Abstract: Systems and methods are provided for authorizing a user to access an access-controlled environment. The system includes a system server platform that communicates with fixed PC's, servers and mobile devices (e.g., smartphones) operated by users. The systems and methods described herein enable a series of operations whereby a user attempting to access an access-controlled environment is prompted to biometrically authenticate using the user's preregistered mobile device. Biometric authentication can include capturing images of the user's biometric features, encoding the features as a biometric identifier, comparing the biometric identifier to a previously generated biometric identifier and determining liveness. In addition, the authentication system can further authorize the user and electronically grant access to the access-controlled environment.

Abstract: Data is received as part of an authentication procedure to identify a user. Such data characterizes a user-generated biometric sequence that is generated by the user interacting with at least one input device according to a desired biometric sequence. Thereafter, using the received data and at least one machine learning model trained using empirically derived historical data generated by a plurality of user-generated biometric sequences (e.g., historical user-generated biometric sequences according to the desired biometric sequence, etc.), the user is authenticated if an output of the at least one machine learning model is above a threshold. Data can be provided that characterizes the authenticating. Related apparatus, systems, techniques and articles are also described.

Abstract: The invention is a method for deploying a trusted identity for a user issued by an issuer. The user has a user device configured to send a request for signature to an issuer device handled by the issuer. The request comprises a user public key allocated to the user. The issuer device is configured to compute an issuer signature by signing both the user's trusted identity and the user public key using an issuer private key allocated to the issuer. A block chain transaction containing the issuer signature is created and submitted to a Block Chain for transaction verification and storage.

Abstract: A method for estimating the weight of a subject while moving includes attaching one or more force sensors to the subject such that the force sensors measure a force exerted between each foot of the subject and a surface on which the subject is positioned, monitoring the one or more force sensors while the subject is moving to obtain a moving force measurement, processing the moving force measurement to determine a peak level of the moving force, a valley level of the moving force measurement, and a force range of the moving force measurement, determining an acceleration of center of mass of the subject from the force range, and estimating the weight of the subject while moving from the valley level and the acceleration of center of mass.

Abstract: A system and method for authentication are provided. The system for authentication according to one embodiment of the present disclosure includes: a service server configured to: receive a first authentication request message from an authentication server and convert a random number included in the first authentication request message into an optical code; a first user terminal configured to receive the optical code from the service server and display the optical code; and a second user terminal configured to: recognize the random number by capturing an image of the displayed optical code in response to receiving a second authentication request message from the service server and authenticate a user by using the random number, the second authentication request message, and biometric information of the user.

Abstract: A method and system for connecting an Internet of Things (IoT) hub to a wireless network. One embodiment of the method includes establishing a secure communication channel between an IoT hub and an IoT service through a client device using a first secret; generating a second secret on the client device and transmitting it to the IoT hub; encrypting a wireless key using the second secret to generate a first-encrypted key and transmitting it to the IoT service; encrypting the first-encrypted key using the first secret to generate a twice-encrypted key and transmitting it to the IoT hub over the secure communication channel; decrypting the twice-encrypted key at the IoT hub using the first secret to generate the first-encrypted key and decrypting it using the second secret to generate the wireless key usable to establish a secure wireless connection between the IoT hub and the local wireless network.

Abstract: Maintaining a plurality of different sets of data groups for virtualized credentials of a holder includes storing a first subset of the data groups according to a standard for storing data groups, where the standard verifies each data group in the first subset of data groups, storing a second subset of the data groups as a plurality of auxiliary data elements that are separate from the first subset, where auxiliary data elements are not directly accessible using the standard, providing at least one custom data group in the first subset that verifies each of the auxiliary data elements, and verifying at least one of the auxiliary data elements using the custom data group and verifying the custom data group using the standard. The standard may be ISO 18013. The digital signature may be provided by a party that is trusted by a relying party that receives data from the holder.

Abstract: A system includes a client device and a server computer coupled to a network and in communication, via the network, with the client device. The server computer is configured to receive, from the client device, a queue request. The queue request includes a candidate identifier.

Abstract: A system includes a client device including a processor configured to implement a candidate evaluation software application and a server computer in communication, via a network, with the client device. The server computer is configured to receive, from the client device, a queue request. The queue request includes a candidate identifier. The server computer includes determine, using the candidate identifier, a candidate target attribute, identify a first candidate queue from a plurality of candidate queues using the candidate target attribute, and encode into the first candidate queue a reference to the candidate identifier. The server computer is configured to identify, in a first administrative queue, an administrator identifier, the first administrative queue being associated with the candidate target attribute, and establish at least one of a video and an audio data connection between the client device and an administrator device associated with the administrator identifier.

Abstract: A method, apparatus and a computer-readable medium for securing an automobile ignition key, including scanning an authorized user's fingerprint, as well as inputting a security code chosen by the authorized user. Verifying users whether they are authorized to access the automobile ignition key, allowing a user when verified, and denying access when the verification steps fails.

Abstract: A method for verifying the identity of a user is provided that includes generating, by a computing device, a parameter for each processed frame in a video of biometric data captured from a user. The parameter results from movement of the computing device during capture of the biometric data. Moreover, the method includes generating a signal for the parameter and calculating a confidence score based on the generated signal and a classification model specific to the user. The classification model is generated from other signals generated for the parameter. Furthermore, the method includes verifying the identity of the user as true when the confidence score is at least equal to a threshold score.

Abstract: A technology for a swappable wearable device that is operable to monitor one or more physiological parameters of a user. Physiological measurement data from a physiological measurement sensor attached to the swappable wearable device or a physiological measurement sensor in communication with the swappable wearable device can be received at the swappable wearable device. The physiological measurement data can be stored on a non-transitory computer readable medium coupled to swappable wearable device. The stored physiological measurement data can be communicated to another swappable wearable device or a synchronization platform when a selected event occurs.

Abstract: Described is a secure system for generic pattern matching. In operation, the system determines if a pattern p, as presented by a second party, is within a textual pattern T, as maintained by a first party. In making such a determination, the system uses a series of binary value matrices and corresponding pairs of encrypted permuted matrices. Challenge bits are then used to generate permutations and later verify correctness of the various encrypted permuted matrices. If it is determined that pattern p is within text T, the, for example, an access protocol is initiated.

Abstract: Methods and systems for permitting sensitive cardholder data to be securely stored in a regular storage element of a smart transaction card. In an embodiment, a transaction card processor of the smart transaction card installs a security application compatible with the operating system of the smart transaction card and that includes a white box cardlet. The transaction card processor uses a code protection process of the white box cardlet to obfuscate biometric reference template data stored in the regular memory of a biometric sensor, next stores the obfuscated biometric reference template data in the regular memory, and then re-obfuscates the biometric reference template data at a predetermined time interval.

Abstract: Disclosed herein is a system and method that can retrieve, via a file monitor, a file and policy data from a case management system or a content management system, wherein the file and the policy data are retrieved in response to detecting a user request for the file. A processor can also modify, via the file monitor, access to the file based on the policy data, and intercept a plurality of document management instructions executed with the file. The processor can also detect at least one of the document management instructions is a malicious action, wherein the malicious action is detected based on the policy data, wherein the policy data is updated in response to detecting each of the document management instructions. Additionally, the processor can execute a policy instruction to prevent execution of the at least one document management instruction.

Abstract: Techniques for authenticating a biometric input are disclosed. An example of a biometric authentication system is configured to receive a biometric input, perform a first authentication process on the biometric input with an application processor, such that the first authentication process generates one or more authentication parameters, provide the one or more authentication parameters to a secure processor, perform a second authentication process on the biometric input on the secure processor, such that the second authentication process utilizes the one or more authentication parameters, and output an authentication score based on the second authentication process.

Abstract: An MFP stores a plurality of different pieces of biometric information of a user and a plurality of secret keys respectively corresponding to the pieces of biometric information in the TPM and registers public keys corresponding to the private keys in a server. When an authentication request is received from the server, the MFP executes a biometric authentication process using the biometric information input from the user and the biometric information registered in the TPM. If authentication is successful in the biometric authentication process, the MFP creates signature data and transmits it to the server. If verification of the signature data using the public key in the server is successful, the MFP performs display related to a shortcut process associates with the biometric information corresponding to the secret key used when the signature data that is a target of the verification is created by an input and output device.

Abstract: The invention provides a computer implemented method of displaying content on a screen of an electronic processing device. The method comprises a first step of receiving content to be displayed on said screen at a data processing application on said electronic processing device. The data processing application is a dedicated application for processing said received content data and is configured to perform various steps including processing the received content data into a format suitable for display on said screen. The data processing application is also configured to monitor at least one sensor of the electronic processing device such as the device's camera to receive at least one biometric data input during display of the content on the screen and to cause either a halting of the display of the content or a blurring of the screen in response to a determination of a predetermined change in said biometric data.

Abstract: The user (10) uses an information terminal (200) having a user authentication application program according to the present invention installed thereon and also uses a user authentication system according to the present invention via the user authentication application program, so that it is authenticated that the user who has registered, in advance, his/her biological information (700) in at least one of the information terminal (200) and an authentication server (300) is/was present at the authentication location during the authentication reception time.

Abstract: Disclosed herein are example techniques to provide contextual information corresponding to a voice command. An example implementation may involve receiving voice data indicating a voice command, receiving contextual information indicating a characteristic of the voice command, and determining a device operation corresponding to the voice command. Determining the device operation corresponding to the voice command may include identifying, among multiple zones of a media playback system, a zone that corresponds to the characteristic of the voice command, and determining that the voice command corresponds to one or more particular devices that are associated with the identified zone. The example implementation may further involve causing the one or more particular devices to perform the device operation.

Abstract: A decision making support device including: an opinion acquiring module that acquires an expressed opinion from each of a plurality of participants with respect to each of the plurality of selective elements; and a target person determining module that determines, with respect to a given selective element, from which participant an opinion on the selective element is to be elicited when there are a plurality of unexpressed participants who have not yet expressed opinions on the selective element, wherein the target person determining module respectively calculates, when assuming that each of the unexpressed participants has expressed any of expected opinions, assumed group satisfaction that is determined based on contents of decision making and contents of expression of opinions of the plurality of participants, and determines from which participant an opinion on the selective element is to be elicited in consideration of the assumed group satisfaction.

Abstract: The illustrative embodiments described herein provide systems and methods for authenticating a customer in an online transaction. In one embodiment, a method includes initiating, in conjunction with an online transaction, an authentication query via a communication device associated with a customer in the online transaction, receiving customer authentication data from the communication device, sending the customer authentication data to a third-party authentication server to authenticate the customer using the customer authentication data, receiving a determination from the third-party authentication server whether the customer is authenticated, and allowing the online transaction to proceed in response to receiving the determination that the customer is authenticated.

Abstract: Systems, methods, and computer-readable media are disclosed for decentralized authentication for autonomous vehicles. Example autonomous vehicles may include at least one memory storing computer-executable instructions, and one or more computer processors coupled to the at least one memory. The one or more computer processors may be configured to execute the computer-executable instructions to receive biometric data of a user, determine extracted feature data using the biometric data, send the extracted feature data to a first server, and receive an access token from a second server. The access token may indicate the extracted feature data matched stored data associated with a user account of the user.

Abstract: An information processing terminal capable of communicating with a sensor terminal including a first biological sensor which measures a first type of biological information includes: a reception unit receiving a measurement result of the first biological sensor from the sensor terminal; a second biological sensor measuring the first type of biological information; and a control unit authenticating the sensor terminal and establishing connection with the sensor terminal when the measurement result of the first biological sensor satisfies a predetermined condition on a measurement result of the second biological sensor.

Abstract: A method performed by a client device of enrolling biometric data of a user with a network node over a secure communication channel comprises capturing the biometric data, transforming the biometric data into a first set of transformed biometric data using a first feature transformation key, generating a second feature transformation key, and transforming the biometric data into a second set of transformed biometric data using the second feature transformation key. The method further comprises encrypting the first and second set of transformed biometric data with an encryption key, encrypting the second feature transformation key with another encryption key shared with the network node at which the first and second sets of transformed biometric data are to be enrolled, and submitting, to the network node, an enrolment request comprising the encrypted first and second sets of transformed biometric data, the encrypted second feature transformation key, and user profile data.

Abstract: Various embodiments relate to a dynamic biometric enrollment system. The dynamic biometric enrollment includes a processor and instructions stored in non-transitory machine-readable media. The instructions are configured to cause the server system to receive at least one biometric authentication sample from the user. The at least one tokenized biometric enrollment sample has been generated by tokenizing at least one biometric enrollment sample captured from a user associated with a unique user identifier. At least one biometric authentication sample captured from the user is retrieved. The at least one tokenized biometric enrollment sample is detokenized to retrieve the at least one biometric enrollment sample. The at least one biometric enrollment sample is processed using a biometric processing algorithm to generate a dynamic biometric reference template. It is determined whether the at least one biometric authentication sample matches with the dynamic biometric reference template.

Abstract: A control system for a vehicle includes a portable authentication terminal configured to authenticate a user who carries the portable authentication terminal, and a vehicle configured to communicate with the portable authentication terminal. The vehicle includes a sound generation unit configured to generate a predetermined sound within a vehicle cabin, an information reception unit configured to receive information transmitted from the portable authentication terminal, and a determination unit configured to determine whether the portable authentication terminal is within the cabin based on the received information. The portable authentication terminal includes a sound collection unit configured to collect a sound, and an information transmission unit configured to transmit information based on the collected sound to the vehicle.

Abstract: A community-based transportation services system. The system includes a community-based transportation network that is comprised of a primary communication device, a cloud server and a parking inventory database. The system also includes at least one communication device communicatively coupled to said network for establishing a parking-spot communication link for allowing a first user to determine the location of available parking-spots for rent. The at least one communication device is also configured to establish a parking-registration link to allow a second user to register and offer at least one parking spot for rent. The system further includes a biosensor collector system communicatively coupled to said network and/or directly to the at least one communication device for establishing a sobriety-monitoring communication link. The data generated by the biosensor collector system allows a first user and a transportation provider to view and monitor the sobriety results of a transportation driver.

Abstract: A construction and analysis system of touch screen user keypress behavior pattern, and an identity recognition method thereof.

Abstract: Embodiments are directed to provisioning private virtual machines in a public cloud and to managing private virtual machines hosted on a public cloud. In one scenario, a computer system receives authentication information for a private domain from an entity. The entity indicates that their private virtual machines are to be provisioned on a public cloud, where the entity's private domain is accessible using the authentication information. The computer system establishes a virtual network on the public cloud which is configured to host the entity's private virtual machines, where each virtual machine hosts remote applications. The computer system establishes an authenticated connection from the virtual network to the entity's private domain using the received authentication information and provides the entity's private virtual machines on the public cloud.

Abstract: A portable electronic system that includes a biometric imaging device, such as for a fingerprint verification against a trusted pattern template. Security is a factor of a matching process and a quality of the trusted pattern template. By employing a set of user-predictably-influenceable sensor parameters in cooperation with the biometric sensor, it is possible to simply and efficiently enhance security as compared to use of the biometric sensor alone.

Abstract: Embodiments of the invention provide methods and apparatus for monitoring the routing configuration within an electronic device such that a biometric authentication process can be carried out without interference from other components of the device, such as may occur when the device has become infected with malware for example. The invention may provide a codec or speaker recognition processor, coupled to receive biometric input data, comprising a security module that determines whether a routing configuration complies with one or more rules. The security module may be implemented to prevent genuine biometric data from being output from the speaker recognition processor, and/or to prevent spoof biometric data from being inserted into the authentication module.

Abstract: Improved systems and techniques are disclosed for controlling the security states of anti-theft security systems such as product display assemblies using security fobs. The tasks relating to fob authentication are offloaded to a computer system, and these authentications can be based on identifiers for the different security fobs. The computer system can maintain a list of identifiers for authorized security fobs that is easily updated when new security fobs are added to or existing security fobs are de-authorized from the system.

Abstract: An information processing terminal capable of communicating with a sensor terminal including a first biological sensor which measures a first type of biological information includes: a reception unit receiving a measurement result of the first biological sensor from the sensor terminal; a second biological sensor measuring the first type of biological information; and a control unit authenticating the sensor terminal and establishing connection with the sensor terminal when the measurement result of the first biological sensor satisfies a predetermined condition on a measurement result of the second biological sensor.

Abstract: The present disclosure generally relates to user interfaces. In some examples, the electronic device provides for transitioning between simulated lighting effects. In some examples, the electronic device applies a simulated lighting effect to an image. In some examples, the electronic device provides user interfaces for applying a filter to an image. In some examples, the electronic device provides for a reduced filter interface. In some examples, the electronic device provides a visual aid displayed in a viewfinder.

Abstract: A system for using biometric key generation for data access control and path selection includes an access control regulator operating on a data security management device. The access control regulator receives an access request from a requestor, which may include a biometric signature captured by a biometric reader, locates an encrypted data record in a requestor-linked data store, determines that the requestor is authorized to access the encrypted data record by evaluating biometric keys generated from the requestor, and decrypts the requestor-linked data record. A validator operating on the data security management device may validate data from the encrypted data record using third-party validator devices; validation may be authenticated using further keys, which may also be biometric.

Abstract: Mechanisms for booting a service processor are provided. With these mechanisms, the service processor executes a secure boot operation of secure boot firmware to boot an operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of a tamper-resistant secure trusted dedicated microprocessor of the service processor. The operating system kernel executing in the service processor enables an integrity management subsystem of the operating system kernel which records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: Proposed are a log analyzing system and a log analyzing method capable of more effectively defending a control system from unauthorized access. The log analyzing system which analyzes a communication log of a control device comprises a network device which receives a communication packet corresponding to the communication log from a network, and a monitoring device which monitors communication to the network device, wherein the monitoring device obtains a difference between a communication pattern of the communication packet and a stable pattern, which is a pattern of a communication in a state of no unauthorized access, restores the communication packet based on the difference, and notifies the restored communication packet.

Abstract: An encryption method includes: obtaining a user feature of a user; performing, using a hardware logic circuit, a logical operation on the obtained user feature to generate a hardware encryption function; and encrypting first application data with the generated hardware encryption function to obtain second application data.

Abstract: A method securely opens a door connected to a system and includes a central unit, a mobile terminal, a local control unit and a door opening device that are configured to transmit data. The method includes transmitting a first key to the mobile terminal by the central unit; transmitting the first key to the control unit by the mobile terminal via the door opening device; generating a second key by the control unit depending on the first key; transmitting the second key from the control unit to the mobile terminal via the door opening device; generating a third key by the mobile terminal depending on the second key; transmitting the third key to the central unit by the mobile terminal via the door opening device; and controlling opening of the door depending on the third key by the central unit by transmitting a request to the door opening device.

Abstract: A computational device receives an input/output (I/O) operation directed to a data set. In response to determining that there is a time lock on the data set, a determination is made as to whether a clock of the computational device is providing a correct time. In response to determining that the clock of the computational device is not providing the correct time, the I/O operation is restricted from accessing the data set. In response to determining that the clock of the computational device is providing the correct time, a determination is made from one or more time entries of the time lock whether to provide the I/O operation with access to the data set.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

Abstract: In a system with registration data, in a data registration phase, encrypted data is calculated by encrypting input data to be concealed by using a secret key and secret information, registration data is generated based on the encrypted data and verification key, and the registration data is stored as a registration template in a storage unit together with an identifier for uniquely identifying the registration data. In an encrypted text verification phase, a data verifying request is generated in which input data to be verified has been encrypted by using a random number and secret information, the registration template stored in the storage unit and the data verifying request are matched verified to produce a determined result, a verified result including a part or all of the registration template corresponding to the determined result is produced, and data is restored based on the verified result to produce a restored result.

Abstract: A personalized voice assistance system and method to provide a personalized emotion-based assistance to a first individual from a group of individuals are disclosed. The personalized voice assistance system detects an activity of the first individual in a first time period in a defined area. A requirement of an assistance for the first individual may be determined based on the detected activity in the defined area. The personalized voice assistance system may further compute, based on the detected activity, an emotional reaction of a second individual from the group of individuals. The emotional reaction of the second individual may be computed for the determined requirement of the assistance for the first individual. The personalized voice assistance system may further generate an output voice similar to the second individual based on at least the computed emotional reaction to assist the first individual.

Abstract: A system and method are disclosed for acquiring services on a multiplicity of devices. A system that incorporates teachings of the present disclosure may include, for example, a service management center (SMC) (100) that has a plurality of service centers (102-110) for supplying services to a corresponding plurality of devices (120-128), and a controller (112) for managing operations of the service centers. The controller is programmed to receive (202) from a select one of the devices an identification reference in response to a request for service by an end user, search (210) for one or more services associated with the identification reference, select (212) from the search results one or more services appropriate for the requesting device, and enable (220) the one or more services on the selected device.

Abstract: Systems and methods for image alignment are disclosed. A method includes: determining a first set of patches for a first image and a second set of patches for a second image, wherein each patch in the first and second sets of patches comprises a portion of the first and second image, respectively; determining a set of possible match pairings of a patch from the first set and a patch from the second set; for each match pairing in the set of possible match pairings, computing a transformation operation to align the patch from the first set of patches and the patch from the second set of patches in the match pairing; grouping the match pairings into clusters based on parameters of the transformation operations of the match pairings; and, performing the transformation operation corresponding to at least one cluster to align the first image to the second image.

Abstract: A vehicle may include a detector to detect and obtain biometric information, a first storage to store encrypted user biometric information, a second storage to store identification information of a user, and a first controller to decrypt the encrypted user biometric information when the detector detects the encrypted user biometric information based on the identification information received from the second storage. The first controller authenticates the user based on whether the detected biometric information is identical to the decrypted user biometric information.

Abstract: The present technology relates to building management control systems, such as a distributed database arrangement for systems that control functional aspects in buildings. A method and controller for controlling one or more building control or access devices in response to events, comprises an interface operable to communicate with a server storing a database containing logic for controlling the devices in response to events; a memory operable to store a local copy of a subset of the database, the subset of the database containing logic relevant to a group of the devices; wherein the controller is configured to receive updates to the local copy of the subset of the database; wherein the controller is operable to receive one or more signals indicative of the events relevant to said group of the devices; and wherein the controller is operable to control the group of devices in response to the signals.

Abstract: In a data registration phase, encrypted data is calculated by encrypting input data to be concealed by using a secret key, registration data is generated based on the encrypted data and a verification key, and the registration data is stored as a registration template in a storage unit together with an identifier for uniquely identifying the registration data. In an encrypted text verification phase, a data verifying request is generated in which input data to be verified has been encrypted by using a random number, the registration template stored in the storage unit and the data verifying request are verified to produce a determined result, a verified result including a part or all of the registration template corresponding to the determined result is produced, and data is restored based on the verified result to produce a restored result.

Abstract: Disclosed are a fingerprint information dynamic updating method and a fingerprint recognition apparatus. The method includes the steps of: collecting fingerprint information, and performing fingerprint recognition according to the collected fingerprint information and a pre-registered fingerprint template database; after the fingerprint recognition succeeds, determining whether the fingerprint template database is saturate; if the fingerprint template database is not saturate and the collected fingerprint information satisfies a first updating condition, adding the collected fingerprint information to the fingerprint template database; and if the fingerprint template database is saturate and the collected fingerprint information satisfies a second updating condition, selecting target fingerprint information from the fingerprint template database, and replacing the target fingerprint information with the collected fingerprint information.