Abstract: Online user account access control includes adjustable authentication challenge levels based on a level of match between observed attributes of a present login attempt and corresponding recorded attributes for the authentic user for the entered user identifier (UID). Login candidates whose attributes sufficiently closely match the recorded attributes for the entered UID are allowed to select an authentication graphic pattern registered for the UID from a set of alternatives, with the degree of complexity of such selection based authentication increasing according to the degree of difference between the observed attributes of the present login attempt and the corresponding recorded values for the UID, while by default, login candidates may be required to produce the registered authentication graphic pattern from blank slate.

Abstract: Methods and apparatus to identify haptic vibrations of touchscreens are disclosed. Example apparatus disclosed herein obtain a haptic control signal that is to cause vibrations of a touchscreen to simulate a texture corresponding to visual subject matter to be displayed on the touchscreen, the vibrations of the touchscreen to produce an acoustically detectable signal. Disclosed example apparatus also encode a watermark into the haptic control signal to generate a watermarked haptic control signal, the watermark including identification information to identify at least one of the subject matter or the texture, the watermark to modify the acoustically detectable signal.

Abstract: There is disclosed a method, computer program product and a system for regulating execution of a suspicious process, comprising determining a file system location of an executable file associated with the suspicious process, encrypting the file, and creating a wrapper for the file with the same file name and location as the file associated with the suspicious process.

Abstract: Embodiments of the present application generally relate to controlling ingress/egress through entryway devices. More particularly, but not exclusively, embodiments of the present invention relate to attaining confirmation of intent relating to access to a controlled opening. According to certain embodiments, the credential device and/or the user of the credential device is prompted to provide a response, or otherwise is to perform certain actions, that can demonstrate a confirmation of intent to gain access to the controlled opening. Such responses and/or actions can be evaluated to determine authority to gain access to the controlled opening. Further, such intent confirmation events may, depending on the embodiment, be performed before or after credential information is communicated from the credential device and/or before or after pairing of the access control device and the credential device.

Abstract: An apparatus, method and system are provided for sensing an individual's biometric information, and generating and transmitting an acoustic signal representative of the sensed biometric information. The acoustic signal may be transmitted as an audio signal or an ultrasonic signal to another apparatus in the system for authentication or verification of the individual's identity.

Abstract: The device outputs, to a display device, display information on a symbol which is to be moved and displayed; acquires a face image of a subject which has been captured by an image capturing device at a capturing timing while the display device displays the symbol; detects, from the face image, a line-of-sight position; determines that the subject of the face image is a living body when one or more prescribed conditions including a case in which the line-of-sight position matches a display position of the symbol at the image-capturing timing are all satisfied; and outputs an authentication result indicating success of the authentication when the subject is determined to be a living body and the biometric authentication is successful, and outputs an authentication result indicating failure of the authentication when the subject is determined not to be a living body or when the biometric authentication fails.

Abstract: A computing device installed in or mountable to a shopping cart, includes a camera configured to capture an image, and a processor configured to acquire commodity data of a registered commodity, when an object is placed in the shopping cart, perform object recognition on an image of the object captured by the camera, and determine whether the recognized object is a commodity corresponding to the acquired commodity data, and upon determining that the recognized object is not the commodity corresponding to the acquired commodity data, issue a request for displaying a message instructing registration of the recognized object as a registered commodity.

Abstract: Example apparatus disclosed herein include a memory and a processor to execute instructions to identify a first set of face rectangles and a second set of face rectangles in a frame pair of image data corresponding to a media environment, the first set of face rectangles corresponding to a first image sensor and the second set of face rectangles corresponding to a second image sensor, remove first face rectangles from the first set of face rectangles and the second set of face rectangles when the first face rectangles are determined to correspond to false positive face detections, group second face rectangles that remain in the first set of face rectangles and the second set of face rectangles after removal of the first face rectangles to form groups of face rectangles, and generate a count of people identified in the media environment based on a number of the groups.

Abstract: Various embodiments provide an electronic device and a method therefor, the electronic device comprising: a voice recognition unit; a memory; a display; and a processor functionally connected to the voice recognition unit, the memory or the display, wherein the processor is configured to: acquire password information for the content selected by a user, when the voice information of a user recognized by the voice recognition unit includes a hidden command; request the user to articulate the obtained password information; and encrypt the content based on the received voice information according to the request. In addition, other embodiments are possible.

Abstract: Inhibiting memory accesses to executable modules. A hypervisor executing on a computing host initiates a virtual machine comprising a guest operating system. The hypervisor receives a communication from the guest operating system requesting that a range of memory utilized by the guest operating system be identified as being execute-only access. The hypervisor marks at least one physical page of memory that includes the range of memory as being execute-only access.

Abstract: A method, computer program product, and a system where a secure interface control configures a hardware security module for exclusive use by a secure guest. The secure interface control (“SC”) obtains a configuration request (via a hypervisor) to configure the hardware security module (HSM), from a given guest of guests managed by the hypervisor. The SC determines if the HSM is already configured to a specific guest of the one or more guests, but based on determining that the HSM is not configured to the and is a secure guest the SC forecloses establishing a configuration of the HSM by limiting accesses by guests to the HSM exclusively to the given guest. The SC logs the given guest into the HSM by utilizing a secret of the given guest. The SC obtains, from the HSM, a session code and retains the session code.

Abstract: An abnormality detection device 10, which detects an abnormality of a data series to be detected that has regularity in a sequence of data forming the data series, is provided with: a determination unit 11 which refers to a data series of a normal model composed of a prescribed permutation as a data series that indicates a state in which a system to be detected is normal, and which, every time one piece of data is input, in light of a permutation indicated by a pair of the one piece of input data and another piece of data input immediately before the one piece of data is input, determines that the data series to be detected is locally abnormal when the permutation is not included in the normal model, and determines that the data series to be detected is locally normal when the permutation is included in the normal model.

Abstract: A method for referencing and updating objects in a shared resource environment. A reference counter counts is incremented for every use of an object subtype in a session and decremented for every release of an object subtype in a session. A session counter is incremented upon the first instance of fetching an object type into a session cache and decremented upon having no instances of the object type in use in the session. When both the reference counter and the session counter are zero, the object type may be removed from the cache. When the object type needs to be updated, it is cloned into a local cache, and changes are made on the local copy. The global cache is then locked to all other users, the original object type is detached, and the cloned object type is swapped into the global cache, after which the global cache in unlocked.

Abstract: In an example, replaceable print apparatus component authentication apparatus comprises a memory and circuitry. An electrical characteristic of the circuitry may be variable in response to a stimulus, and the memory may store data indicative of an expected variation in the electrical characteristic in response to the stimulus which is associated with a variation in capacitance.

Abstract: An illustrative embodiment disclosed herein is an apparatus including a processor with programmed instructions to receive, from a user device and via a network, encrypted credentials for logging on a user associated with the user device to a virtual machine. The processor is coupled to the virtual machine via a hypervisor. The processor has programmed instructions to decrypt the credentials, send, to an operating system of the virtual machine, the decrypted credentials, and cause the operating system to log the user on to the virtual machine.

Abstract: The purpose of the present invention is to provide a portable terminal and an application software start-up system whereby the application software that is started up is limited depending on the state of a user, thereby providing an improved ease of use. For this purpose, an application software start-up method for an information processing device comprises: performing identity authentication based on static biological information; determining the state of the user by comparing dynamic biological information acquired from the body of the user with previously measured dynamic biological information; and limiting the application software that is started up in accordance with the determined state of the user and on the basis of a permission level that is set in advance for each application software item.

Abstract: Methods, apparatuses, and systems are described for provisioning access rights in a computing system. A data structure may be created that corresponds to the access rights of a computing system. The data structure may be traversed to identify candidate bundles of access rights that correspond to patterns of access rights in the computing system. The candidate bundles of access rights may be evaluated to select one or more bundles to define as one or more roles in the computing system. The defined roles may then be provisioned to the users of the computing system as a replacement for the individual access rights. Various constraints may be applied to reduce the number of candidate bundles of access rights to evaluate.

Abstract: It is provided a method performed by a key device for supporting duress signalling. The method comprises the steps of: determining that a user is under duress; entering a wait state after the step of determining that a user is under duress; exiting the wait state and establishing a communication channel with a lock device, the communication channel being intended to be used for access control signalling; generating a duress signal; and transmitting, over the communication channel, the duress signal to the lock device.

Abstract: An authentication system includes an electronic pen and an electronic apparatus. The electronic pen includes: a pickup unit in a first end portion configured to pick up color or image information of a part when the first end portion is pressed against the part; and a transmitter configured to transmit the picked-up color or image information to the electronic apparatus. The electronic apparatus includes: a receiver configured to receive the color or image information transmitted from the electronic pen; an authentication reference information storage device configured to store color or image authentication reference information; an authentication success or failure determining circuit configured to determine a success or a failure of authentication by comparing the color or image information with the color or image authentication reference information; and a control circuit configured to remove security protection of an authentication target when it is determined that the authentication succeeds.

Abstract: Disclosed is a processor having multiple operating modes, comprising: a first mode resource storage circuitry configured to store first mode resources when the processor is operating in a first mode, wherein the first mode resource storage circuitry comprises a resource mapping circuitry configured to provide second mode resources to the processor operating in the first mode; a second mode resource storage circuitry configured to store the second mode resources when the processor is operating in a second mode; and an access control interface communicatively coupled to the resource mapping circuitry and the second mode resource storage circuitry, the access control interface configured to provide the resource mapping circuitry with an access to the second mode resource storage circuitry.

Abstract: The invention relates to a system and method for preventing a protected computing device from executing unauthorized processor commands. A data entry database of the system stores encoded data entered by a human user as data entry events. A command verification module of the system implements an authentication algorithm for determining whether a processor command to be executed by the computing device originates from a trusted source. The command verification module determines the trustworthiness of a processor command as a function of parameters of the processor command, which include an association of the command with one or more of the data entry events. Determination can also be made based on other processor command parameters, such as the type of processor command and/or contextual parameters of the processor command.

Abstract: Example implementations relate to system and method of controlling access to ports of a host computing system having a port management integrated-circuit chip (IC), a manageability controller, and a plurality of peripheral device hubs having ports. The IC is to receive a first data from the plurality of peripheral device hubs and communicate the first data to the manageability controller. The first data includes device identifiers of a first peripheral device and a port identifier of the port. Further, the IC is to receive a security action from the manageability controller and implement the security action on the port. The security action is determined based on comparison of the first data and the second data including access control rules, where the security action is linked to each access control rule, and where each access control rule has the port identifier mapped to predetermined device identifiers of a second peripheral device.

Abstract: Systems and methods for multi-dimensional attestation are provided. One method for multi-dimensional attestation includes upon occurrence of a triggering event, taking triggered measurements of a platform, the platform including a security co-processor and a volatile memory; extending a platform configuration register of the volatile memory to include the triggered measurements; taking snapshots of the platform configuration register over time; storing the snapshots in a snapshot memory; and upon request, sending the triggered measurements and the snapshots to a verifier for detection of potential attacks.

Abstract: An automated screening system includes an access control reader with one or more computer devices for screening a pre-registered individual seeking admittance into a controlled area. The system has a facial recognition database that stores a facial record for the individual. A camera system captures a facial image of the individual and the one or more computer devices determine whether it matches the facial record that is stored in the facial recognition database. A skin temperature sensor is used for obtaining a skin temperature reading for the individual. The one or more computer devices are configured to generate an electronic signal to admit the individual into the controlled area if the captured facial image matches the facial record that is stored in the facial recognition database and if the skin temperature reading for the individual is within an acceptable pre-established skin temperature range.

Abstract: A second encrypted communication apparatus (300) operates as a PANA authentication client. If any of a plurality of events associated with PANA authentication occurs, a timer management unit (14) activates a timer among a plurality of timers that corresponds to the event that has occurred. When the timer activated by the timer management unit (14) expires, an authentication control unit (13) refers to management information which describes an operation procedure to be taken at timer expiration for each of the plurality of events and executes the operation procedure described in the management information regarding the event that has occurred.

Abstract: There is provided a display apparatus which includes an input device having a plurality of video signal terminals including a digital video signal terminal, a display configured to display an input signal which is input from the input device, and a controller configured to set a search time of a digital video signal in accordance with presence or absence of power supply to a power supply terminal of the digital video signal terminal, and a connection status in a case in which the power supply is present, and configured to execute a search of the digital video signal in the search time.

Abstract: A computer system 100 that allows a storage facility 500 to be shared by multiple different users of an Infrastructure as a Services (IaaS) system while maintaining security separation between the users is provided. A controller 150 configured for use in the computer system and a corresponding method and computer program are also provided. The computer system 100 comprises a logic block 101 that comprises one or more processing units that execute instructions, the logic block 101 configured to issue requests to read from and write to storage over a first interface 102; and a controller 150 that is configured to implement a communications link to storage 500; implement a communications link 300 to a second computer system 200 and to receive information identifying a current user of the logic block 101 from the second computer system 200; and receive the requests to read from and write to storage from the logic block 101 over the first interface 102, and to complete the requests.

Abstract: A telecommunication system of the type wherein a series of terminals are mutually connected through a server and of a data transmission network characterised in that the management and the control of data management within the network are furthermore provided, with a single device made up of a SOC (System on Chip) processor to which the required support peripherals are associated.

Abstract: A universal identity and physical presence detection in the form of a personal, universal transponder signal is described. This signal allows a user to interact with devices in the user's environment without having to download vendor-specific apps, set up vendor-specific accounts or be limited to a siloed eco-system of a manufacturer brand. The universal signal representing an individual allows for devices and software to detect and query the beacon transmitting the signal for information relating to the user and augmented onto the physical environment. This provides a more personalized, efficient, and, in some instances, secure experience for the user. Embodiments focus on minimizing user workload to allow for seamless interactions with her environment. Various embodiments provide a truly universal signal for all users and devices to interact, wherein all parties benefit from a seamless and natural way of interacting in the physical world.

Abstract: Systems, methods, and apparatuses relating to microarchitectural mechanisms for the prevention of side-channel attacks are disclosed herein. In one embodiment, a processor includes a core having a plurality of physical contexts to execute a plurality of threads, a plurality of structures shared by the plurality of threads, a context mapping structure to map context signatures to respective physical contexts of the plurality of physical contexts, each physical context to identify and differentiate state of the plurality of structures, and a context manager circuit to, when one or more of a plurality of fields that comprise a context signature is changed, search the context mapping structure for a match to another context signature, and when the match is found, a physical context associated with the match is set as an active physical context for the core.

Abstract: Embodiments of the present invention provide a security verification method and a device, and relate to the field of communications technologies, so as to verify a user identity based on a wearing status monitoring result and a pairing result of the device.

Abstract: A method implemented by a computing device is disclosed. The method includes: detecting a change in state of an application that is managed using an applications manager, the change in state being based on a first action within the applications manager; in response to detecting the change in state of the application: identifying at least one list of a plurality of application event listings stored on the computing device independently of the applications manager; determining that the at least one list includes one or more first application event listings associated with the application; and in response to determining that the at least one list includes the one or more first application event listings: determining a second action to apply to only the one or more first application event listings; and applying the second action to the one or more first application event listings.

Abstract: Techniques are disclosed relating to securing an accessory interface on a computing device. In various embodiments, a computing device detects a connection of an accessory device to an accessory interface port and, in response to the detected connection, evaluates a policy defining one or more criteria for restricting unauthorized access to the accessory interface port. Based on the evaluating, the computing device determines whether to disable the accessory interface port to prevent communication with the connected accessory device. In some embodiments, the computing device includes an interconnect coupled between the processor and the accessory interface port, and the interconnect includes a hub circuit configured to facilitate communication between a plurality of devices via the interconnect. In some embodiments, the computing device, in response to determining to disable the accessory interface port, instructs the hub circuit to prevent traffic from being conveyed from the accessory interface port.

Abstract: An endpoint in a network periodically generates a heartbeat encoding health state information and transmits this heartbeat to other network entities. Recipients of the heartbeat may use the health state information to independently make decisions about communications with the source endpoint, for example, by isolating the endpoint to prevent further communications with other devices sharing the network with the endpoint. Isolation may be coordinated by a firewall or gateway for the network, or independently by other endpoints that receive a notification of the compromised health state.

Abstract: An example method of interfacing with a hypervisor in a computing system is described. The computing system includes a processor having at least three hierarchical privilege levels including a third privilege level more privileged than a second privilege level, the second privilege level more privileged than a first privilege level. The method includes configuring, by the hypervisor executing at the third privilege level, the processor to trap reads to a debug communication channel (DCC) status register of the processor to the third privilege level; trapping, at the hypervisor, a read to the DCC status register by guest software executing in a virtual machine (VM) managed by the hypervisor, the guest software executing at the first or second privilege level; reading, at the hypervisor, a plurality of registers of the processor to obtain data stored by the guest software; and returning execution from the hypervisor to the guest software.

Abstract: A communication management system, a communication system, a communication control method, and a recording medium.

Abstract: A processor includes a processor core. A register of the core is to store: a bit range for a number of address bits of physical memory addresses used for key identifiers (IDs), and a first key ID to identify a boundary between non-restricted key IDs and restricted key IDs of the key identifiers. A memory controller is to: determine, via access to bit range and the first key ID in the register, a key ID range of the restricted key IDs within the physical memory addresses; access a processor state that a first logical processor of the processor core executes in an untrusted domain mode; receive a memory transaction, from the first logical processor, including an address associated with a second key ID; and generate a fault in response to a determination that the second key ID is within a key ID range of the restricted key IDs.

Abstract: An example electronic device includes a processor to receive, from an intent publishing device, a resource agreement associated with a service to be implemented via the intent publishing device. The processor is further to transmit the resource agreement to a claiming device. The processor is further to receive a confirmation from the claiming device, wherein the confirmation is to indicate that the claiming device is to implement the resource agreement. The processor is further to match the intent publishing device with the claiming device based on the confirmation.

Abstract: A computer implemented method for preventing fraudulent activity on a user account includes analyzing a set of personal information corresponding to a user to identify one or more travel events, wherein each travel event indicates a corresponding timeframe and location, receiving an access attempt made with respect to a user account and a current location corresponding to the access attempt, determining whether the current location corresponds to a location indicated by the one or more identified travel events, analyzing one or more external sources to determine whether the current location is explainable responsive to determining the current location does not correspond to a location indicated by the one or more identified travel events, and denying the received access attempt made with respect to the user account responsive to determining the current location is not explainable.

Abstract: An image forming apparatus includes a login processing section and an automatic logout processing section. The login processing section executes login processing and logout processing for a user. The automatic logout processing section instructs the login processing section to execute the logout processing when a standby period elapses in a state in which no function for image formation is carried out and no operation on an operation section for the image forming apparatus is received during login by the user. The automatic logout processing section switches the standby period to a shortened period shorter than a normal period upon detection of a specific operation.

Abstract: Techniques are described for authentication using sound-based monitor detection. In some implementations, the sound (e.g., ultrasound) generated by a monitor is used to detect its presence in the vicinity of a (e.g., portable) computing device that is being used to capture image(s) to be provided to an image-based authentication system. While the computing device is being used to capture image(s) to be provided to the image-based authentication system, the sound data in proximity to the computing device can be captured and analyzed (e.g., using machine learning or other techniques) to determine whether the sound data exhibits a particular pattern and/or characteristics (e.g., signature) that indicates the presence of a monitor in proximity to the computing device. The presence (or absence) of a monitor can be used in determining whether to authenticate the user.

Abstract: A system and method for determining presence information for mobile devices are disclosed. Specifically, the presence information for a mobile device can be determined based on whether or not the mobile device is having a unique interaction with a smart tag. If a unique interaction is detected, then the mobile device can be said to be within the presence of the smart tag and the location or presence information for the mobile device can be correlated to location information known for the smart tag.

Abstract: A terminal device password unlocking method includes the following steps: selecting at least one candidate information set from a plurality of candidate information sets which are displayed on a screen and each of which contains a plurality of information units; verifying a password based on all of selected candidate information sets, and confirming success of password verification when: all information units contained in the password are included into the selected candidate information sets, each of selected candidate information sets contains at least one information unit of the password, and the number of the selected candidate information sets is less than that of the information units of the password; unlocking the terminal device when verification of password is successful.

Abstract: A method includes receiving a request from a host device to authenticate a device. The method further includes transmitting authenticating data to the host device. Responsive to successful authentication of the device, configuration interface and communication interface of the device is exposed to the host device. The method further includes processing commands from the host device after the device is successfully authenticated. Responsive to the processed commands, payload data is sent or received to or from the host device according to the communication interface.

Abstract: An anti-malware application detects and remediates malware. The anti-malware application detects an event associated with a process and determines if the event matches an entry in an exclusions list. If the event is absent from the exclusions list, the anti-malware application monitors the operation of the process, logs the event data in an event log, and sends the event to a server to determine whether the process corresponds to malware. The anti-malware application updates the exclusions list based on the logged event if the process does not correspond to malware. The anti-malware application restores a file edited by the process to the saved copy of the original file prior to the file being edited by the process if the process corresponds to malware.

Abstract: A system and method configures permission settings for applications (“apps”) running on a computing device of a user. A data center generates at least one model of collective privacy preferences. The computing device is in communication with the data center via a communications network. The computing device comprises a processor that execute at least a first app that requests access to at least one permission of the computing device and a personal privacy assistant app. The personal privacy assistant app receives the at least one model from the one or more servers of the data center; collects information about the user; identifies at least one recommended permission setting for the first app based on the at least one model and such that the recommended permission setting is user-specific; and configures the computing device to implement the received at least one user-specific recommended permission setting.

Abstract: Provided is a semiconductor device which can perform secure data transmission/reception considering functional safety. The semiconductor device includes a hardware security module circuit which performs an authentication process and an error detection circuit used to perform an error detection process at least on first data which is processed in the hardware security module circuit. A memory area associated with the error detection circuit is configured to be accessible only by the hardware security module circuit when the error detection process is performed at least on the first data.

Abstract: Information handling systems may be equipped with interfaces to facilitate connection with peripheral devices to serve a variety of functions. A peripheral device may be configured with read-only configuration data when coupled to an information handling system, and the peripheral device allowed to operate in read-only mode. The configuration data may be transmitted as configuration channel (CC) sideband of the interface, such as a USB Type-C interface. If the peripheral device cannot be configured in read-only mode, the information handling system may prevent access to the peripheral device to maintain security policies and prevent data leakage.

Abstract: An input device, such as a stylus, can include a main body comprising a main body connector for connecting to a charger to charge a power source of the stylus. A separate functional end module is removable from the main body to expose the main body connector. The functional end module includes a functional component and a module connector that communicates with the main body via the main body connector. Various different functional end modules can be interchangeable to provide a variety of distinct features to the stylus.

Abstract: Disclosed herein are embodiments for user identification based on the motion of a device. An embodiment operates by detecting a motion of a remote control. The detected motion is compared with one or more stored motions, wherein each stored motion is associated with a user ID. A user ID is determined to correspond to a user operating the remote control based on the comparing of the detected motion. A confirmation that the determined user ID corresponds to a user associated with the detected motion is requested. Access to a system is provided based on at least the determined user ID.