Abstract: According to some embodiments, a local thin cloud tenant computer platform is coupled to a user synchronization data store and to a remote user cloud application executing at a data center via a distributed communication network. The local thin cloud tenant computer platform may receive synchronization information from the remote user cloud application and store it into the user synchronization data store. When the local thin cloud tenant computer platform determines that the remote user cloud application is unable to respond to a request from a local user device, the synchronization information in the user synchronization data store may be accessed to provide limited functionality associated with the remote user cloud application. The local thin cloud tenant computer platform may then transmit a response to the request from the local user device.

Abstract: Secure password lock and recovery is provided. A user password is received to access a secure resource protected by a data processing system. It is determined whether a match exists between a retrieved user password verification string corresponding to a valid user password from a storage of a software token and a generated user password verification string corresponding to the user password. In response to determining that a match does not exist between the retrieved user password verification string and the generated user password verification string, it is determined whether a defined number of user password authentication attempts has been exceeded. In response to determining that the defined number of user password authentication attempts has been exceeded, the retrieved user password verification string is set to a preestablished sequence of values locking the valid user password on the storage of the software token. Access to the secure resource is denied.

Abstract: Disclosed in the application are a method and device for identity authentication. The method comprises: when the terminal is in the specified stress state, action attribute information of the terminal is collected; the action attribute information is processed by matching with preset sample information; if the action attribute information is matched with the sample information, the authentication is successful, and if the action attribute information is not matched with the sample information, the authentication is failed. By the above method, the terminal can automatically collect the corresponding action attribute information in the process that users perform certain specified operation, and then match and compare with the preset standard information to authenticate the identity of the current user using the terminal.

Abstract: An apparatus includes an audio output device, an audio input device and a processor. The audio output device may be configured to generate an audio message. The audio input device may be configured to receive audio input. The processor may be configured to analyze the audio input to perform a first authentication of a user and determine a command corresponding to the audio input, determine a confidence level of a classification of a user based on the first authentication and authenticate the user if the confidence level is above a pre-determined threshold. The classification may correspond to an approved list of users. The confidence level may be adjusted in response to one or more authentication factors. If the user is authenticated, the processor may be configured to perform the command.

Abstract: The system may provide automatic real-time filtering and information object selection, which may occur at the presentation layer. Presentations may be tailored on a per user basis. Users with different security levels can participate in a video conference call at the same time and only view what their security clearance allows.

Abstract: A computer implemented method of providing whole disk encryption for a virtualized computer system including providing a software component executing in a first virtual machine for instantiation in a first hypervisor, the software component invoking a second hypervisor within the first virtual machine for instantiating a disk image of the virtualized computer system as a second virtual machine, and the software component being configured to install a software agent in the second virtual machine, the software agent being adapted to: a) encrypt the instantiated disk image; b) encrypt data written, by the second virtual machine, to the instantiated disk image at a runtime of the second virtual machine; and c) decrypt data read, by the second virtual machine, from the instantiated disk image at a runtime of the second virtual machine, wherein the software component is configured to migrate the second virtual machine at a runtime of the second virtual machine to the first hypervisor so as to provide a wholly encry

Abstract: A universal identity and physical presence detection in the form of a personal, universal transponder signal is described. This signal allows a user to interact with devices in the user's environment without having to download vendor-specific apps, set up vendor-specific accounts or be limited to a siloed eco-system of a manufacturer brand. The universal signal representing an individual allows for devices and software to detect and query the beacon transmitting the signal for information relating to the user and augmented onto the physical environment. This provides a more personalized, efficient, and, in some instances, secure experience for the user. Embodiments focus on minimizing user workload to allow for seamless interactions with her environment. Various embodiments provide a truly universal signal for all users and devices to interact, wherein all parties benefit from a seamless and natural way of interacting in the physical world.

Abstract: Provided is a system for authenticating a user based on a lock screen and a method thereof, and more particularly, to a system for authenticating a user and a method thereof, which operates a user terminal even in a locked state of the user terminal in order to perform user authentication more easily. A system for authenticating a user based on a lock screen may include a push server receiving identification information of a user who accesses an authentication request server and identification information of the authentication request server and generating a push message based on the identification information and transmitting the push message to the user terminal corresponding to the identification information of the user.

Abstract: A method for referencing and updating objects in a shared resource environment. A reference counter counts is incremented for every use of an object subtype in a session and decremented for every release of an object subtype in a session. A session counter is incremented upon the first instance of fetching an object type into a session cache and decremented upon having no instances of the object type in use in the session. When both the reference counter and the session counter are zero, the object type may be removed from the cache. When the object type needs to be updated, it is cloned into a local cache, and changes are made on the local copy. The global cache is then locked to all other users, the original object type is detached, and the cloned object type is swapped into the global cache, after which the global cache in unlocked.

Abstract: Disclosed are a method and an apparatus for connecting electronic devices based on biometric information without a certification server. An electronic device includes a wireless communication unit configured to perform wireless communication with an external device; a biometric recognition module; a memory; and a processor connected to the wireless communication unit, the biometric recognition module, and the memory.

Abstract: Systems, apparatuses, and methods relating to operating a security system are described. In one embodiment a method may include receiving at a receiving unit a protected signal sent from a portable transmitter, the receiving unit in communication with a security system panel, assessing at least one characteristic of the protected signal, modifying at least one characteristic of the protected signal based at least in part on the assessing, and comparing the protected signal to a stored signal after the modifying.

Abstract: Provided is technology that improves user convenience. A scanning system includes a scanner that generates scanning data by scanning a document, and a management device that connects to the scanner, and processes the scanning data based on settings corresponding to a user authenticated by a first user authentication when the scanner executes a first user authentication process. The scanning system executes a first process of scanning a document without first user authentication by the scanner, and storing the generated scanning data in storage; a second process of, when second user authentication is executed, identifying the scanning data to process from the scanning data stored in the storage; and a third process of processing the scanning data to process based on settings related to the user authenticated by the second user authentication.

Abstract: Content deployment systems and methods are provided for continuously integrating and deploying selected content items from a plurality of content sources into a specific release as part of the specific release. For example, a first content source stores a plurality of first content items for potential inclusion in the specific release. A manifest record for the specific release specifies release items, that are allowed to be part of the specific release. A proxy can periodically retrieve selected ones of the first content items that are specified in the manifest record, and push them to a content publishing engine. Any content items that are not specified in the manifest record are rejected by the proxy. A processor of the content publishing engine can allow for continuous integration of the selected ones of the first content items into the specific release.

Abstract: A system and method for conducting a computer based candidate assessment in an examination center has been described. The system primarily involves a candidate assessment device in communication with the computer. The candidate assessment device further comprises an operating system and an assessment application. The candidate assessment device captures the proctoring data of the candidate during assessment. The system also includes plurality of sensors including camera and biometric sensor. The biometric data captured from biometric sensor is used to authenticate the identity of the candidate using the UIDAI database. The system also includes an external communication device to sniff a plurality of external communication within vicinity of the candidate. Further, the proctoring data is provided to an assessment server. And assessment server raise an alarm if one of a predefined suspicious activity is detected.

Abstract: A system including a reader device and a mobile device having a user credential. The reader device includes an ultrasonic transmitter configured to transmit an identifier, and a wireless transceiver configured to receive information from and transmit information to the mobile device. The identifier is configured to be received by a microphone of the mobile device. The mobile device may determine a position of the mobile device based on the identifier.

Abstract: An information processing apparatus that communicates directly with an external apparatus using wireless communication includes a plurality of network interfaces, a storage unit that stores a plurality of pieces of different network information respectively assigned to the plurality of network interfaces, an identification unit that identifies a user who logged in the information processing apparatus, a selection unit that selects, as network information to be transmitted directly to the external apparatus using the wireless communication, at least one network information corresponding to the identified user from among the stored plurality of pieces of network information, and a transmission unit that transmits the selected network information directly to the external apparatus using the wireless communication.

Abstract: The present invention enables a code to be recognized by a smart phone or other electronic devices even when the code is successively changed. The apparatus is equipped with an incoming amount detection unit for detecting the incoming amount per unit time of external energy incoming from the exterior, an information acquisition circuit for acquiring input information in a predetermined format based on a change in the said incoming amount per unit time, a working surface arranged with one or more elements in which a physical quantity change detectable from a counter surface occurs, one or more physical quantity control units which generate the said physical quantity change in each of the said one or more elements, and an information output unit in the said one or more physical quantity control units which outputs output information in a predetermined format in accordance with the said physical quantity change by the said one or more elements.

Abstract: A method of selective file synchronization between computing devices is disclosed. Creation of customized profiles for grouping digital content, such as application programs and multimedia files, and assignment of the content to the profiles is described. Digital content can be manually or automatically assigned to profiles. Customizable file synchronization profiles provide improved data security because private files can be excluded from a profile and will not be transferred. The disclosed subject matter is applicable to general purpose and special purpose computing devices in mobile and non-mobile environments.

Abstract: A portable computing device is installed in or mountable to a shopping cart and linked for communication with a hand-held commodity registration apparatus. The portable computing device includes a wireless interface, a camera configured to capture an image, and a processor configured to establish a communication link with the hand-held commodity registration apparatus through the wireless interface, to perform object recognition on objects in the image captured by the camera, and to confirm that the objects recognized in the image correspond to commodities identified in registered commodity data received from the hand-held commodity registration apparatus through the wireless interface.

Abstract: An apparatus in one embodiment comprises a storage device having a processor coupled to a memory. The storage device incorporates at least one trap object particularly configured for use in detection of a ransomware attack and not otherwise utilized for storage of operational data in the storage device. The storage device further comprises a ransomware detector configured to monitor the trap object and to generate an alert based at least in part on a result of the monitoring. The trap object may comprise a dummy file system element of the storage device, such as, for example, a file or a directory of a file system of the storage device. Additionally or alternatively, the trap object may comprise one or more specific storage blocks of the storage device with the one or more specific storage blocks being determined at least in part by the file system of the storage device.

Abstract: An image processing apparatus performs control of accepting an instruction to cancel execution of a job on condition that authentication using authority information input to the image processing apparatus has succeeded, in a case where a predetermined error has not occurred. The image processing apparatus performs control of accepting the instruction to cancel the execution without the authority information input with respect to only a specific job among jobs generated by the image processing apparatus, in a case where the predetermined error has occurred.

Abstract: An electronic apparatus includes: a primary display screen and a secondary display screen located in different areas of the electronic apparatus respectively; the primary display screen is configured to display in a first display mode; the secondary display screen is configured to display in a second display mode; the first display mode is that after the electronic apparatus is turned on, in a non-standby state, the display screen is in the display enabled state, and in a standby state, or after the electronic apparatus is turned off, the display screen is in a display disabled state; and the second display mode is that after the electronic apparatus is turned on, the display screen is always in a display state. The apparatus may save electric energy of the electronic apparatus. A controlling method for the electronic apparatus is further provided.

Abstract: Embodiments of the disclosure relate to controlling access to email content. According to various embodiments as described herein, an email message may be accessed by a computing device to identify a uniform resource locator (URL) within the email message, wherein the URL corresponds to a resource residing in a protected location that is not accessible by a native browser application of the client device. The computing device may determine whether the client device is permitted to access the URL and request access to the resource via the secure browser application of the client device upon a determination that the client device is permitted to access the resource in accordance with the at least one resource rule.

Abstract: A portable appliance may be provided. It may comprise a storage device operable for storing at least one application software program, a processor operable for executing the at least one application software program, a broadband communication interface plug, pluggable to a computing device, and a broadband communication interface socket adapted for receiving a second broadband communication interface plug of a second portable appliance of a same kind. The present invention also discloses a method for operating the portable appliance, wherein the method stores at least one application software program, executes the at least one application software program, generates user interface data, receives user interface response data, and receives a second broadband communication interface plug of a second portable appliance of a same kind in the broadband communication interface socket of the portable appliance.

Abstract: A system and method for providing network information using a short-range wireless communication path between a communication device and a terminal device is described. In some examples, authentication information is required from the terminal device prior to communication of the network information. In some examples, the short-range wireless communication path is disconnected and reestablished in which one of the terminal device and the communication device changes operation modes of a short-range wireless interface.

Abstract: A method for an electronic device to restrict functionality according to working mode is provided. The method establishes a fingerprint database, wherein the fingerprint database stores at least one fingerprint of each authorized user for unlocking the electronic device, a finger type corresponding to each fingerprint stored in the fingerprint database, and a preset finger area corresponding to each finger type stored in the fingerprint database. A fingerprint of a user is obtained through a sensor. The fingerprint is matched against database for authorized status and size of fingerprint currently obtained is also analyzed and compared to a preset size of the type corresponding to the obtained fingerprint. The electronic device is unlocked for an authorized user and controlled to enter into an unrestricted working mode for an adult or into a restricted working mode for a child, according to the comparison.

Abstract: A management apparatus connected to an image forming apparatus for managing usage of the image forming apparatus is disclosed. The management apparatus includes a user data storage part for storing user identification data and use restriction data corresponding to the user identification data, and a use restriction data acquiring part for acquiring the use restriction data corresponding to the user identification data.

Abstract: Methods and systems for providing notifications to mobile device utilize a cloud extension agent operating on a corporate network for sending notification requests via a cloud-based service. An application on the user's mobile device is configured to receive push notifications sent via the cloud extension agent, while receiving email messages directly from corporate email server. A user can select notification settings, allowing the cloud extension agent to be configured remotely via a cloud to provide appropriate notifications to the user.

Abstract: The present disclosure relates to executing software within an execution safety container. An example method generally includes detecting that a memory address referenced by a stack pointer has changed from a first memory address to a second memory address. An execution safety container compares the referenced memory address to a memory address range associated with an application, and upon determining that the referenced memory address is not within the memory address range associated with the application, takes one or more actions to avoid occurrences of unhandled exceptions caused by the referenced memory address being outside of a memory address range associated with an application.

Abstract: During development of an application, an association between a view of the application and a data service, and rules applicable to the view, can be received. The rules can include an indication of a security role assigned to users who are allowed to access the view and an indication of whether the view is allowed to access the data service based on the security role assigned to the user. Based on the rules applicable to the view, permissions for accessing the data service by the view can be automatically extrapolated. Based on the permissions extrapolated for accessing the data service by the view, a binding credential, configured to be processed to determine whether the view of the application is granted access to data provided by the data service at runtime, can be automatically created. The at least one binding credential can be assigned to the view of the application.

Abstract: A set of techniques is described for monitoring and analyzing crashes and other malfunctions in a multi-tenant computing environment (e.g. cloud computing environment). The computing environment may host many applications that are executed on different computing resource combinations. The combinations may include varying types and versions of hardware or software resources. A monitoring service is deployed to gather statistical data about the failures occurring in the computing environment. The statistical data is then analyzed to identify abnormally high failure patterns. The failure patterns may be associated with particular computing resource combinations being used to execute particular types of applications. Based on these failure patterns, suggestions can be issued to a user to execute the application using a different computing resource combination.

Abstract: In a copy method, a first processing apparatus performs: receiving authentication information from a mobile terminal; storing the received authentication information into an external storage medium connected to a first interface of the first processing apparatus; and storing particular information stored in a first storage of the first processing apparatus, into the external storage medium connected to the first interface. A second processing apparatus performs: receiving the authentication information from the mobile terminal; reading the authentication information stored in the external storage medium connected to a second interface of the second processing apparatus; and storing, into a second storage of the second processing apparatus, the particular information stored in the external storage medium connected to the second interface, when the read authentication information and the received authentication information match each other.

Abstract: Multiple deception techniques utilized to mislead malicious entities that attempt to gather information associated with a computing device are implemented by changing a single result. In one aspect, requests for screen captures are intercepted and it is determined whether the requests are triggered due to user interaction (e.g., pressing a button and/or key) and/or received from an authorized application/device. If determined that the requests are not triggered due to user interaction and/or are received from an unauthorized application/device, a response comprising one of several pre-prepared or dynamically generated screen captures that are embedded (and/or appended) with misleading information (e.g., fake credentials, fake documents marked as important/hidden, etc.) is generated. Applications that attempt to utilize the misleading information can be flagged as malware.

Abstract: An electronic device includes a biomedical sensor configured to generate a first signal by detecting a biomedical signal, a motion sensor configured to generate a second signal by detecting a motion, and a communication interface configured to provide a secure communication channel with another electronic device, and receive a third signal through the secure communication channel. The electronic device further includes a controller configured to generate a secret key for the secure communication channel, based on the first signal, and determine whether to perform a predetermined function, based on the second signal and the received third signal.

Abstract: An electronic device includes an attachment section which is attachable to a user, at least one contact detection sensor which detects whether the attachment section is attached to the user or is not attached to the user, a function section which executes at least one function, and a circuit section. The circuit section judges that the attachment section is in a non-attached state to the user based on a detection result of the contact detection sensor and controls the function section not to execute the function when the attachment section is judged to be in the non-attached state.

Abstract: Embodiments of the present disclosure relate to a new approach for sensor-based authentication to enhance mobile security. In the computer-implemented method, motion related sensor data is obtained. A label of a behavior is determined wherein the behavior has a time information of the behavior. The label is associated with at least part of the motion related sensor data based on the time information of the behavior and the time information of the motion. At least one comparable motion is determined from the associated part of motion related sensor data. At least one motion passcode based on the determined comparable motion is identified.

Abstract: Using an ARM processor, a method is provided for endpoint computing systems such as mobile devices or laptops to provide a hardware isolated runtime environment for multiple operating systems (OS's). OS isolation is performed by hardware ARM Security Extensions added to ARMv6 processors (or higher) and controlled by a software Secure Monitor Module (SMM). The invention therefore comprises hardware enforcement mechanisms configured by the SMM to confine each OS to its own respective resources (kernel, RAM, drivers, storage). The invention is applicable to systems with different OS switching mechanisms, such as full computer system reboot to switch OS's, suspension of one OS and resuming another, or using a virtual machine hypervisor to execute several OS's in parallel.

Abstract: Some embodiments provide a novel method for authorizing network requests for a machine in a network. In some embodiments, the method is performed by security agents that execute on virtual machines operating on a host machine. In some embodiments, the method captures a network request (e.g., network control packets, socket connection request, etc.) from a primary application executing on the machine. The method identifies an extended context for the network request and determines whether the network request is authorized based on the extended context. The method then processes the network request according to the determination. The extended context of some embodiments includes identifications for primary and secondary applications associated with the network request. Alternatively, or conjunctively, some embodiments include identifications for primary and secondary users associated with the network request.

Abstract: The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside.

Abstract: Embodiments of the present invention provide a message processing method and apparatus, and relate to the field of communications technologies. The method includes: comparing a message feature of a currently processed message with a specified tracking feature; determining a user corresponding to the message as a target user when determining that the message feature matches the tracking feature; and reporting a signaling message of the target user to a network management server. In the present invention, a network fault is quickly located, and network connection efficiency is improved.

Abstract: A system and method for facilitating user access to data and software functionality. An example method includes identifying open windows of plural software applications; accessing rules pertaining to one or more behaviors of one or more of the open windows; and using the rules to adjust the one or more behaviors in accordance with a context of each of the open windows. In a more specific embodiment, the one or more behaviors are adjusted via window groupings in accordance with window context, which includes one or more keywords associated with open windows. The example method further includes displaying a search window with a user option to enter a query using keywords. Search results may identify documents that are associated with window groups associated with keywords of the query.

Abstract: Some embodiments provide a method for bypassing device security protections to communicate with a contact of a secure device. The method displays a selectable user interface object on the device enabling a user to bypass the security protections of the device. Upon receiving a selection of the user interface object, the method initiates a communication to a contact that is preselected from a list of contacts.

Abstract: Systems, apparatuses, and methods relating to operating a security system are described. In one embodiment a method may include receiving at a receiving unit a protected signal sent from a portable transmitter, the receiving unit in communication with a security system panel, assessing at least one characteristic of the protected signal, modifying at least one characteristic of the protected signal based at least in part on the assessing, and comparing the protected signal to a stored signal after the modifying.

Abstract: A dual-system-based data storage method, comprising the steps of (S301) judging whether the data is important data when storing data in a first system; and (S302) storing the data into a second system if it is judged that the data is important data. Thus, in a dual-system environment, the important data handled by a user in a first system can be quickly and conveniently stored into a second system, thereby sufficiently protecting information security for the user.

Abstract: A non-transitory computer readable medium storing a program causing a computer to execute a process: the process comprising: performing a first utilization permission process for an authorized user; and performing a second utilization permission process for a guest user, the second utilization permission process comprising: acquiring user identification information input by the guest user; inquiring, of a directory service that retains information of a member of an organization, whether the user identification information acquired by the acquiring is registered; and permitting the guest user who inputs the user identification information to use the system within a range of a utilization authority, which is different between a case where a response indicating that the user identification information is registered is received and a case where a response indicating that the user identification information is not registered is received, in response to the inquiry.

Abstract: A management apparatus connected to an image forming apparatus for managing usage of the image forming apparatus is disclosed. The management apparatus includes a user data storage part for storing user identification data and use restriction data corresponding to the user identification data, and a use restriction data acquiring part for acquiring the use restriction data corresponding to the user identification data.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: A display device control pen comprises a pen body and at least one detachable accessory. The detachable accessory comprises an electronic component. The pen body is detachably assembled with the detachable accessory. The pen body comprises at least one variable-voltage circuit, a signal generating unit and a signal transmitter. When the detachable accessory is assembled to the pen body, the electronic component is electrically connected to the variable-voltage circuit and varies a voltage value of the variable-voltage circuit. The signal generating unit is coupled to the variable-voltage circuit and generates a color signal based on the varied voltage value. The signal transmitter is coupled to the signal generating unit and transmits the color signal to the display device, such that the display device displays a color on a trace formed by the pen body according to the color signal.

Abstract: A touch display device and a touch method thereof are provided. The touch display device includes a touch panel, a fingerprint collecting unit, a signal processing unit and a memory. The fingerprint collecting unit is connected with the touch panel, and the signal processing unit is connected with the touch panel and the memory. The touch method of the touch display device includes acquiring a fingerprint information set including M first fingerprint images by the fingerprint collecting unit; and inquiring M second fingerprint images matched with the M first fingerprint images in a preset information set according to the M first fingerprint images in the fingerprint information set in the memory by the signal processing unit, and acquiring S first control instructions corresponding to the M second fingerprint images from the memory.

Abstract: A behavioral characteristics authentication system and method (“BCA system”) that facilitates authentication of the identity of a user, registrant, or applicant of a website, application, or other accessible computer resource using a verification process that incorporates behavioral characteristics. In operation, the BCA system compares a single user's behavior with their previous behavior, a user's behavior with behavior generally attributed to non-fraudulent behavior, or a user's behavior with behavior generally attributed to fraudulent behavior. The population of other users that a user's behavior is compared with may be selected to have similar demographic or other characteristics as the user. By analyzing various behavioral characteristics associated with legitimate or fraudulent multi-factor authentication attempts, the BCA system adds another layer of security to online transactions.