Abstract: It is provided a method for selectively granting access to a physical space secured by a barrier. The method is performed in a credential evaluator and comprises the steps of: determining a matching list containing a strict subset of credential identifiers of credentials within range of an antenna provided in a proximity of the barrier, wherein the matching list is based on how long each credential has been within range of the antenna; obtaining a set of biometric templates, consisting of biometric templates respectively associated with the credential identifiers of the matching list; obtaining biometric data of a person being closest to the barrier; and wherein a positive match between biometric data and one of the biometric templates is a necessary condition for granting access to the physical space.

Abstract: A method by one or more computing devices to detect anomalous accesses to a system. The method includes generating a technical maturity profile of a system user based on analyzing historical commands submitted by the system user to the system and determining whether an access by the system user to the system is anomalous based on determining technical maturity attributes of a command submitted by the system user to perform the access and comparing the technical maturity attributes of the command to the technical maturity profile of the system user.

Abstract: Systems and methods for improving homomorphic encryption are provided. A processor receives an encrypted ciphertext; splits the encrypted ciphertext into a plurality of smaller digits; applies a homomorphic floor function to clear a least significant bit from a current smaller digit; scales down the encrypted ciphertext, using modulus switching, thereby changing the ciphertext modulus to a new modulus; applies a bootstrapping procedure for a sign evaluation function to determine a sign of the scaled down encrypted ciphertext; and transmits the sign with the ciphertext to a server for subsequent use.

Abstract: Techniques for authenticating and authorizing user access to a component of a power plant within a private network of a renewable power plant having wind turbine generators. One technique includes providing at a local computer system in the private network a list of credentials and authorizations representing a plurality of identifiers and authenticators of users and corresponding access authorizations. The local computer is in direct communication with components of the power plant and is configured to receive a request for access from a user via a computer interface in the component in the private network. If the requested access can be granted by consulting the list of credentials and authorizations, the grant is communicated from the local computer to the computer interface in the component, and in case access cannot be granted, a request for update of the list of credentials and authorizations is communicated from the local computer system to a central computer system outside the private network.

Abstract: An authorization system includes a controller of an external computing device communicatively connected to an unmanned aerial vehicle (UAV). The controller obtains a mission kit that includes software for controlling a piece of equipment configured to be assembled on the UAV. The controller receives a license that is associated with a user and determines, based on the license, whether the piece of equipment is authorized for operation on the UAV as controlled by the user. Responsive to determining that the piece of equipment is authorized, the controller initiates transmission of at least some of the software of the mission kit to the UAV for installation by the UAV to allow the user to operate the piece of equipment.

Abstract: An electronic device is provided that includes an input device configured to receive sound, a processor, and a memory storing program instructions accessible by the processor. Responsive to execution of the program instructions, the processor is configured to identify a third party application that accesses the electronic device, and vary sound characteristics obtained by the input device based on the third party application identified to prevent a biometric algorithm from obtaining user information.

Abstract: In some embodiments, an authentication system may be configured to process one or more tokens that incorporates one or more tailored-wavelength-range coded patterns, codes represented within a steganographic image, or “overlapping” codes. As an example, such a token may include (i) one or more invisible-ink-printed patterns printed using infrared ink corresponding to different tailored wavelength ranges within the infrared light spectrum, (ii) one or more steganographic images in which invisible-ink-printed patterns are interweaved within the steganographic images, (iii) visible-ink-printed patterns and invisible-ink-printed patterns printed substantially within the visible ink portions of the visible-ink-printed patterns, or (iv) other features, where the invisible-ink-printed patterns correspond to one or more authentication codes or other data for token authentication.

Abstract: A system includes: a first camera configured to capture first images of a driver on a driver's seat within a passenger cabin of a vehicle; a second camera configured to capture second images in front of the vehicle; a driver module configured to determine a driver of the vehicle based on at least one of the first images and to determine a present driver's licensing level of the driver with a driver's licensing body; a first detection module configured to detect first occurrences of first conditions within the passenger cabin of the vehicle based on the first images; a second detection module configured to detect second occurrences of second conditions outside of the vehicle; and a reporting module configured to, based on the present driver's licensing level of the driver, selectively generate a report including at least one of the first and second occurrences.

Abstract: A system includes: a first authentication unit configured to perform authentication based on biometric information that is information about a body of a first user who reserves a usage target that is a target capable of being used by the user, that is, first authentication for authenticating legitimacy of the first user; and a second authentication unit configured to perform authentication based on the biometric information of a second user who uses the usage target, that is, second authentication for authenticating that the second user is the same as the first user.

Abstract: An information processing apparatus in the present invention includes: a matching unit that matches biometric information acquired from a user requesting use of a management target with registered biometric information of each of a plurality of registrants; a determination unit that determines whether or not a registrant with which a matching result is that the matching is successful out of the plurality of registrants has usage authority for the management target; and an output unit that, when the matching result from the matching unit is that the matching failed, outputs first error information, and when it is determined in the determination unit that the registrant with which the matching result is that the matching is successful does not have the usage authority, outputs second error information different from the first error information.

Abstract: In an embodiment, processing of biometric data is split between a processor on a peripheral device and a processor of a host device that is coupled with the peripheral device. One embodiment provides a method comprising, on a peripheral device coupled with a host device, capturing biometric data using a biometric sensor of a peripheral device and pre-processing the captured biometric data using a processor of the peripheral device. The processor of the peripheral device is separate from a processor of the host device and resides within a chassis or housing of the peripheral device. The method additionally includes pre-validating the pre-processed biometric data to determine whether the pre-processed biometric data meets a minimum quality threshold and transmitting the pre-validated biometric data to the host device for validation.

Abstract: Authentication techniques are described to allow a person to be authenticated to interact with an organization, where a type of authentication can be determined based on an environment in which the person is located. For example, an authentication server can collect a status information related to a safety setting of a mobile device. The safety setting can be enabled, e.g., if a person is driving a vehicle. When enabled, the safety setting can prevent the person from performing one or more operations on the mobile device. Based on the collected status information, the authentication server can request the person to provide user information via the mobile device so that the authentication server can determine whether the person is authenticated to interact with an organization.

Abstract: A biometric information measuring device comprising a control part that determines a degree of matching with respect to a purpose of use that is set in measured data related to multiple body compositions, based on a purpose-of-use matching degree relationship in which a degree of matching with respect to a purpose of use is associated according to a combination relationship about change directions of data related to the multiple body compositions associated by a display order with respect to the purpose of use.

Abstract: A lockset that includes a latch assembly, an interior assembly and an exterior assembly. The latch assembly includes a bolt movable between an extended position and a retracted position. The interior assembly is configured to electronically control movement of the bolt between the extended position and the retracted position. The exterior assembly includes a locking assembly configured to be mechanically coupled with the latch assembly. The interior assembly includes an interior wireless communication unit and the exterior assembly includes an exterior wireless communication unit that is configured to wirelessly communicate therebetween. In some embodiments, an exterior assembly includes a photovoltaic cell and the interior assembly includes a light source. The light source and the solar cell are configured for wirelessly communicating and for power transmission between the exterior and interior assemblies through a bore hole in the door.

Abstract: A data processing system that can sense fatigue or the like using a neural network is provided. First, a reference image is obtained on the basis of first to n-th images (n is an integer greater than or equal to 2). Next, the first to n-th images and the reference image are input to an input layer of a neural network, first to n-th estimated ages and a reference estimated age are output from an output layer, and first to n-th data and reference data are output from an intermediate layer. After that, first to n-th coordinates are obtained in each of which an x-coordinate is a value corresponding to a difference between the reference estimated age and the first to n-th estimated ages and a y-coordinate is a value corresponding to the degree of similarity between the reference data and the first to n-th data.

Abstract: The present disclosure includes apparatuses, methods, and systems for secure communication between an intermediary device and a network. An example apparatus includes a memory, and circuitry. The circuitry is configured to determine, in response to receipt of a request for information corresponding to a particular category, an identifier associated with the particular category. The circuitry is further configured to provide, along with a signature, the determined identifier to a network device, wherein the requested information are received in response to the signature being verified by network device.

Abstract: Connected computing enables the use of highly diverse environments that support operating frameworks for contemporary civilization. But computing productivity and trustworthiness are undermined by such environments' largely inchoate organization. These environments and their identity infrastructures are fragmented, and unnecessarily unreliable, insecure, and insufficiently informative due to current computing entity (e.g., resource) identification infrastructure design, which lacks root identification reliability. Such reliability is enabled herein by a fundamentally accurate and authenticity ensuring, near-existential or existential quality, biometrically and liveness based, portable identification and provenance infrastructure. Such an infrastructure provides ubiquitously available identification information that can be used universally for identification processes.

Abstract: An authorization system includes a controller of an external computing device communicatively connected to an unmanned aerial vehicle (UAV). The controller obtains a mission kit that includes software for controlling a piece of equipment configured to be assembled on the UAV. The controller receives a license that is associated with a user and determines, based on the license, whether the piece of equipment is authorized for operation on the UAV as controlled by the user. Responsive to determining that the piece of equipment is authorized, the controller initiates transmission of at least some of the software of the mission kit to the UAV for installation by the UAV to allow the user to operate the piece of equipment.

Abstract: A system for noninvasively measuring blood alcohol concentration using light includes one or more emitters each configured to emit light in the near infrared or infrared light spectrum at one or more wavelengths that respond to varied chromophore concentrations of ethanol and water in blood of a human subject. One or more detectors is configured to detect light emitted at the one or more wavelengths and output a representation of a photoplethysmography (PPG) waveform for one or more of the one or more wavelengths. A processing subsystem is coupled to the one or more emitters and the one or more detectors.

Abstract: Techniques for user authentication via in-ear acoustic measurements are disclosed. An in-ear device emits an acoustic signal and detects an otic response to the acoustic signal. A user signature is generated based at least on the otic response to the acoustic signal. The user signature is compared with a reference signature, to determine whether the in-ear device has changed users.

Abstract: A vehicle entry system which identifies authorized users via facial recognition has an image sensor configured to capture real-time images according to a predetermined field of view from a vehicle. A lockout device is configured to selectably provide access to the vehicle. The entry system has a controller configured to (A) analyze a first one of the captured images for matching to a stored facial pattern corresponding to an authorized user of the vehicle, (B) detect a request for a secondary authentication after the captured image being analyzed fails to match the stored facial pattern, (C) analyze a second one of the captured images for a nonbiometric secondary code entrusted to a secondary user; and (D) issue a command for the lockout device to grant the access to the vehicle when the secondary code is detected.

Abstract: Provided are a method and an apparatus for user authentication based on face recognition and handwritten signature verification, by which authentication accuracy in user authentication using a handwritten signature is further increased. The method including: receiving a handwritten signature of a user; acquiring a face image of the user who inputs the handwritten signature, simultaneously with the receiving of the handwritten signature; determining whether the user is a legitimate user, on the basis of characteristics information of the face image; adjusting a reference value for verification based on characteristics information of the handwritten signature, according to a result of determination based on the characteristics information of the face image; determining whether the user is the legitimate user, on the basis of the characteristics information of the received handwritten signature and the adjusted reference value.

Abstract: The server device includes an acquisition unit, a user database, an attendee management database, and a processing unit. The acquisition unit acquires biological information for each of a plurality of users using an entry/exit management system. The user database associates the biological information with user IDs respectively identifying the users and stores the same. The attendee management database associates the user ID corresponding to an attendee in a restricted area, into which entry and exit is restricted, with position information for the attendee, and stores the same. The processing unit transmits the position information of a meeting candidate, who a visitor wants to meet, to an authentication terminal. The authentication terminal is a terminal which, if an authentication using the biological information recorded in the user database is successful, permits a successfully authenticated user to enter the restricted area.

Abstract: A computer-implemented method of verifying a user's identity comprising the steps of receiving biometric user data, personalized user data, and unique phone data of a verifying user from the verifying user's electronic computing device 102, compiling the biometric user data, personalized user data, and unique phone data of a verifying user into a single user identity data file, encrypting the single user identity data file and generating a data decryption key, and segregating the single user identity data file into a plurality of encrypted segregated user identity data files each independently stored on a first administrator server and a second administrator server, wherein the plurality of encrypted segregated user identity data files may only be aggregated and decrypted upon providing secondary biometric user data, personalized user data, and unique phone data which matches the original biometric user data, personalized user data, and unique phone data of the verifying user.

Abstract: A first computer and a second computer are each connected to a communication network. User data is generated for a user by the first computer based on receiving, from the second computer, initial enrollment biometric data for the user. The user is authorized by the first computer based on a confidence score for challenge biometric data exceeding a first confidence threshold. Then the user data is updated with updated enrollment biometric data by the first computer based on a confidence score for the updated enrollment biometric data exceeding a second confidence threshold. The second confidence threshold is greater than the first confidence threshold. The initial enrollment biometric data is deleted by the second computer after a predetermined time of receiving the initial enrollment biometric data.

Abstract: A generation apparatus converts a received key to an encoded key by using an encoding function of an error correcting code, and generates a sketch by applying a first composite transformation on received fuzzy data and the encoded key. A reconstruction apparatus receives a first sketch and a second sketch, generates a composite sketch by applying second composite transformation on the first and second sketches, and reconstruction calculates difference between the two keys used to generate the first and second sketches based on the composite sketch.

Abstract: Multifactor authentication techniques described herein may allow a user to submit a recent proof of purchase as a part of a multifactor authentication process to access an account associated with a financial institution. As part of the login process, the user may submit a proof of purchase associated with a transaction. The financial institution may determine information associated with the transaction, such as a merchant associated with the proof of purchase, a time of the transaction, the last four numbers of the transaction card used, a dollar amount, or any combination thereof. If the information matches one or more records in the transaction history of the user's account, the financial institution may authenticate the user and provide access to the account. In this way, the financial institution may leverage transaction history known to the financial institution and the user to authenticate the user.

Abstract: A system receives a request to authorize an interaction between a first avatar associated with a first user and a second avatar associated with a second user within a virtual environment. The system receives a request to verify the identity of the first user. The system receives an image of the first user and extracts facial features from the image. The system identifies a serial number and a user credential associated with the first user. The system generates a token based on the facial features, the serial number, and the user credential. The system verifies the identity of the first user based on the token. If the identity of the first user is verified, the system authorizes the interaction between the first avatar and the second avatar.

Abstract: An authentication method and terminal device obtain a device identifier associated with an electronic device and receive an Integrated Circuit Card Identifier (ICC ID) of a Subscriber Identity Module (SIM) of the electronic device. A group of IDs is cryptographically signed with a device key of the terminal device or a key derived from the device key. The group of IDs may comprise the device identifier and the ICC ID.

Abstract: Disclosed herein are systems, methods, and non-transitory computer-readable storage media for performing speaker verification. A system configured to practice the method receives a request to verify a speaker, generates a text challenge that is unique to the request, and, in response to the request, prompts the speaker to utter the text challenge. Then the system records a dynamic image feature of the speaker as the speaker utters the text challenge, and performs speaker verification based on the dynamic image feature and the text challenge. Recording the dynamic image feature of the speaker can include recording video of the speaker while speaking the text challenge. The dynamic feature can include a movement pattern of head, lips, mouth, eyes, and/or eyebrows of the speaker. The dynamic image feature can relate to phonetic content of the speaker speaking the challenge, speech prosody, and the speaker's facial expression responding to content of the challenge.

Abstract: Systems and methods which provide the ability for users to track the lifecycle and conditional rules associated with credentials, which can include digitally verified third-party assertions of identity, education, licensing, work history, provenance, authenticity, outcomes, ingredients, etc. through a network of certified primary source or primary source equivalent issuers of credentials. Verifiable data registry technology can be used to provide access to information associated with the credentials, such as validity and schemas. Credential presentation and subscription processes are also utilized. Ecosystem communication and management functions can be executed through various agent instances associated with the actors, including administrators. Rating systems and fee transactions are also managed.

Abstract: The Present invention provides for a biometric authentication system, the method implemented in the system, and its use, based on venous networks, to provide a highly available system for resilient biometric authentication that does not require the possession or the memorization of confidential information of users while ensuring security, while allowing to discard the template and the images of the vascular network while having a tamper-proof system.

Abstract: Provided is a system for face authentication which can operate separately for individual providers of face authentication service in a stable and efficient manner. The system includes: face authentication machines; an administrator terminal; a face management server for storing face image data of registered users; and face matching servers, each configured to generate face feature amount data of a person to be verified from image data acquired from the camera of a face authentication machine and to perform a matching operation by comparing the face feature amount data of the person with that of registered users. Prior to face authentication, data of associations between face authentication machines and face matching servers entered by an administrator is transmitted from the administrator terminal to the face management server.

Abstract: A system, method, and media for providing web-based security to a workflow process is presented. Data may be processed in a web-based workflow management system. The system may detect the transfer of high-level security data through the workflow. Upon detection of the data transfers the system may request review and approval in the form of a biometric input from an approved user to allow the data to be transferred.

Abstract: The present disclosure includes apparatuses, methods, and systems for securing sensor communication. An embodiment includes a memory having instructions executable by the processing resource, and a sensor coupled to the processing resource and the memory. Wherein, the sensor is configured to collect sensor data and generate and provide a sensor public key, a sensor public identification, and a sensor identification certificate to a sensor fusion unit.

Abstract: A system for verifying a user identity. The system comprises one or more memory devices storing instructions and one or more processors configured to execute the instructions. The processors are configured to receive information associated with an account of a user. The processors are further configured to generate a first profile, where the first profile being related to the user. The processors also receive an indication that the account is accessed by an accessor through an accessor device; and receive, from the accessor device, identity data comprising a plurality of data subsets associated with the accessor. The processors are configured to store the data subsets in respective clusters. The processors are further configured generate cluster analyses by analyzing the data subsets in respective clusters; and output the cluster analyses to node instances that weighs the cluster analyses outputs.

Abstract: A vehicle includes: an iris sensor configured to recognize an iris of a driver and obtain iris data; an infrared camera configured to recognize a face of the driver, obtain face data, and detect an obstructive element covering at least a portion of the iris from the face of the driver; and a controller configured to perform iris authentication based on the iris data and control a lighting apparatus to change brightness of lighting in the vehicle in response to the obstructive element being detected.

Abstract: An information processing apparatus includes a processor configured to not authorize use of a communication service when stored first biometric information on a contractee for the communication service fails to match second biometric information acquired from a user who is to use the communication service after signing a contract for the communication service.

Abstract: A key generation apparatus for accomplishing high precision authentication in biometric encryption and biometric signing based on feature vectors in a high-dimensional Euclidean space, the apparatus: holds a first feature vector indicating a feature of first biometric information, and a parameter for identifying one arrangement out of a sphere packing arrangement with a density less than 1 and more than a predetermined value, or a sphere covering arrangement with a density equal to or more than 1 and less than a predetermined value, identifies one arrangement out of the sphere packing arrangement or the sphere covering arrangement based on the parameter; selects a first point included in the identified one arrangement; generates a first key by predetermined first conversion on the first point; and generates, based on the first feature vector and the first point, a template associated with the first biometric information.

Abstract: Techniques are provided for centralized processing of sensitive user data. One method comprises obtaining, by a service provider, values of predefined features based at least in part on personal information of a user, wherein the values of the predefined features are computed by the user; and processing, by the service provider, the values of the predefined features based on the personal information to detect one or more predefined anomalies associated with the user and/or a device of the user. The predefined anomalies comprise, for example, a risk anomaly, a security level anomaly, a fraud likelihood anomaly, an identity assurance anomaly, and/or a behavior anomaly. The predefined features relate to, for example, a location of the user and/or device-specific information for a device of the user.

Abstract: An example operation includes one or more of creating, by a transport, a digital key when the transport is powered on, wherein the digital key relates to an identity of an occupant of the transport, creating, by the transport, a digital sub-key that is related to the digital key, using, by the transport, the digital key during processing of a first set of functions, and using, by the transport, the digital sub-key during processing of a second set of functions that are more critical than the first set of functions.

Abstract: A method includes obtaining a plurality of representative vectors associated with face-related data. The method includes determining an encryption key based on a parameter stored in a record, generating an encrypted vector set by, for each respective vector of the plurality of representative vectors, encrypting the respective vector with a homomorphic encryption operation based on the encryption key, where the encrypted vector set includes a first encrypted vector that is linked to a subset of the face-related data associated with the first plurality of face vectors. The method further includes obtaining an encrypted face search vector using the encryption key to perform homomorphic encryption. The method further includes selecting a first encrypted vector based on the encrypted face search vector and retrieving the subset of the face-related data based on the first encrypted vector.

Abstract: A magnified observation apparatus includes an FOV changer, an in-focus degree evaluator, and a focus sequence executor. The in-focus degree evaluator calculates in-focus degree feature quantities, which represent in-focus degrees of image data corresponding to images to be displayed by a display controller on a display. The focus sequence executor executes an FOV-moving focus sequence in which a focusing device adjusts a relative distance between a focus position of the objective lens and an observation object in accordance with in-focus degree feature quantities of image data that are successively calculated by the in-focus degree evaluator corresponding to images of the observation object that are captured during movement of an observation FOV by the FOV changer so that a live image of the observation object is displayed on the display based on image data that is obtained during the movement of an observation FOV by the display controller.

Abstract: A system and method for facilitating device and application authentication between an external device and an implanted medical device (IMD), wherein a therapy application executing on the external device is operative to communicate with the IMD via wireless telemetry communications. A device authentication parameter may be decomposed into two key components, wherein one component may be stored in a cloud key vault and the other component may be distributed to the external device as an obfuscated portion embedded in the therapy application. Upon receiving the therapy application, the external device is operative to separately retrieve both key components and reconstitute the original authentication parameter therefrom, which may be presented to the IMD for authentication.

Abstract: A system and method for verifying proper possession of a medication is disclosed. A reader device scans a code printed on the medication to extract an embedded serial number and captures an image of the face of the person in possession of the medication. A first server queries a prescription database, which retrieves facial characteristic data associated with the embedded serial number. A determination is made if the retrieved facial characteristic data matches facial characteristic data extracted from the captured image. The match information is displayed on the reader device.

Abstract: A method and a user apparatus for the protection of confidential data, wherein the apparatus includes an image sensor and a processor configured for: capturing a plurality of images by way of the image sensor, generating a sensor fingerprint on the basis of the plurality of images, encoding at least a portion of the sensor fingerprint using an algorithm of random projections in such a way as to generate a compressed fingerprint, encrypting and/or decrypting the confidential data using the compressed fingerprint as a key.

Abstract: To prevent unauthorized access to a network feature, multiple levels of authentication are required by utilizing a biometric authentication application that can verify access based on an authentication configuration that, for example, includes biometric data associated with a user. Requiring additional authentication to one or more network features or settings while allowing one or more other network features or settings to have less authentication provides a quality of experience for every user with access to the application while maintaining enhanced security to those network features that may be key/sensitive or require additional security. Additionally, using biometric data to perform the additional level of authentication ensures that a particular user seeking access to key or sensitive network features or settings of a network is the authorized user and not another user that has gained access to a network device associated with the authorized user.

Abstract: The present disclosure generally relates to managing access to credentials. In some examples, an electronic device authorizes release of credentials for use in an operation for which authorization is required. In some examples, an electronic device causes display of one or more steps to be taken to enable an input device for user input. In some examples, an electronic device disambiguates between commands to change the account that is actively logged-in on the device and commands to cause credentials to be released from the secure element.

Abstract: A biometric device comprising: biometric sensing circuitry; cryptographic circuitry; a device key area in the biometric device for storing a cryptographic device key unique to the biometric device; and a test key area in the biometric device, for storing a cryptographic test key. The biometric device is controllable between: a test state in which the test key area is connected to the cryptographic circuitry to provide the test key to the cryptographic circuitry, and the cryptographic circuitry is prevented from performing cryptographic operations on data provided by the biometric sensing circuitry; and a functional state in which the device key area is connected to the cryptographic circuitry to provide the device key to the cryptographic circuitry, and the cryptographic circuitry is connected to the biometric sensing circuitry to receive and perform cryptographic operations on data from the biometric sensing circuitry using the device key.

Abstract: In general, embodiments of the present disclosure provide methods, apparatus, systems, computer program products, computing devices, computing entities, and/or the like for setting up biometric access for a legitimate user to a design. In accordance with various embodiments, a biometric template is received originating from the user and is inputted to a first secure sketch generator configured to use first transformation parameters comprising a hash function to generate a protected biometric template by hashing the biometric template. The protected biometric template is inputted to a second secure sketch generator configured to use second transformation parameters comprising a physical unclonable function serving as a fingerprint of the design to generate an original obfuscation key from the protected biometric template.