Abstract: A point-of-sale system is a dual-screen stand assembly that includes a merchant terminal and a consumer terminal. The merchant terminal and the consumer terminal can be mated together in a fixed position to form a single unitary stand, or can be separated from each other in a separated position with each terminal serving as its own separate stand. The merchant terminal supports a merchant computing device and is oriented in a merchant-facing direction. The consumer terminal is detachably mated to the merchant terminal and supports a consumer computing device that is oriented in a consumer-facing direction. The point-of-sale system also includes a card reader as part of the customer terminal to perform a payment. The card reader is configured to accepting swipe cards, chip cards or contactless (EMV or NFC) payments.

Abstract: An electronic apparatus operated by a sales clerk includes a display, a camera configured to capture an image of a code displayed on a screen of a portable registration apparatus operated by a customer in a store, the code corresponding to one or more commodities to be purchased and check data indicating whether each of said one or more commodities needs to be checked by the sales clerk before being checked out, and a processor configured to, when the image of the code is captured by the camera, acquire information indicating said one or more commodities to be purchased and the check data using the code, and control the display to display a screen showing one or more commodities that need to be checked by the sales clerk based on the acquired information.

Abstract: A method, apparatus, and computer program product for proactive offline authentication are provided. An example method includes determining a current offline condition of a computing device at a first time and determining a prior online condition of the computing device at a second time that is earlier than the first time at which the computing device generated second authentication credentials based upon one or more user attributes obtained from a digital identity construct database associated with a first user at the second time. The method further includes obtaining, at the first time, first authentication credentials associated with the first user and determining a discrepancy between the first and the second authentication credentials. In response to the determined discrepancy, the method includes generating an authentication token based upon the second authentication credentials for authenticating a first user device of the first user with the computing device.

Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.

Abstract: A security platform architecture is described herein. The security platform architecture includes multiple layers and utilizes a combination of encryption and other security features to generate a secure environment.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: Aspects presented herein may enable a base station to share trained neural network from one UE to other UE(s) to improve the efficiency of a neural network training. In one aspect, a base station receives, from a first UE, one or more ML model parameters based on a first zone ID that identifies a first geographical zone, the one or more ML model parameters being associated with the first zone ID or the first geographical zone or both. The base station provides the one or more ML model parameters to a second UE based on at least one of the zone ID or the first geographical zone.

Abstract: The present disclosure relates to a method for booting a processing device, the method including: generating, by a monotonic counter and during a first boot phase, a first count value; transmitting, by the monotonic counter, the first count value to an access control circuit of a memory; reading, on the basis of the first count value, first data stored in the memory; and generating, by the monotonic counter and during a second boot phase, a second count value greater than the first count value. The access control circuit of the memory is configured so that the reading of the first data is not authorized on the basis of the second count value.

Abstract: Communication methods and apparatus are described. One communication method includes that user equipment (UE) sends an N1 message to a security anchor function (SEAF), where the N1 message carries a Diffie-Hellman (DH) public parameter or a DH public parameter index, the N1 message further carries an encrypted identifier of the UE, and the encrypted identifier is obtained by encrypting a permanent identifier of the UE and a first DH public key. The UE receives an authentication request that carries a random number and that is sent by the SEAF. The UE sends, to the SEAF, an authentication response used to respond to the authentication request, where the authentication response carries an authentication result calculated based on a root key and the random number.

Abstract: The disclosure herein describes changing a mode of operation of a computing device using signals from a pen device. The pen device obtains gesture input data from at least one sensor of the pen device and the obtained gesture input data is compared to at least one gesture pattern. Based on the gesture input data matching the at least one gesture pattern, the pen device transitions to an active state. The pen device detects, via an electrostatic communication channel, an uplink signal from the computing device and sends a signal to change a mode of operation of the computing device by at least one of a network interface or a communication channel, other than the electrostatic communication channel. Changing modes of operation of a computing device provides a flexible, stream-lined way to enhance the user experience of using a computing device with a pen device (e.g., performing an initial pairing process).

Abstract: A vehicle control apparatus may include a host including a driving application of a vehicle controller and a hardware security module that determines whether to transmit a message for allowing booting of the host to the host, according to a result of a secure boot at an n-th cycle, and determines whether to perform the secure boot at a (n+1)-th cycle, depending on whether the message is transmitted to the host.

Abstract: A method of authorizing a client device to a service includes, by a customer electronic device associated with a customer: defining an access control list that includes permissions for authorized clients of the customer, creating authorization tokens and encoding the ACL into each of the authorization tokens, and distributing the authorization tokens to the authorized clients. The method includes, by a data center that provides a service to one or more of the authorized clients: receiving a service request for the service from a requesting client that includes a submitted authorization token, decoding the submitted authorization token to identify a received ACL in the submitted authorization token, analyzing the received ACL to determine whether the requesting client is an authorized client and the permissions in the received ACL grant the requesting client permission to access the service, and if so, providing the service to the requesting client.

Abstract: The present disclosure involves systems, software, and computer implemented methods for access control for object instances. A method includes receiving, at a cloud application, a user request associated with a user. The user request corresponds to an instance of a first application artifact type. Role assignments for the user are retrieved from a cloud platform and a determination is made that the role assignments grant permission to the first application artifact type to the user. A determination is made that a first instance-based access policy exists for the first application artifact type. A determination is made regarding whether the first instance-based access policy grants permission for the user to access the instance. The user request is serviced in response to determining that the first instance-based access policy grants permission for the user to access the instance.

Abstract: The purpose of the present invention is to provide a portable terminal and an application software start-up system whereby the application software that is started up is limited depending on the state of a user, thereby providing an improved ease of use. For this purpose, an application software start-up method for an information processing device comprises: performing identity authentication based on static biological information; determining the state of the user by comparing dynamic biological information acquired from the body of the user with previously measured dynamic biological information; and limiting the application software that is started up in accordance with the determined state of the user and on the basis of a permission level that is set in advance for each application software item.

Abstract: Systems and methods of Exact Data Matching (EDM) for identifying related tokens in data content using structured signature data implemented in a cloud-based system receiving data sets and customer configuration from a customer, wherein the data sets include customer specific sensitive data from a structured data source with each token represented by a hash value and the customer configuration includes one or more primary keys for a plurality of records in the data sets; distributing the data sets and the customer configuration to a plurality of nodes in the cloud-based system; performing monitoring of content between a client of the customer and an external network; detecting a presence of a plurality of tokens associated with a record in the customer specific sensitive data based on the monitoring; and performing a policy-based action in the cloud-based system based on the detecting.

Abstract: Techniques for processing voice commands from a locked device are described. A voice command received by a locked device is stored, a prompt requesting that the device be unlocked is generated, and the voice command is processed automatically after the device is unlocked. Thus, the system processes the voice command without the user repeating the voice command. In addition, the system may process certain voice commands even when the device is locked. For example, a whitelist filter compares an intent associated with the voice command to whitelisted intents from a whitelist database before the intent is dispatched to a speechlet, and intents included in the whitelist database are processed normally. Thus, the system performs certain voice commands while the device is locked, while other voice commands may be automatically processed after the device is unlocked without the user repeating the voice command.

Abstract: A data transfer device includes: a plurality of masters each having a buffer and configured to calculate a remaining-time counter based on an amount of data in the buffer; a memory system configured to perform data transfer with the plurality of masters and having a memory access prohibition period during which access from the plurality of masters is intermittently prohibited; a bus arbiter configured to arbitrate the plurality of masters based on the remaining-time counter; and a remaining-time counter-adjusting part configured to add a remaining-time counter offset, which adjusts the remaining-time counter until the start of the memory access prohibition period, to at least one of the plurality of masters.

Abstract: A computer-implemented method of making secure computer products is described, including a computer-implemented method of configuring a computer system configured to run an operating system, wherein the method of to enable the computer system to resist the execution of unauthorised software, the method comprising: instantiating an application programming interface to enable an application running on the computer system to access the functionality of the operating system; and applying a transform to the application programming interface to modify the application programming interface.

Abstract: Described herein are systems and methods for prime and probe attack mitigation. For example, some methods include, responsive to a cache miss caused by a process, checking whether a priority level of the process satisfies a first priority requirement of a first cache block of a cache with multiple ways including cache blocks associated with respective priority requirements; responsive to the priority level satisfying the first priority requirement, loading the first cache block; and, responsive to the priority level satisfying the first priority requirement, updating the first priority requirement to be equal to the priority level of the process.

Abstract: A computer-implemented method for protecting data on devices may include (i) identifying a device that is operated by a user and that comprises private data pertaining to the user, (ii) determining that stalkerware on the device is sending the private data to an unauthorized device not operated by the user, (iii) requesting, in response to determining that the stalkerware is sending the private data to the unauthorized device, that the user select at least one safety plan step from a set of safety plan options, and (iv) modifying, at least in part based on the safety plan step selected by the user, outgoing data sent by the stalkerware to the unauthorized device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for performing application programming interface (API)-level validation of API requests to infrastructure resources in a cloud computing environment are provided. One technique includes receiving an API request from a user to access a cloud computing service in the cloud computing environment. A determination is made as to whether at least one action indicated in the API request is allowed to be performed, based at least in part on one or more parameters of the API request. Upon determining that the at least one action is allowed to be performed, the API request is forwarded to the cloud computing service.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect business enterprises, consumers, and other entities from fraud by combining biometric activity data with facial recognition data for end users. Risks associated with various entities can be analyzed and assessed based on a combination of user liveliness check data, facial image data, social network data, and/or professional network data, among other data sources. In various embodiments, the risk assessment may include calculating an authorization score or authenticity score based on different portions or combinations of the collected and processed data.

Abstract: Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users.

Abstract: Embodiments of the present disclosure provide methods, apparatus, systems, computer program products for supporting communication functionality in an interactive electronic technical manual system (IETM) configured to provide electronic and credentialed access via an IETM viewer to technical documentation for an item. In one embodiment, a method is provided comprising: providing a window comprising a communication session option; receiving input of a selection of the communication session option; responsive to receiving the input: identifying active users who are signed into the IETM for a particular object of the item based on credentials for the user and the user being signed into the IETM for the particular object; and causing display of an identifier for each active user on the window as selectable; receiving input of a selection of an indicator for an active user; and responsive to receiving the input, initiating a communication session with the active user within the IETM.

Abstract: An information processing apparatus is provided. The apparatus performs operations comprising performing facial authentication of a second user in a state in which a first user is logged in, performing authentication of a user using a second scheme that is different from facial authentication if the facial authentication is successful, and switching a logged-in user from the first user to the second user if the authentication using the second scheme is successful and the authenticated user is the second user.

Abstract: A secure content delivery or access method may include coordination among three devices such as servers—a content management server, a delivery server, and an authorization server. A request for content may originate from an authorization server application, and may involve the application obtaining two digitally signed tokens for the request. The first token may be from the authorization server, and may include a content management server identifier for the requested content. The second token may include two identifiers for the content: the first identifier being the content management server identifier, and the second being a delivery server identifier. The first and second tokens may be signed by the authorization server and content management server, respectively, and may be delivered to the delivery server for validation. Successful validation may result in the delivery server providing a content decryption key for the requested content to a device requesting the content.

Abstract: There is provided a display apparatus which includes an input device having a plurality of video signal terminals including a digital video signal terminal, a display configured to display an input signal which is input from the input device, and a controller configured to set a search time of a digital video signal in accordance with presence or absence of power supply to a power supply terminal of the digital video signal terminal, and a connection status in a case in which the power supply is present, and configured to execute a search of the digital video signal in the search time.

Abstract: Some embodiments of the present disclosure relate to biometric characteristic detection technology, which provide a method and chip for biometric characteristic acquisition, and a computer readable storage medium. The method for biometric characteristic acquisition includes: acquiring a plurality of configuration parameters, where the plurality of configuration parameters include a first exposure duration, parameters defining a first region and a target photosensitive value, where the first region is a local region in a photosensitive region of the chip for biometric characteristic acquisition; exposing the first region according to the first exposure duration, and acquiring a photosensitive value of the first region; determining a second exposure duration required to acquire the target photosensitive value in the photosensitive region according to the photosensitive value of the first region and the first exposure duration; and acquiring a biometric image according to the second exposure duration.

Abstract: A computer-implemented method and system for tracking near-field communication (NFC)-enabled animals with a portable computing device (PCD) (i.e. mobile phone) may include providing an NFC-tag comprising memory in which the memory contains a unique identifier. The NFC-tag may be coupled to an animal and then the NFC-tag may be scanned with the PCD. A tag identification server may determine if data from the NFC-tag exists in a database and then transmits an animal production facility identifier and one or more animal records associated with data from the NFC-tag from the tag identification server if the data from the NFC-tag exists in the database. Access to a secure memory area on the portable computing device containing a complete set of animal records for an entire animal facility may be granted if the software identifier matches the animal production facility identifier received from the tag identification server.

Abstract: The device outputs, to a display device, display information on a symbol which is to be moved and displayed; acquires a face image of a subject which has been captured by an image capturing device at a capturing timing while the display device displays the symbol; detects, from the face image, a line-of-sight position; determines that the subject of the face image is a living body when one or more prescribed conditions including a case in which the line-of-sight position matches a display position of the symbol at the image-capturing timing are all satisfied; and outputs an authentication result indicating success of the authentication when the subject is determined to be a living body and the biometric authentication is successful, and outputs an authentication result indicating failure of the authentication when the subject is determined not to be a living body or when the biometric authentication fails.

Abstract: An electronic device performs techniques related generally to implementing biometric authentication. In some examples, a device provides user interfaces for a biometric enrollment process tutorial. In some examples, a device provides user interfaces for aligning a biometric feature for enrollment. In some examples, a device provides user interfaces for enrolling a biometric feature. In some examples, a device provides user interfaces for providing hints during a biometric enrollment process. In some examples, a device provides user interfaces for application-based biometric authentication. In some examples, a device provides user interfaces for autofilling biometrically secured fields. In some examples, a device provides user interfaces for unlocking a device using biometric authentication. In some examples, a device provides user interfaces for retrying biometric authentication. In some examples, a device provides user interfaces for managing transfers using biometric authentication.

Abstract: Systems and methods for predicting and moderating signature locations include an electronic document to be signed, a user of the electronic document, and a user communication device. The user provides free text inputs in the text input module of the system for the requirements of signatures in the document. A signature fields finder module analyses inputs of the user based on heuristic training patterns and screens and maps all the pages of the document for placing signature boxes. The system then places signature tags in the signature boxes. The user selects the signer parties present in the signature boxes and the system compiles signature tags for that party. The user. using the signature tag moderator module, can add, delete or adjust the signature tags and the user gets to see all the relevant pages of the document with compiled signature tags for moderation purposes by the user.

Abstract: Techniques for automatically discovering relationships between data to enforce data security are disclosed. In some embodiments, a query analytic system receives a set of one or more queries that accesses data from a set of data objects and is generated by an application to accomplish an application-level function that is opaque to the query analytic system. The query analytic system detects a relationship between a first data object and a second data object based on access patterns associated with the set of one or more queries. The query analytic system further stores an indication that the first data object is related to the second data object. An operation that is performed against the first object may also be performed against the second object based on the stored indication. Additionally or alternatively, information about the second object may be displayed when information about related objects is requested for the first object.

Abstract: Disclosed herein are apparatuses and methods for granting entry through a checkpoint. The implementations include receiving a request for entry of a person through a checkpoint. The implementations include estimating, via a thermal sensor, a body surface temperature of the person, and generating, via a user interface, a notification that prompts the person to answer at least one verification question. The implementations include receiving, via the user interface, at least one user response to the at least one verification question. The implementations include determining whether the at least one user response and the body surface temperature match criteria for gaining entry through the checkpoint. Additionally, the implementations include granting the request for entry in response to determining that the at least one user response and the body surface temperature match the criteria.

Abstract: Examples described herein relate to systems and methods for containing a faulty stimulus. A computer-implemented method may include listing in a suspect list every received stimulus including the faulty stimulus, and implicitly testing the stimuli by respectively acting upon those stimuli by a software application. Responsive to successfully acting upon each of the stimuli besides the faulty stimulus, each non-faulty stimulus is deleted from the suspect list and, responsive to such deletion, made available to a downstream node. Responsive to acting upon the faulty stimulus, the software application crashes which leaves the faulty stimulus listed in the suspect list. The software application then restarts and deems the faulty stimulus as being faulty based upon the faulty stimulus still being listed in the suspect list after the restart.

Abstract: The examples described herein extend application lifecycle management (ALM) processes (e.g., create, update, delete, retrieve, import, export, uninstall, publish) to user-created application platform components. First and second components are generated within an application platform. The first component is customized at least by indicating whether the first component is subject to localization, defining a layering of the first component, and indicating whether the first component is protected from downstream modification. The second component is customized in accordance with customizing the first component, and is further customized by defining a dependency of the second component on the first component. The components are deployed in a target environment with metadata representing the customizations and enabling the ALM processes.

Abstract: It is provided a method for managing access control to a physical space controlled by a first lock device. The method is performed by an access management device, and comprises the steps of: determining whether a mobile credential is located inside or outside a barrier secured by a lock device; storing an inside indicator in association with the mobile credential when it is located on the inside of the barrier, the inside indicator being valid until explicitly cleared; and preventing the mobile credential from establishing a communication channel with the first lock device when a valid inside indicator is stored for the mobile credential.

Abstract: Biometrics are increasingly used to provide authentication and/or verification of a user in many security and financial applications for example. However, “spoof attacks” through presentation of biometric artefacts that are “false” allow attackers to fool these biometric verification systems. Accordingly, it would be beneficial to further differentiate the acquired biometric characteristics into feature spaces relating to live and non-living biometrics to prevent non-living biometric credentials triggering biometric verification. The inventors have established a variety of “liveness” detection methodologies which can block either low complexity spoofs or more advanced spoofs. Such techniques may provide for monitoring of responses to challenges discretely or in combination with additional aspects such as the timing of user's responses, depth detection within acquired images, comparison of other images from other cameras with database data etc.

Abstract: To provide a technology of more accurately detecting spoofing in face authentication, without increasing a scale of a device configuration and a burden on a user. A spoofing detection device includes a facial image sequence acquisition unit, a line-of-sight change detection unit, a presentation information display unit, and a spoofing determination unit. The facial image sequence acquisition unit acquires a facial image sequence indicating the face of a user. The line-of-sight change detection unit detects information about a temporal change in the line-of-sight from the facial image sequence. The presentation information display unit displays presentation information presented to the user as part of an authentication process. The spoofing determination unit determines the likelihood of the face indicated by the facial image sequence being spoofing on the basis of the information about the temporal change in the line-of-sight with respect to the presentation information.

Abstract: In an example, a method involves displaying interface objects in a first area of an interface displayed on a virtual reality device. Each interface object represents one of a set of financial services available within a financial system. The method further involves, while displaying the interface, detecting, from the virtual reality device, a selection followed by a movement of an interface object of the interface objects. The method further involves moving, on the interface displayed on the virtual reality device, the interface object according to the movement. The method involves detecting, via the virtual reality device, a placement of the interface object in a second area of the interface. The method further involves, in response to detecting the placement, initiating an application for the financial service corresponding to the interface object and displaying a result of the application in the second area.

Abstract: A system and method of de-elevating a process created in a computing device of a computer system are disclosed. In certain aspects, a method includes detecting a user login within a login session of a computing device in the computer system, the login session having a default security context. The method also includes creating a de-elevated security context for the login session, wherein the de-elevated security context has fewer privileges than the default security context. The method also includes detecting a process being created within the login session. The method further includes determining that the process is potentially malicious by comparing an intended state and a digital profile of the computing device. The method also includes launching the process using the de-elevated security context.

Abstract: Apparatus and methods for authenticating a user of a transaction device are provided. The methods may include designating an element of the device as a focal point. The methods may include storing the focal point in a transaction system database. The methods may include receiving from the device a gesture pattern. The methods may include determining that the pattern identifies the focal point. The methods may include accepting the focal point. The methods may include authenticating the user. The methods may include receiving, after the authenticating, from the user a personal identification number (“PIN”) that is associated with a transaction card of the user that is not present at the transaction.

Abstract: According to one aspect of the concepts and technologies disclosed herein, a role-based access control (“RBAC”) system can mark all granular roles in a granular role group as non-tested to create a non-tested granular role set. The RBAC system can randomly select a granular role from the non-tested granular role set. The RBAC system can assign both the non-tested granular role set and a tested-keep granular role set to the granular role group. Each granular role in the tested-keep granular role set has been tested an approved for inclusion in the complete granular role set. The RBAC system can determine whether a user assigned to the granular role group has access to a protected function. In response to determining that the user does not have access to the protected function, the RBAC system can mark the granular role for inclusion in the tested-keep granular role set.

Abstract: A system and method for encrypting and decrypting information is presented. In some embodiments, an endpoint token management system is provided for facilitating dynamic and random encryption and decryption methods. The system and methods may be employed in virtually any system or network, and may be used to protect virtually any type of data, whether at rest (data storage), in motion (data transfer), or in use. In some embodiments, synchronization points are used as analogs for encryption/decryption keys, enabling the encrypting system and decrypting system to begin randomly altering encryption data in a like-manner, thereby creating a constantly changing encryption field that is virtually impossible to decrypt without authorization.

Abstract: A terminal device includes an authentication information acquirer acquiring pieces of authentication information, an authentication determiner determining whether authentication is successful based on, among the pieces of authentication information acquired by the authentication information acquirer, at least one piece, and an authentication information updater, when the authentication determiner determines that authentication is successful, updating pieces of saved authentication information with pieces of authentication information acquired by the authentication information acquirer.

Abstract: Online user account access control includes adjustable authentication challenge levels based on a level of match between observed attributes of a present login attempt and corresponding recorded attributes for the authentic user for the entered user identifier (UID). Login candidates whose attributes sufficiently closely match the recorded attributes for the entered UID are allowed to select an authentication graphic pattern registered for the UID from a set of alternatives, with the degree of complexity of such selection based authentication increasing according to the degree of difference between the observed attributes of the present login attempt and the corresponding recorded values for the UID, while by default, login candidates may be required to produce the registered authentication graphic pattern from blank slate.

Abstract: Methods and apparatus to identify haptic vibrations of touchscreens are disclosed. Example apparatus disclosed herein obtain a haptic control signal that is to cause vibrations of a touchscreen to simulate a texture corresponding to visual subject matter to be displayed on the touchscreen, the vibrations of the touchscreen to produce an acoustically detectable signal. Disclosed example apparatus also encode a watermark into the haptic control signal to generate a watermarked haptic control signal, the watermark including identification information to identify at least one of the subject matter or the texture, the watermark to modify the acoustically detectable signal.

Abstract: There is disclosed a method, computer program product and a system for regulating execution of a suspicious process, comprising determining a file system location of an executable file associated with the suspicious process, encrypting the file, and creating a wrapper for the file with the same file name and location as the file associated with the suspicious process.

Abstract: Embodiments of the present application generally relate to controlling ingress/egress through entryway devices. More particularly, but not exclusively, embodiments of the present invention relate to attaining confirmation of intent relating to access to a controlled opening. According to certain embodiments, the credential device and/or the user of the credential device is prompted to provide a response, or otherwise is to perform certain actions, that can demonstrate a confirmation of intent to gain access to the controlled opening. Such responses and/or actions can be evaluated to determine authority to gain access to the controlled opening. Further, such intent confirmation events may, depending on the embodiment, be performed before or after credential information is communicated from the credential device and/or before or after pairing of the access control device and the credential device.

Abstract: An apparatus, method and system are provided for sensing an individual's biometric information, and generating and transmitting an acoustic signal representative of the sensed biometric information. The acoustic signal may be transmitted as an audio signal or an ultrasonic signal to another apparatus in the system for authentication or verification of the individual's identity.