Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: An electronic device performs techniques related to implementing biometric authentication, including providing user interfaces for: providing indications of error conditions during biometric authentication, providing indications about the biometric sensor during biometric authentication, orienting the device to enroll a biometric feature, and providing an indication of the location of the biometric sensor to correct a detected error condition.

Abstract: Various switchable RFID devices are disclosed. These switchable RFID devices may include one or more RFID tags and one or more switches. Some of these one or more switches are optionally wireless. In various embodiments, the switchable RFID devices include cellular phones, security devices, identity devices, financial devices, remote controls, and the like. The switchable RFID devices are optionally disposed in a passport.

Abstract: A trusted computing method applicable in a computer device, a computer device, and a storage medium are provided. The method comprises: during a startup process of the computer device including first and second trusted computing chips, the first trusted computing chip performing a static measurement on the computer device to obtain a static measurement result, and sending the static measurement result to a verification center; and during operations of the computer device after startup of the computer device, the second trusted computing chip performing a dynamic measurement on the computer device to obtain a dynamic measurement result, and sending the dynamic measurement result and association evidence to the verification center, wherein the association evidence indicates that the first and the second trusted computing chips are disposed in the same computer device, and the verification center associates the two measurement results and verifies the integrity of a software system of the computer device.

Abstract: According to an embodiment, an IC card comprises a sensor, a storage, and a processor. The sensor obtains information for authentication. The storage stores an authentication list showing one or more authentication methods which use information from the sensor. The processor determines whether if there is an abnormality exists in the sensor. If it determines that the sensor is indeed abnormal, it updates the authentication list accordingly.

Abstract: A system to access one or more user profiles that govern one or more vehicle functions. The system cooperates with a processor and verification module which are adapted to verify, using one or more of biometric information, gesture recognition, facial recognition and device identification information, that a user has authority to access the one or more user profiles, where the one or more profiles are stored in one or more of a vehicle, a cloud and a communications device. An edit module is further provided and adapted to allow the user to make one or more edits to the one or more user profiles.

Abstract: An IC card system includes an IC card management server and an IC card. The IC card management server requests a SIM management server to make an inquiry regarding a user based on card identification information and user information relating to a contract of SIM card, and, in a case that validity of the user is verified, transmits a generation request for generating a registration application registering biometric authentication information, including the card identification information and the secret key, to the SIM management server. The IC card includes a data storage storing the card identification information and the secret key and storing the biometric authentication information and, in a case that authentication based on the card identification information and the secret key through communication with the SIM card based on the registration application is succeed, stores the biometric authentication information based on the biometric information in the data storage.

Abstract: Methods, systems, and devices for data migration are described. In a system, databases may utilize different database-specific encryption keys for storage security. In some cases, the system may migrate data from a source database to a target database. To securely migrate the data, the source database may generate a temporary encryption key. The source database may decrypt the data using its database-specific key and may re-encrypt the data using this temporary encryption key. Additionally, the source database may wrap the temporary key with a public key corresponding to the target database. The source database may send the re-encrypted data and the wrapped temporary key to the target database. The target database may unwrap the temporary key using a private key associated with the public key and may decrypt the data using the temporary key before re-encrypting the data with its database-specific key for data storage.

Abstract: An apparatus and method for a user-aware remote control for a shared device, such as a computing device, is provided herein. The computing device includes a transceiver and a processor. The transceiver is configured to communicate with a remote control. The processor is configured to: receive, from the remote control, identification data for a user of the computing device, the identification data for the user being generated at the remote control based on biometric information associated with the user received at the remote control; identify, based on the identification data, at least one application associated with the user; retrieve, based on the identification data, personalized application information associated with the user and applicable to the at least one application; and apply the personalized application information to the at least one application.

Abstract: Aspects of the subject disclosure may include, for example, a method in which a processing system obtains physical and social environmental data for a communication device user, and provides content for presentation at the device. First reaction data, obtained via sensors associated with the user, indicate the user's reaction to presentation of the content; the data is analyzed to determine user affinity for the content in a context of the physical and social environments. The content is modified during the presentation; second reaction data is obtained and analyzed to determine a second user affinity for the modified content. If the affinity is enhanced, the modified content is sent to other users' equipment via a social network. Affinity responses regarding the modified content are analyzed, and a set of users is identified as an affinity group; additional content is transmitted to equipment of the affinity group. Other embodiments are disclosed.

Abstract: Techniques are provided for authenticating a user using an endpoint device of the user with a local policy and endpoint data. One method comprises obtaining, at an endpoint device of a given user, behavioral anomalies from a remote engine that generates the behavioral anomalies based on behavior of multiple users; in response to an access request by the given user, performing the following steps at the endpoint device: obtaining authentication data related to the given user and/or the endpoint device; generating features based on the authentication data; applying the features to a behavior model incorporating the behavioral anomalies to determine a behavior score for the access request; and evaluating the access request to make an authentication decision based on the behavior score. The behavior score indicates, for example, a confidence that the given user is an expected user and/or a same user who has previously been validated.

Abstract: A method of authenticating a user by means of a fingerprint authentication system comprising a finger sensing arrangement, comprising the following steps for each authentication attempt in a sequence of authentication attempts: receiving a touch by a candidate finger probe on the finger sensing arrangement; acquiring a candidate fingerprint image of the candidate finger probe; determining an authentication representation based on the candidate fingerprint image; retrieving a stored enrollment representation of an enrolled fingerprint of the user; determining a match score based on a comparison between the authentication representation and the enrolment representation; determining a liveness score for the authentication attempt; determining a qualification metric for the authentication attempt based on a relation between the liveness score for the authentication attempt and a liveness score for at least one previous authentication attempt; and determining an authentication result for the authentication attempt

Abstract: An object recognition enabled, for example facial recognition enabled, video surveillance system for capturing video of a scene and allowing recognition of objects within that scene. The system comprises at least one camera apparatus connected via a communication channel to a central server with the camera apparatus arranged for capturing visual representation data of a scene. The visual representation data comprises video of the scene and the camera apparatus comprises a camera for capturing said video and a video encoder for sending corresponding video data via the communication channel to the central server. The camera apparatus is further arranged for generating object recognition data based on said visual representation data, and the video encoder is arranged to send said object recognition data along with the video data via the communication channel.

Abstract: A system comprises an eyewear device that includes a frame, a temple connected to a lateral side of the frame, an infrared emitter, and an infrared camera. The infrared emitter and the infrared camera are connected to the frame or the temple to emit a pattern of infrared light. The system includes a processor coupled to the eyewear device, a memory accessible to the processor, and programming in the memory. Execution of the programming by the processor configures the system to perform functions, including functions to emit, via the infrared emitter, a pattern of infrared light on an eye of a user of the eyewear device; capture, via the camera, reflection variations in the pattern of infrared light on the eye of the user; and identify a user of the eyewear device based on the reflection variations of the emitted pattern of infrared light on the eye of the user.

Abstract: An example method includes receiving an encrypted biometric enrollment data and user identifier data. The encrypted biometric enrollment data includes at least one biometric enrollment sample from a user encrypted using an encryption key. The encryption key is generated based on a user secret and the user identifier is associated with the user. The user identifier is matched with a stored user secret. A decryption key is generated based on the stored user secret. The encrypted biometric enrollment data is decrypted using the decryption key. The at least one biometric enrollment sample is retrieved from the decrypted biometric enrollment data. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a biometric reference template. A biometric reference template identifier uniquely identifying the biometric reference template is generated. An encryption key is generated based on the stored user secret and encrypts an enrollment confirmation message.

Abstract: Various systems and methods for providing a smart entry system are described herein. A smart entry system includes a detector to detect a person near a portal to a room; a transceiver to attempt to establish a wireless connection between the smart entry system and a user device associated with the person; and a user interface to present a notification to the person based on a state of the wireless connection.

Abstract: Method of authentication including sending a login web page to a first device of a user including a scannable code having an envelope ID and a login challenge. The envelope ID generated by an identity manager is associated with a first envelope of data including a session ID. A confirmation login request is received from a second device associated with the user, and includes a second envelope of data comprising the session ID, a user ID, and a seal of the user ID registering the user ID with the identity manager. The confirmation login request to the login challenge is verified using the session ID, and the user is verified using the user ID and seal. User login is authorized upon successful verification of the login challenge and user, and a communication session having the session ID is established between the web server and the first device.

Abstract: Systems and methods are described, and an example system includes logic that implements a user interface and that accepts an indicator of data, and upon identifying the data is restricted access, receives via the interface attributes of tasks, and of the user, and determines a task-user attribute matrix based on the user input. The logic sends a data-coefficient request to access modules, receives a reply message that includes sensitivity metadata coefficient, a privacy metadata coefficient, a combinability metadata coefficient, and a security metadata coefficient. The logic constructs, using a content of the reply message, a metadata coefficient matrix. The logic applies a dynamic access evaluation that is based on the task-user attribute matrix and the metadata coefficient matrix and, upon a positive evaluation, accesses the restricted-access data and provides the accessed data to a data cache. Optionally, the data cache feeds a system of system operational analytics.

Abstract: A device may provide a user interface with which to provide an action plan. The device may detect one or more interactions with the user interface associated with identifying one or more portions of the action plan. The action plan may include information regarding a treatment plan for a patient. The device may parse the action plan to identify a set of prompts and/or a set of actions that are to be performed based on a set of triggers. The set of prompts may be related to a clinically validated questionnaire for a particular condition. The device may detect a particular trigger, of the set of triggers, after parsing the action plan. The device may provide, for display via the user interface, a particular prompt, of the set of prompts, or transmit data to perform a particular action, of the set of actions, based on detecting the particular trigger.

Abstract: One embodiment provides an identification method and system. The system obtains attribute features of a user, determines a first set of identification products and identification success rates thereof based on the attribute features of the user and a first machine-learning model for determining identification security, and generates a first set of identification product combinations, a respective identification product combination comprising two different identification products.

Abstract: Provided are arrangements requiring additional multi-factor authentication (MFA) in certain instances of dynamic virtual transaction token (e.g., virtual credit card token) generation via a browser extension. In the arrangements, the browser extension, when executed, may cause a browser to require a user to complete an initial multi-factor authentication (MFA). Once the browser extension has a record indicating a prior valid initial MFA for the user, the user allowed to request a transaction token. The browser extension may allow issuance of the transaction token upon an indication that the value needed does not exceed the predetermined value.

Abstract: The present disclosure relates to a method and system for secure password storage. In particular, the present disclosure relates to a computer implemented method making use of a hardware element in the form of a physical unclonable function (PUF) and forming a fuzzy version of the password, thus making remote password storage less risky for an end user. The disclosure also relates to a corresponding password storage system and to a computer program product.

Abstract: Various exemplary embodiments relate to an anonymous database system. The system includes a plurality of biometric nodes in communication with one another. Each of the plurality of biometric nodes includes a biometric input that receives biometric data from a user. The system also includes at least one central database in communication with the plurality of biometric nodes; and a plurality of institution databases in communication with the plurality of biometric nodes. A first node of the plurality of biometric nodes is configured to receive a message from a second node of the plurality of biometric nodes, the message requesting authorization of data access by the second node. Various embodiments relate to a method for performing an action requiring multiple levels of authentication using an anonymous database system.

Abstract: The master interface generates copy data by copying the first data, and generates an error detection code based on the copy data. The protocol conversion unit generates the second data by converting the first data from the first protocol to the second protocol. The slave interface detects errors in the copy data based on the error detection code. The slave interface also generates the first verification data by performing a conversion from one of the first protocol or the second protocol to the other for one of the second data or copy data. In addition, the slave interface compares the second verification data with the first verification data, using the other of the second data or copy as the second verification data.

Abstract: In an aspect of the invention, a network node configured to enable authentication of a user of a client device based on biometric data captured by the client device is provided, which network node receives a request to authenticate a user of a client device, the authentication request comprising a user identifier, fetch at least one set of enrolled transformed biometric data corresponding to the user identifier and a secret feature transform key with which the biometric data was transformed at enrolment of the transformed biometric data at the network node, and submit the transformed biometric data and the secret feature transform key over a secure communication channel to the client device.

Abstract: An information processing apparatus includes: an information management unit that registers boarding information on a user regarding boarding acquired by a check-in procedure of the user and biometrics information on the user acquired in the check-in procedure in association with each other; and a display management unit that causes a display terminal to display display information in accordance with remaining time to boarding time based on the boarding information on the user identified by a comparison between target biometrics information, which is biometrics information acquired by the display terminal for the user, and registered biometrics information, which is the biometrics information registered by the information management unit.

Abstract: A blockchain database employs cryptography and other methods to implement and protect a distributed, publicly-amendable ledger. Transactions in a blockchain ledger are intentionally anonymous; however, there are cases where it would be useful to be able to verify or disprove a claim of identity of a contributor of a blockchain transaction. Biometrics can be used to link a human being to digital information using their unique physical traits in a way that is analogous to a handwritten or digital signature. An exemplary embodiment disclosed herein describes methods to create and store data in a blockchain transaction such that it can be used in the future to biometrically verify the identity of the contributor of the transaction, and use encoded biometric data to determine whether the blockchain transaction was created or not created by a particular individual.

Abstract: A system for extraction and verification of handwritten signatures from arbitrary documents. The system comprises one or more computing devices configured to: receive a digital image of a document; remove a subset of words from the digital image identified via OCR; determine a plurality of regions of connected markings that remain in the digital image; based at least in part on a pixel density or proximity to an anchor substring of each region, determine that a region contains a handwritten signature; extract first image data of the region containing a handwritten signature from the digital image; retrieve second image data of a confirmed example signature for a purported signer of the handwritten signature; and based on a comparison of the first image data with the second image data, forward a determination of whether the first image data and second image data are similar.

Abstract: Embodiments of the invention are related to a computer-implemented authentication method and system for authenticating a customer using an electronic device for engaging in a transaction involving a financial institution over a network. Embodiments of the method include capturing an image of the customer engaging in the transaction using an image capturing device integrated with the electronic device and retrieving a stored image of the customer from an authentication database. Embodiments of the invention additionally include comparing, using a comparison algorithm executed by computer processing components, the stored image with the captured image to authenticate the customer and upon authentication, monitoring the captured image during the transaction for an interruption using the computer processing components. The method further includes terminating the transaction if an interruption is detected.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for securely performing cryptographic operations. One of the methods includes receiving biometric information associated with a user and a request to perform one or more cryptographic operations based on one or more cryptographic keys stored in a memory of an identity cryptographic chip (ICC); comparing the biometric information associated with the user with biometric information pre-stored in the memory of the ICC as pre-stored biometric information; and in response to determining that the biometric information matches the pre-stored biometric information, authorizing the one or more cryptographic operations to be performed.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for liveness detection are disclosed. In one aspect, a method includes the actions of capturing video data that includes multiple video frames that each include a representation of a face of a user while activating multiple light sources according to a predetermined lighting pattern. The actions further include, for each of the multiple video frames that each include the representation of the face of the user, analyzing the representation of the face of the user in the respective video frame and the respective predetermined lighting pattern active during capture of the respective video frame. The actions further include, based on analyzing the representation of the face of the user in the respective video frame and the respective predetermined lighting pattern, determining whether the face of the user is that of a live person or a static image.

Abstract: Methods, systems, and media for authenticating users using biometric signatures are provided. In some embodiments, the method comprises: receiving, from a user device, an indication that the user device is to be connected to a communication network; in response to receiving the indication, causing a user interface to be presented on the user device that receives a username corresponding to a user of the user device; receiving, from the user device, a biometric sample corresponding to the user of the user device; determining whether the biometric sample matches a stored biometric sample associated with the username; and in response to determining that the biometric sample matches the stored biometric sample associated with the user name, causing the user device to be connected to the communication network.

Abstract: An apparatus and a method for bicycle anti-theft and personalized adjustment are provided. When a biometric feature of a user matches a preset biological feature, a brake lever is fixed at a preset position to lock the bicycle, and a variable structure is driven to make personalized adjustments according to bicycle adjustment parameters corresponding to the biometric feature of the user.

Abstract: An embodiment of the present invention is directed to systems and methods for securing contactless cards from unauthorized payments, including card cloning attacks. An embodiment of the present invention provides a password at the time of usage of the card to decrypt the data contained in the card at the time when the user is initiating a transaction. In this exemplary illustration, card data may be encrypted at rest, and decrypted at the time of use. Other variations may include a switchable antenna that is disabled at rest and enabled during a transaction.

Abstract: A system and means of implementing and providing a virtual perimeter enabled with interactive countermeasures to mitigate accessibility of an area or object and includes at least one sensor that establishes an electronic virtual border from at least one point to define a space, digital detection electronics for detecting the presence of an individual, animal or object encroaching the virtual border and at least one countermeasure that impedes or thwarts the movement or actions of the detected individual, animal or object.

Abstract: A hybrid device includes a personal digital key (PDK) and a receiver-decoder circuit (RDC). The PDK and RDC of the hybrid device are coupled for communication with each other. In one embodiment, the hybrid device also provides a physical interconnect for connecting to other devices to send and receive control signals and data, and receive power. The hybrid device operates in one of several modes including, PDK only, RDC only, or PDK and RDC. This allows a variety of system configurations for mixed operation including: PDK/RDC, RDC/RDC or PDK/PDK. The present invention also includes a number of system configurations for use of the hybrid device including: use of the hybrid device in a cell phone; simultaneous use of the PDK and the RDC functionality of hybrid device; use of multiple links of hybrid device to generate an authorization signal, use of multiple PDK links to the hybrid device to generate an authorization signal; and use of the hybrid device for authorization inheritance.

Abstract: A decentralized biometric identity authentication method utilizes biometrics captured on a mobile device to perform identity authentication against data that was registered as part of an identity proofing process and is thus trusted. The user registers his or her biometric using the user's mobile device and associates it with the user's electronic identity as part of a supervised identity proofing process, thus forming a proofed identity, and registers the proofed identity with a federated identity system. To later access the resources of the federated identity system, the user logs in with his or her biometrics. The methods described herein are useful, for example, in the travel, healthcare, and financial services fields.

Abstract: A system and method for recognizing a person, including: capturing an identifying feature of the person; identifying the person based on the identifying feature to return a person identity; using the person's identity, retrieving information about the person from a person information database; and displaying the retrieved information in an overlay with a facial image of the person to a user. menu items can also be displayed. The identifying feature may be a biometric or a non-biometric feature.

Abstract: Disclosed is sampling HF-QRS signals from a number of subjects (or derived values or features), and using e.g. deep learning-convolutional neural networks to find features or values which are (i) sufficiently similar for the same subject over all samples, yet (ii) sufficiently different among different subjects to allow identification. Also disclosed is finding signatures which are sufficiently stable over a particular period such that these signatures are within a deviation threshold, and then monitoring all subjects to be identified at least as often as the period used to establish the deviation threshold.

Abstract: In some implementations, a system may generate information that identifies a passphrase to be used as a biometric input. The system may receive a voice input of a user speaking the passphrase. The system may generate one or more cryptographic keys based on the voice input. The system may generate a digital identifier based on the one or more cryptographic keys. The system may generate one or more biometric templates for the user. The system may encrypt the one or more biometric templates using the one or more cryptographic keys and to generate one or more encrypted biometric templates. The system may store in a secure storage associated with the user, at least one of the digital identifier, a public key of the one or more cryptographic keys, a phone number associated with the user, or the one or more encrypted biometric templates. Numerous other aspects are provided.

Abstract: A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination.

Abstract: A computer-implemented method is provided. The method may include determining a behavioral pattern of a user based on historical data access events and historical data access conditions corresponding to the historical data access events, wherein the data access events are associated with a computer enterprise system. A data access request from the user with respect to a secure resource may be received from a computing node connected to the computer enterprise system. A behavioral state of the user may be determined with respect to the data access request and data access conditions corresponding to the data access request. A discrepancy between the behavioral pattern and the behavioral state of the user may be detected. A security risk level may be determined based on the discrepancy. In response to determining that the security risk level exceeds a predetermined threshold, a security action may be performed with respect to the secure resource.

Abstract: A password and/or email address management platform configured to regenerate a previously generated password for a given web domain or digital system without permanently storing the previously generated password. The platform can operate without maintaining a permanent store or list of other user-related information, e.g. a list of web domains or systems for which passwords have been generated. In an embodiment, the platform performs the steps of concatenating a plurality of password input data elements into a requested phantom password input data string, applying a hashing algorithm to the requested phantom password input data string to generate a phantom password hash, applying a hash-to-string function to convert the phantom password hash to a phantom password, and purging the password generation system of the phantom password after it is notified to a user.

Abstract: Biometric authentication techniques are provided using selected manipulations of biometric samples. An exemplary method comprises obtaining enrollment information from a user, wherein the enrollment information comprises first manipulations to a first biometric sample of the user; initiating a challenge to the user in connection with an authentication request by the user to access a protected resource; processing second manipulations by the user of a second biometric sample of the user submitted in response to the challenge, and wherein the processing comprises determining a likelihood that the second manipulations of the second biometric sample of the user submitted in response to the challenge matches the first manipulations to the first biometric sample of the user submitted by the user with the enrollment information; and resolving the authentication request based on the likelihood.

Abstract: Entrance and exit of a person is efficiently managed by simple authentication and registration of entrance and exit using a communication terminal carried by the person.

Abstract: Disclosed in some examples are methods, systems, devices, and machine-readable mediums for securing biometric data using an encryption technique that does not require key storage or distribution. In some examples, a first biometric template of a user is input into a function that selects or determines parameters (such as an encryption key) of an encryption function that is then used to encrypt a second biometric template of the user.

Abstract: Techniques for generating dynamic challenge questions for use in an authentication process are provided herein. An example computer-implemented method can include outputting a first prompt to a user via a user device interface, wherein the first prompt comprises a first set of information-gathering questions; generating dynamic challenge questions for use in an authentication process, wherein the dynamic challenge questions are generated based on user responses to the first set of information-gathering questions; generating a second prompt in connection with an authentication request, wherein the second prompt is based at least in part on at least one of the dynamic challenge questions; processing a user response to the at least one dynamic challenge question, wherein said processing comprises determining a likelihood that the user response matches an automatically estimated response; and resolving the authentication request based on the processing.

Abstract: A writing and/or drawing system including one or more user controllers, one or more sensors, one or more display devices, a remote system, and/or one or more setup computers each executing a setup application. The writing and/or drawing system may recognize when users come in range or go out of range and may receive one or more inputs from in range users. The writing and/or drawing system may automatically provide a user with access to information in the user's account when the user comes in range and may automatically save writing and/or drawing content to the user's account when the user goes out of range.

Abstract: A device for removing security on content using biometric information includes a memory configured to store content on which security has been set based on first biometric information of a user; and a controller configured to obtain second biometric information of the user, which is of a different type than the first biometric information, and remove the security on the content based on the second biometric information, in response to a user input for executing the content.

Abstract: A method comprises receiving a request to display a check image on a user device associated with a user. The check image is representative of a physical check. The at least one check image is displayed on the user device such that a set of fields included in the check image are masked. An unmask request is received. It is determined if the user has passed interdiction. In response to determining that the user has not passed interdiction, the user device receives an interdiction factor. In response to the interdiction factor matching a stored interdiction factor, the user passes interdiction and at least the portion of the set of fields included in the check image are unmasked.