Abstract: A portable communication device (1) is capable of setting a sleep mode as an operation mode. An operation receiver (101) receives operations given by a user. A setter (102) sets the operation mode to the sleep mode when the operation receiver (101) receives no operation for a first time period. A displayer (103) displays an indicator on a display when the operation receiver (101) receives a first operation in the sleep mode. A launcher (104) launches, when the operation receiver (101) receives operations for specifying the indicator, an application program associated with the specified indicator.

Abstract: A user authentication server includes: a variable keypad generation unit for generating a variable keypad including password keys and a biometric authentication key, wherein the position of each password key and the position of the biometric authentication key are changed in each generation of the keypad; an authentication information storage unit for storing authentication information of portable terminal users; and an authentication unit for authenticating a user by remotely providing information of generated variable keypad to a portable terminal, and comparing biometric information and information of the positions of the password keys in accordance with the order of input by the user, received from the portable terminal, with the authentication information stored in the authentication information storage unit.

Abstract: Disclosed are various embodiments for distributing and verifying ephemeral security credentials of variable entropy across channels of communication of variable levels of security assurance. In one embodiment, a security credential is generated for a user account. A subset of a set of communication channels associated with the user account is determined based at least in part on respective measures of entropy and/or security assurance corresponding to individual ones of the set of communication channels. The security credential is divided into multiple portions. A corresponding portion of the portions is sent across individual channels of subset of channels. A client computing device is authenticated for access to the user account based at least in part on receiving the portions of the security credential.

Abstract: A computing platform may receive, from a client portal server, a request to authenticate a user to a user account. The computing platform may generate a first one-time passcode for a first computing device associated with the user account and may send, to the first computing device, the first one-time passcode. The computing platform also may generate a first registered-device authentication prompt for a second computing device associated with the user account and may send, to the second computing device, the first registered-device authentication prompt. Thereafter, the computing platform may receive first one-time passcode input and a first response to the first registered-device authentication prompt, which the computing platform may validate. Based on the validating, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, which the computing platform may send to the client portal server.

Abstract: The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication.

Abstract: In one aspect, a method includes receiving an identifier; obtaining a plurality of prompts using the identifier, wherein a first prompt corresponds to a first character of an access code, and a second prompt corresponds to a second character of the access code; causing the first prompt and the second prompt to be presented on a display at locations corresponding to a first alternative; causing third prompts and fourth prompts to be presented on the display at locations corresponding to a second alternative; receiving an audio signal comprising speech spoken by a user; and determining whether the audio signal comprises the user speaking the first prompt followed by the second prompt.

Abstract: A monitoring apparatus, includes a memory configured to store history information regarding a login attempt to a system by a communication apparatus in a state in which a first address is set, the system being a target to be monitored, and set a second address, and a processor coupled to the memory and configured to extract, from the history information, at least one of a variance of a number of login attempts per unit time and a length of a time of the login attempts, determine whether an attack in which accesses are attempted while an address is changed was executed on the system, according to the at least one of the variance and the length of the time, and add the second address of the system to a list that manages systems that had the attack when it is determined that the attack was executed.

Abstract: An image forming apparatus includes an operation panel which receives an entry of a password, a control portion which determines whether or not the entry password is correct and a storage portion. The storage portion stores, as an item of information which indicates that the entry password is wrong and which is included in notification information, an item to be notified that is previously set by a user, and when the control portion performs notification processing for notifying the notification information to an outside, the control portion includes, in the notification information, information corresponding to the item to be notified.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: A security controller controls secure processing of queries in an encrypted relational database. A query controller receives, from a client device, a secure query in a format of an encrypted token generated using a structured query language (SQL) query in a conjunctive query form, and sends an encrypted response to the secure query to the client device. A search engine generates the encrypted response to the secure query by initiating a search on the encrypted relational database, without decrypting the secure query and without decrypting the encrypted multi-maps. The encrypted relational database includes encrypted multi-maps corresponding to a relational database hosted at the client device, and an encrypted dictionary, based on structured encryption, using structured encryption, in lieu of using property-preserving encryption (PPE), and in lieu of using fully homomorphic encryption (FHE).

Abstract: A cryptographic ASIC and method for enforcing a derivative key hierarchy for managing an information stream. A programming user provides a user passphrase that is used to generate a transform key and is then deleted. The transform key is inaccessibly, invisibly, and indelibly generated and stored in a one-time programmable memory with externally generated programming pulses during or after manufacture, without being reported out to the user who provided the user passphrase. A transform-enabled cryptographic circuit or method customized with the transform key processes a predetermined input message to obtain a predetermined output message indicating an identity of a particular information stream. Other input messages may also be processed, such as for verifying a blockchain, but replication requires knowledge of the transform key. Only a programming user with knowledge of the user passphrase is capable of creating an information stream, such as a blockchain.

Abstract: Messages exchanged among users of a relationship management and work collaboration system are organized within user-defined, secure communication channels organized according to user-defined hierarchies that represent the users' personal relationships with one another. Security of the communications channels is maintained using individual, dynamic keys, each of the keys being uniquely associated with a respective one of the channels, and being generated according to combinations of individual passwords established by each respective channel's participants. In-bound messages in the form of e-mails are received and associated with respective ones of the channels according to e-mail aliases associated with the inbound messages. Out-bound e-mails may be sent to channel participants according to e-mail addresses associated with the participants and channel preferences established by the system users.

Abstract: The accessibility of a hyperlinked files is displayed. A hyperlink that references a resource is extracted from a target file. An attempt to acquire the resource is made by performing a first authentication operation. A first object is received in response to performing the authentication operation. A second object is acquired by performing a second authentication operation using pre-determined authentication information. The first object and the second object are compared to determine if the first object is the same as the second object. Information indicating the accessibility of the resource is presented via a display apparatus.

Abstract: A data processing system (DPS) provides protection for firmware. The DPS comprises (a) a host module comprising a management engine and (b) a security module in communication with the host module. The security module comprises a security coprocessor and a secret identifier for the security module. The DPS also comprises at least one machine-accessible medium comprising host firmware and security firmware. The host firmware, when executed by the management engine, enables to management engine to determine whether the security module is in communication with the host module, based on the secret identifier for the security module. The security firmware, when executed by the security coprocessor, enables the security coprocessor (a) to verify integrity of the host firmware and (b) to prevent the host module from booting with the host firmware in response to a determination that the host firmware has lost integrity. Other embodiments are described and claimed.

Abstract: A server device 201 comprises a communication part 231, a search history storage region 213, a data storage part 210, and a checking part 220. The communication part receives a set of a trapdoor and a deterministic encrypted keyword from a search device 401. The search history storage region 213 stores the set of the trapdoor and the deterministic encrypted keyword. The data storage part 210 stores keyword information in which search target data and an encrypted keyword are associated with each other. If the deterministic encrypted keyword is obvious, a deterministic encrypted keyword corresponding to the encrypted keyword is additionally associated with the search target data and the encrypted keyword in the keyword information. The checking part 220 checks whether or not a deterministic encrypted keyword which matches the received deterministic encrypted keyword exists in the search history storage region 213.

Abstract: A first data item is encrypted at a client device using a first encryption key. The encrypted first data item is included in a data object. A second encryption key is received at the client device from a key management device. The first encryption key is encrypted using the second encryption key. The encrypted first encryption key is included in the data object, and the data object is stored at a storage device.

Abstract: Techniques are disclosed for implementing a CAPTCHA access control system based on graphical representations of a watch or other timekeeping device. More particularly, the disclosed CAPTCHA system's request/challenge mechanism employs a graphical representation of a watch whose perturbation from a baseline visual presentation is controlled by a large number of attributes, each of which may assume a number of different values. The use of a large number of display attributes (e.g., 20 or more) and a relatively small number of difficulty levels allows each difficulty level to have an enormous number of possible graphical representation. Such a large number of potential challenge images essentially precludes the likelihood that any automated search for a matching image—providing the ability to correctly respond with certainty to the challenge query—will be successful.

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

Abstract: A first device transmits data as encrypted portions that are communicated to one or more second devices as one or more of: a graphical animation rendered to a screen on a display of the first device and audio played out a speaker of the first device.

Abstract: Entity group behavior profiling. An entity group is created that includes multiple entities, where each entity represents one of a user, a machine, and a service. A behavior profile is created for each one of the entities of the entity group. The behavior of each of one of the entities of the entity group is monitored to detect behavior change. An indicator of compromise is detected based on multiple ones of the entities experiencing substantially a same behavior change.

Abstract: In one embodiment, a computing device determines a Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA). The CAPTCHA includes a first static image that has image sections that are arranged in a first order. Each of the image sections corresponds to a unique identifier. The CAPTCHA further includes a second static image that includes each of the image sections of the first static image that are arranged in a second order. The computing device generates web-browser-executable code for converting the second static image to the first static image based on the first static image, the first order, and the unique identifiers. The computing device sends the second static image and the web-browser-executable code to a client device.

Abstract: Systems and methods for determining a pictograph password sequence and association phrase are provided. In some example embodiments, an assigned pictograph sequence request is received from a client device, with the request causing the system to generate a template pictograph sequence, generate an association phrase based on the template pictograph sequence, store the template pictograph sequence and associated phrase on a memory, and transmit instructions to cause a display of the template pictograph sequence and the association phrase. In some example embodiments, the system requires an input of a pictograph sequence that matches the template pictograph sequence in order for a user to view content. In some example embodiments, the template pictograph sequence may be replaced by a user pictograph sequence.

Abstract: Aspects of the subject matter described herein relate to disclosing recovery keys. In aspects, when a recovery key is disclosed, data is updated to indicate that the recovery key has been disclosed. A machine that has locked data may determine whether a recovery key for the locked data has been disclosed and whether a new key needs to be generated for the locked data. If a new key needs to be generated for the locked data, the machine may generate the new key and send it to a recovery store for storage. In addition, old keys that protect the locked data may be deleted after the new key has been generated and stored.

Abstract: A numerical control apparatus which enables a numerical control apparatus for a machine tool suitable for executing a particular machining program to selectively execute the machining program. The numerical control apparatus includes a storage that stores unique information; a receiving part that receives a machining program including incidental information; a determination part that checks the incidental information included in the machining program received by the receiving part with the unique information stored in the storage, and determines whether information matching the unique information is included in the incidental information; and a machine controller that executes the machining program received by the receiving part to control the machine tool only when it is determined that information matching the unique information is included in the incidental information.

Abstract: A technique controls access to a resource. The technique includes deriving, by processing circuitry, a password based on a phrase/thought provided by a user. The technique further includes confirming with the user that the password is to control access to the resource. The technique further includes, after confirming with the user that the password is to control access to the resource, imposing a requirement that the user provide the password before obtaining access to the resource. Such a password may be formed by concatenating multiple words (e.g., four words) that may be unrelated to each other. Such a password may be relatively strong since the resulting concatenation would not be found in any dictionary, and since it would be an extremely difficult and time consuming endeavor to predict such a password by attempting to combine words from a dictionary to form the concatenations.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for detecting malicious activities. One of the methods includes obtaining a collection of user event logs or receiving user events through real-time feeds; using data from the user event logs/feeds to determine IP address properties for individual IP addresses and IP address ranges; and for each incoming event, updating the IP address properties for the corresponding IP address and IP prefix properties.

Abstract: A method and device for uploading data to a social platform. The method includes a plugin set into an application program. The plugin integrates at least one Application Program Interface (API) possessing publishing function provided by at least one social platform. A request for uploading data to a social platform is received and data to be uploaded is obtained according to the request. The data is uploaded to the corresponding social platform through an API possessing publishing function integrated by the plugin. Date may be uploaded through the plugin to one or more social platforms simultaneously without launching a client terminal of the corresponding social platforms.

Abstract: A system for entering a secure Personal Identification Number (PIN) into a mobile computing device includes a mobile computing device and a peripheral device that are connected via a data communication link. The mobile computing device includes a mobile application and a display and the mobile application runs on the mobile computing device and displays a grid on the mobile computing device display. The peripheral device includes a display and an encryption engine, and the peripheral device display displays a grid corresponding to the grid displayed on the mobile computing device display. Positional inputs on the mobile computing device grid are sent to the peripheral device and the peripheral device decodes the positional inputs into PIN digits and generates an encrypted PIN and then sends the encrypted PIN back to the mobile computing device.

Abstract: A method for user passcode authentication. The method includes accessing a user information database with predefined user input option parameters and generating a random arrangement of input options from the predefined user input option parameters. The method includes manifesting the random arrangement of input options on an interactive display interface and receiving a selection of the interactive display interface input options. The method also includes comparing the received selection of interactive display interface options to the predefined user input option parameters.

Abstract: According to a general aspect, a method can include receiving a request, triggered via a consumer account, to access, using a social media application, a plurality of sharer content. The sharer content can be associated with a sharer account using the social media application. The method can include retrieving, in response to the request, a consumer value and a relationship value. The consumer value can represent an interaction with the social media application via the consumer account and the relationship value can characterize a relationship between a consumer identifier of the consumer account and a sharer identifier of the sharer account. The method can include selecting a subset of sharer content from the plurality of sharer content based on a combination of the consumer value and the relationship value, and can include defining a portion of a presentation customized for the consumer account using the selected subset of sharer content.

Abstract: One embodiment provides a system that facilitates efficient key retrieval by using key catalogs in a content centric network. During operation, the system generates, by a client computing device, a first interest for a key indicated in a signed key catalog. In response to receiving the key, the system verifies the received key by determining that a hash of the received key matches a hash of the key as indicated in the catalog based on a name for the received key. The system generates a second interest for a content object, wherein a name for the second interest includes a name prefix associated with the key as indicated in the catalog, wherein the first interest is transmitted before or concurrent with transmitting the second interest. In response to receiving the content object, the system verifies the received content object based on the key.

Abstract: A method and computer for assessing whether a password can be generated by using characteristics of a physical arrangement of keys of an input device. A received password includes characters corresponding to respective select keys in a sequence of select keys of the input device. For each select key, a final detection frequency is calculated as a sum of an initial detection frequency and an additive correction. A password determination value is calculated as a ratio of a total number of select keys having a final detection frequency equal to a minimum detection frequency and the total number of select keys in the sequence of select keys. A determination of whether the calculated password determination value is, or is not, less than a predetermined threshold value indicates that the password cannot, or can, respectively, be generated by using the characteristics of the physical arrangement of keys of the input device.

Abstract: A user authentication method and terminal, where the method includes acquiring an authentication interaction object and an interference interaction object where the authentication interaction object is a real interaction object stored in a terminal, the interference interaction object is a virtual interaction object constructed by the terminal, and the interference interaction object has a similar feature with the authentication interaction object to cause interference to a user when the user is selecting the authentication interaction object, displaying the authentication interaction object and the interference interaction object in an authentication interface for the user to select from, receiving a selection result and determining whether the selection result is the authentication interaction object, and determining, when the selection result is the authentication interaction object, that authentication succeeds.

Abstract: Systems and methods are provided for online transactions using pattern recognition. A user of a payment provider may create and register patterns drawn by the user on a pattern entry image. The user may register the patterns by associating transaction options with each drawn pattern. Each pattern may be used to execute a particular transaction such as a purchase transaction, a payment of a specific amount, a payment to a specific recipient, or a sales transaction. When the user wishes to execute a transaction such as an online payment to a particular recipient for a particular amount, the user can redraw the registered pattern associated with payments to that recipient for that amount. A pattern can be drawn at a particular location on the pattern entry image. Different transactions can be associated with patterns drawn at different locations.

Abstract: A conference setting method includes: displaying a first setting screen on a particular terminal configured to perform a setting operation of a teleconference, the first setting screen being switchable between: a first setting method having a plurality of password setting fields in which a password is set to each of at least three authorities having different numbers of executable functions; and a second setting method having a common authority setting field in which one of the at least three authorities is set as a common authority and having a common authority password setting field in which a password is set to the common authority; and storing, in a storage, passwords set in the password setting fields in association with respective ones of the at least three authorities; and storing, in the storage, a common authority password set in the common authority password setting field in association with the common authority.

Abstract: Mechanisms and techniques for customized user validation. A login attempt is received from a remote electronic device with one or more computing devices that provide access to one or more resources. The login attempt is analyzed to determine a profile from a plurality of profiles corresponding to the login attempt. The one or more computing devices support the plurality profiles with each profile having a corresponding flow. The flow corresponding to the profile is performed prior to allowing continuation of the login attempt. The login attempt is continued, via the one or more computing devices, after the flow corresponding to the profile is completed. Access is granted to the one or more resources, via the one or more computing devices, in response to a successful completion of the login attempt.

Abstract: The proliferation of personal computing devices in recent years, especially mobile personal computing devices, combined with a growth in the number of widely-used communications formats has led to increased concerns regarding the safety and security of documents and messages that are sent over networks. Users desire a system that provides for the setting of custom access permissions at a file-level or sub-file-level. Such a system may allow the user to apply customized privacy settings (and, optionally, encryption keys) differently to particular portions of a document—even if the document is of a ‘lossy’ file type, e.g., a JPEG image. According to some embodiments, the custom access permission settings may be implemented by obfuscating portions of the original file and then embedding “secret,” e.g., hidden and/or encrypted, versions of the obfuscated portions in parts of the data structure of the original lossy file before transmitting the file to the desired recipients.

Abstract: Methods of performing operations on a processor of an electronic device include establishing a programmatic association in a one-to-one relationship between mathematical operators and directions of movement that a user can make when selecting number keys among an arrangement of number keys. A first number is received from a user selection of a first number key, and a second number is received from a user selection of a second number key. A first direction of user movement from the first number key to the second number key is determined, and a first mathematical operator is selected among the mathematical operators that is programmatically associated with the first direction. The first and second numbers are combined using the first mathematical operator to generate an output number, and the output number is provided to a secure program to control user access to a protected operation of the secure program.

Abstract: A format-preserving cipher including an encryption and a decryption scheme supporting non-linear access to input data by allowing the selection of portions of data from a potentially larger dataset to be encrypted, thus avoiding a necessarily sequential access into the input plaintext data. The cipher first defines a forward mapping from the allowable ciphertext values to an integer set of the number of such allowable ciphertext values, and a corresponding reverse mapping. It also supports exclusion of a certain set of characters from the ciphering process. An encryption algorithm is provided that encrypts the input plaintext data while preserving its original format and length, and a corresponding decryption algorithm is provided. The cipher advantageously embodies the encryption and decryption of multi-byte values, composite datasets, and credit card numbers, thus fitting a variety of industrial needs.

Abstract: A method comprising includes detecting, in response to a user access attempt on an electronic access device, a one-time passcode authentication event; receiving, at an electronic authenticating device, notification of the one-time passcode authentication event; retrieving, in response to the notification, a one-time passcode from the authenticating device; transmitting the one-time passcode from the authenticating device to a facilitator software instance operating on the access device; and enabling population, using the facilitator software instance, of a one-time passcode entry form with the one-time passcode.

Abstract: Embodiments described herein relate to apparatuses and methods for enabling applied key management operations at a client including establishing a data connection with a file kernel driver of the client to enable the applied key management operation, receiving a request pertaining to encryption key data, relaying the request pertaining to the encryption key data to an applied key management system, and receiving a response regarding the request from the applied key management system based on at least one policy of the applied key management system.

Abstract: Methods and systems are provided for verifying reset of credentials for user accounts. The methods and systems receive a request to change a credential associated with a user account. The user account has account privileges associated with a network service. The methods and systems set the user account to a cool-down status and send a reset notification to one or more trusted access points associated with the user account to inform a valid owner or user of the account that a credential has been reset. The methods and systems manage availability of at least a restricted subset of the account privileges for a cool-down time period or until a reset verification is received from a valid owner or user.

Abstract: Systems and methods for providing additional control over user equipment (UE) using standardized features of a subscriber identity module (SIM) is provided. The UE can impose SIMLocking criteria based on subscriber related attributes (such as rate plan, prepay, postpay, etc.). The SIM module can comprise multiple unique entries and one value for each entry. One or more entries on the SIM can be subdivided to provide additional values with each value made up of a subset of bits from a particular entry. Thus, a single entry can provide a plurality of values to make up a SIM configuration. The SIM configuration can be compared to a UE SIMLock configuration with the same, or similar, entries to determine if the SIM is compatible for use with the UE. The SIM configuration can be updated dynamically to reflect changes in the account associated with the UE or the SIM.

Abstract: A method for phishing detection, performed by a mobile device, is provided. The method includes receiving a first OTP (one-time password), from a remote caller purporting to be from a trusted organization, into the mobile device. The method includes generating a second OTP, using an OTP generation system provided by the trusted organization, and comparing, in the mobile device, the first OTP and the second OTP, wherein the first OTP matching the second OTP indicates legitimacy of the remote caller, and the first OTP mismatching the second OTP indicates illegitimacy of the remote caller. A mobile device and a computer readable media are also provided.

Abstract: Disclosed are systems, methods, and computer-readable storage media for Bluetooth low energy (BLE) double authentication between a mobile device and server nodes. A system using BLE authentication can receive at a mobile device, an identifier of a dongle attached to a server that enables wireless communication and can establish a wireless low energy connection with the dongle without paring. The system can receive a server identifier and can determine whether the server has previously been authenticated to yield a determination. When the determination is that the server has not previously been authenticated, the system can receive a baseband management controller username and a password. When the determination is that the server has previously been authenticated, the system can determine whether to perform a double authentication to yield a second determination. The system can perform the double authentication when the second determination indicates that the double authentication should be performed.

Abstract: A personal base station (PBS) having wireless video capability. The PBS authenticates a mobile device within range for cellular services, and authenticates the user for a level of service for cable television. The PBS operates in accordance with a dual-purpose subscriber identity system (SIS) includes a subscriber mobile identity component (SMIC) and a video security component (VSC) such that the cellular and television services can be authenticated. Mobile devices incorporating the disclosed innovations, as well as the PBS, can access video content from a cable television provider through any available broadband link, regardless of the mobile device's physical location.

Abstract: In one embodiment, a user password is received in relation to a user identifier, wherein the user identifier and user password are associated with a user account. A request to opt-in to use of system-generated passwords instead of the user password is received. A substitute password for the user account is generated and provided.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for providing content management features in a messaging service. A messaging client receives a reference to a content item stored on a content management system and receives, from the content management system, a set of sharing options for the content item. The set of sharing options is presented to the user via the messaging client and a user selection of sharing options is received. The messaging client sends the user selection of sharing options to the content management system, wherein the content management system is configured to apply the user selection of sharing options to the content item.

Abstract: An access control system utilizes authorized users' mobile electronic devices for transmitting biometric identifiers in combination with using an access card, for authenticating the user's access privileges for unlocking a secure door. The system may further verify proximity of the user's device to the access control reader, which verifies correspondence of the access card with the transmitted biometric characteristics. The system may further require entry of a PIN into the user's device, for its transmission to the access control system for access confirmation. A scanner scans the area around its geographic location for signals emitted by mobile electronic devices, and identifies a position, a type, and an address of each device, using characteristics of the signals. Audio analytics detect/identify a position of sudden sound fluctuations indicating a gunshot/fight incident, and correlates the incident location to a device location. Video analytics correlate imaged people with detected electronic devices.

Abstract: A function performing apparatus includes a function performing unit performing a specific function, a processor, and memory storing computer-readable instructions therein, the computer-readable instructions, when executed by the processor, causing the function performing apparatus to perform, in response to receiving a user authentication information when the user authentication information has been registered in an authentication memory, transitioning a state of the apparatus from a non-permission state to a permission state, registering, in the authentication memory, a device authentication information in association with the user authentication information upon establishing a first connection with a portable device, and transitioning the state of the apparatus from the non-permission state to the permission state when a second connection with the portable device is established and the device authentication information is obtained from the portable device.