in an identification object are configured so that when the identification object is placed on the sensor face, the conductive portion or the conductive portions can electrically connect a corresponding one or corresponding ones of the sensor electrodes with the ground portion; and a change of electrostatic capacitance occurring when the corresponding sensor electrode or electrodes are electrically connected with the ground portion is detected so that an ID of the identification object can be identified. Thus, it is possible to provide an identification apparatus which can be manufactured inexpensively without using expensive devices such as RFIDs and which is improved in terms of the degree of freedom for design.

Abstract: A computer-implemented method, the method being performed in a system comprising an electronic lock and a client device comprising a central processing unit, a localization signal receiver and a memory, the computer-implemented method comprising: receiving at least one localization signal using the localization signal receiver; measuring a strength of the received localization signal; using the central processing unit to extract a identifier from the received localization signal; determining a location of the client device based at least on the measured strength of the received localization signal and the extracted identifier; and causing the electronic lock to unlock based on the determined location.

Abstract: Systems and methods for providing actions for users of a computer device from a lock screen interface are provided. A computing device may comprise a touch-sensitive display screen that may allow a user to scroll through a set of user interfaces that may comprise a set of lock screen interfaces—one of which may be associated with the user, if authorized for using the computing device. The computing device may allow the user to scroll to one of the following: a set of locked screen interfaces, a set of sign-in interfaces, a set of applications allowed for use (e.g., a camera) by the computer device (even if the user is not signed-in) and a new mode of functionality for computing device (e.g., a children's entertainment application). The computer system may allow swiping from multiple discernible directions to allow the scrolling through user interfaces in a natural manner.

Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. An event auditor passively monitors network traffic and provides network activity data indicative of network flows to a network privilege manager. The network privilege manager determines a current network context based on the network activity data. In response to the current network context, the network privilege manager selects a security policy and generates one or more flow policy directives in accordance with the selected policy.

Abstract: A system providing enhanced security for device based transactions, constituted of: a server associated with a network address; a first device associated with a user, the first device in communication with the server over a first communication channel responsive to an obtained server network address; a second device associated with the user arranged to obtain the server network address from the first device; and a mobile device server in communication with the second device over a second communication channel, the mobile device server in communication with the server via a third communication channel, the mobile device server arranged to: obtain the server network address from the second device over the second communication channel; obtain the server network address from a trusted source; and authorize to the server over third communication channel a transaction only in the event that the server network addresses are consonant.

Abstract: A system and a method of connecting devices via a Wireless-Fidelity (Wi-Fi) network are provided. The method of communication-connecting an external device to an Access Point (AP) via a Wi-Fi network is performed by a device and includes operations of receiving device information of the external device from the external device that operates in an AP mode, accessing the external device that operates in the AP mode, by using the device information, and providing connection information relating to the AP to the external device, and wherein, when the connection information is provided to the external device, the external device terminates operating in the AP mode, and the external device then accesses the AP based on the connection information.

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: In a driver installation system, a client device includes: a device information display processing section acquiring, from a peripheral device via a server device, an image of a device information screen of the peripheral device targeted for driver installation and causing a display section to display the image; a selection acceptance section accepting selection of the device information screen from an operator; a device information reading section reading a device information from the selected device information screen; and a driver installation processing section receiving, from the server device, a driver installation file of the peripheral device indicated by the device information and install the driver of the peripheral device into the client device.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A method includes generating a set of virtual-machine-specific (VMS) encryption keys for a dedicated virtual machine, storing the set of VMS encryption keys in a protected memory, storing a first look-up table in the protected memory, and replacing an encryption key stored in a crypto unit with at least one VMS encryption key of the set of VMS encryption keys in an operation mode where the dedicated virtual machine is executed by a processor. The protected memory is selectively excluded from access by operating systems executable on a computer system. The look-up table being accessible only by firmware of the computer system.

Abstract: A computer-implemented method to provide transcripts of multimedia messages is disclosed. The method may include receiving, at a server, a message with an attached media file. The message may be directed to a user device. The server may be configured to receive and direct messages to the user device. The method may further include separating the media file from the message before the message is provided to the user device. The method may also include generating, at a transcription system, a transcript of audio data in the media file. The method may also include providing the message to the user device for presentation of the message on the user device. The method may further include providing the transcript and the media file to the user device for presentation of the transcript and the media file on the user device.