Abstract: A method of authenticating users is provided that includes storing data in a buffer. The data is within a temporal window and includes biometric data extracted from frames included in a video and quality feature values calculated for each frame. Each quality feature value corresponds to a different quality feature. Moreover, the method includes calculating a score for each different quality feature using the corresponding quality feature values, and determining a most recent frame included in the video includes biometric data usable in a biometric authentication matching transaction when the calculated score for each different quality feature satisfies a respective threshold score value.

Abstract: For a device with a slider component, movement of the slider component may be used as part of an authentication process, for example, when unlocking the device, or a portion thereof, or providing user authentication to an application executed on the device.

Abstract: A decryption method for use in displaying data includes the steps of executing a display instruction of an object inclusive of a plurality of data, displaying an unencrypted data, but not an encrypted data, of the data on a display unit according to the display instruction, detecting a trigger signal during the state of displaying the unencrypted data but not displaying the encrypted data, entering a password-receiving state in response to the trigger signal and detecting a password signal during the password-receiving state, determining whether the password signal matches a default password, and displaying the unencrypted data and the encrypted data on the display unit when the password signal matches the default password. Therefore, with the decryption method, no person other than the object owner is aware of the encrypted data.

Abstract: A watch-type mobile terminal includes: a terminal body; a sensor unit disposed on one surface of the terminal body, configured to determine whether the watch-type mobile terminal has been worn or not, and including a light emitting portion for emitting light of a first intensity at first time intervals, and a light receiving portion for sensing reflected light; and a controller configured to control the light emitting portion to emit light of a second intensity at second time intervals between the first time intervals, wherein the controller calculates a pressure value applied to the terminal body based on an optical amount of light incident onto the light receiving portion, and generates a specific control command based on the pressure value.

Abstract: A device receives a first input for authenticating a user and determines the first input fails to authenticate the user. One or more errors are identified in the input which match a tremor pattern for the user and the one or more errors are corrected to generate a corrected input. The user is authenticated using the corrected input.

Abstract: The method for managing one or more standard configurations includes calculating a plurality of configuration fingerprints for a plurality of storage systems. The configuration fingerprint is a numerical value that represents information about a configuration for one or more components of a storage system. The method also includes building a result set that includes the plurality of configuration fingerprints for the plurality of storage systems. The method also includes identifying a plurality of standard configurations for the plurality of storage systems from the result set based on the plurality of configuration fingerprints. The method also includes determining that a first storage system from the plurality of storage systems meets a standard configuration from the plurality of standard configurations. The method also includes creating metadata within the first storage system that describes the standard configuration.

Abstract: Disclosed herein are a method and apparatus for providing a combined authentication service. Combined authentication information is set by acquiring an entry window location and authentication characters from a user, an entry window including the entry keypad is displayed at the entry window location, entry information including entry characters and entry coordinates is acquired from the user via the entry window, and combined authentication is performed by verifying the entry characters and the entry coordinates, thus strengthening the security of authentication of a mobile terminal while maintaining the user's existing password. Further, if a region to which the password entry coordinates are to be mapped is selected when the user sets a password, authentication is performed by additionally considering mapping coordinates in addition to the password even if the user enters the password into the existing password entry window, thus strengthening the security of password authentication.

Abstract: An information processing apparatus and a method of controlling the same include/use: a storage unit that stores user information; a timer that clocks a time; a storing unit that stores retention period information indicating a retention period of the user information; and a saving unit that saves data of a job input by a user. The user information stored in the storage unit is deleted in accordance with a current date and time obtained from the timer, the retention period information stored in the storing unit, the user information, and a save status of the data in the saving unit.

Abstract: The method for managing one or more standard configurations includes calculating a plurality of configuration fingerprints for a plurality of storage systems. The configuration fingerprint is a numerical value that represents information about a configuration for one or more components of a storage system. The method also includes building a result set that includes the plurality of configuration fingerprints for the plurality of storage systems. The method also includes identifying a plurality of standard configurations for the plurality of storage systems from the result set based on the plurality of configuration fingerprints. The method also includes determining that a first storage system from the plurality of storage systems meets a standard configuration from the plurality of standard configurations. The method also includes creating metadata within the first storage system that describes the standard configuration.

Abstract: A security mode prompt method and apparatus where the method includes when it is determined that a terminal is currently in a first security mode, acquiring prestored first security information; receiving first verification information entered by a user, and establishing a first correspondence between the first security information and the first verification information; displaying confusion information, the first security information, and the first verification information on a screen for the user to select; receiving a selection result of the user, and determining, according to the first correspondence, whether the selection result of the user meets a preset rule; and when the selection result of the user meets the preset rule, prompting the user that the terminal is in a second security mode. Using the present disclosure, security of a terminal can be improved.

Abstract: Embodiments of the present disclosure provide a fingerprint identification module, a fingerprint identification method and a display device.

Abstract: A computer system for distinguishing user-initiated network traffic from malware-initiated network traffic comprising at least one central processing unit (CPU) and a memory communicatively coupled to the CPU. The memory includes a program code executable by the CPU to monitor individual network events to determine for an individual network event whether the event has a legitimate root-trigger. Malware-initiated traffic is identified as an individual network event that does not have a legitimate root-trigger.

Abstract: Techniques for network process identity enablement are provided. Inter-server communications within a network are intercepted so that unique identity-based information is gathered and recorded before a sending process is permitted to release a communication over the network to a receiving process. Moreover, the receiving process cannot process the communication being sent until identifying information is gathered again and independently validated against the prior recorded information.

Abstract: A behavioral characteristics authentication system and method (“BCA system”) that facilitates authentication of the identity of a user, registrant, or applicant of a website, application, or other accessible computer resource using a verification process that incorporates behavioral characteristics. In operation, the BCA system compares a single user's behavior with their previous behavior, a user's behavior with behavior generally attributed to non-fraudulent behavior, or a user's behavior with behavior generally attributed to fraudulent behavior. The population of other users that a user's behavior is compared with may be selected to have similar demographic or other characteristics as the user. By analyzing various behavioral characteristics associated with legitimate or fraudulent multi-factor authentication attempts, the BCA system adds another layer of security to online transactions.

Abstract: The present disclosure relates to an apparatus and method for recognizing a user input. The apparatus comprises a sensor configured to sense an acoustic wave signal generated by knocking a surface of a medium, an extractor configured to separate an initial pulse signal from the acoustic wave signal and extract signal characteristic of the separated initial pulse signal, and a controller configured to recognize a knocking gesture based on the signal characteristic extracted by the extractor and generate a corresponding control signal.

Abstract: The disclosure relates to systems and methods for defining a processor safety privilege level for controlling a distributed memory access protection system. More specifically, a safety hypervisor function for accessing a bus in a computer processing system includes a module, such as a Computer Processing Unit (CPU) or a Direct Memory Access (DMY) for accessing a system memory and a memory unit for storing a safety code, such as a Processor Status Word (PSW) or a configuration register (DMA (REG)). The module allocates the safety code to a processing transaction and the safety code is visible upon access of the bus by the module.

Abstract: An electronic device offers acquired location information to a point-of-interest (POI) management server when a predetermined condition is satisfied. The POI management server offers POI identification information to the electronic device when the location information is matched to one of registered POIs. When the POI identification information is received from the POI management server, the electronic device performs a certain action.

Abstract: A method and system is provided for editing a file information system of a host device by using a client device connected to the host device via a Near Field Communication (NFC) channel while maintaining the foreground-running application execution screen of the host device. A method for managing a file information system of a host device by using a client device according to the present invention includes establishing a near field communication channel between the client device and the host device; copying the file information system from the host device to the client device; editing, at the client device, the file information system by means of an application selected in the file information system; and updating the file information system stored in the host device with the edited file information system which is transmitted from the client device to the host device.

Abstract: Methods and devices are provided for use in detecting relay attacks between devices in a communications network. One method includes sending first data by a first device to a second device, and receiving, by the first device, a communication from the second device where the communication comprises second data generated at the second device and a time parameter related to the generation of the second data. The method also includes measuring a total transmission time at the first device between sending the first data and receiving the communication, and determining a further time parameter related to the generation of the second data based at least in part on the measured total transmission time. The method then further includes determining the presence of a relay attack between the first and second devices in dependence on a comparison of the time parameter and the further time parameter.

Abstract: A system and method for a real-time prognosis of a vehicle comprising a personal communication device comprising an arbitrarily oriented three-axis accelerometer configured to capture a pitch motion and/or roll motion of the vehicle and an onboard diagnostics system communicably connected with the personal communication device enabling bi-directional communication. The personal communication device comprising a processor configured for geometric mapping of a three dimensional Cartesian coordinate of the three-axis accelerometer with the vehicle. The processor virtually orients the coordinates of three-axis accelerometer to coincide with the coordinates of the vehicle. The arbitrarily oriented three-axis accelerometer is configured to capture a road condition and a driver behavior using a sampling rate between 4 Hertz (Hz) to 10 Hertz (Hz).

Abstract: A system and method of tagging utterances with Named Entity Recognition (“NER”) labels using unmanaged crowds is provided. The system may generate various annotation jobs in which a user, among a crowd, is asked to tag which parts of an utterance, if any, relate to various entities associated with a domain. For a given domain that is associated with a number of entities that exceeds a threshold N value, multiple batches of jobs (each batch having jobs that have a limited number of entities for tagging) may be used to tag a given utterance from that domain. This reduces the cognitive load imposed on a user, and prevents the user from having to tag more than N entities. As such, a domain with a large number of entities may be tagged efficiently by crowd participants without overloading each crowd participant with too many entities to tag.

Abstract: Methods, systems, and computer program products are included for migrating a virtual machine. An example method of migrating a virtual machine includes providing a virtual machine by a source hypervisor. The source hypervisor initiates the running of a guest on the virtual machine. The source hypervisor sends the guest a migration indicator that corresponds to a migration of the virtual machine. The virtual machine is then placed in a suspended state. The source hypervisor receives a free memory page indicator from the guest that identifies one or more free memory pages. While the virtual machine is in the suspended state, the source hypervisor modifies a migration status of the identified one or more free memory pages to indicate that the identified one or more free memory pages are not to be migrated. After resuming operation of the virtual machine from the suspended state, the source hypervisor detects a dirty memory page indicator that identifies one or more dirty memory pages.

Abstract: Approaches for bridging communication between first and second buses are disclosed. Address translation information and associated security indicators are stored in a memory. Each access request from the first bus includes a first requester security indicator and a requested address. Each access request from the first bus and directed to the second bus is either rejected, or translated and communicated to the second bus, based on the requester security indicator and the security indicator associated with the address translation information for the requested address. Each access request from the second bus to the first bus includes the requested address, and the access request is translated and communicated to the first bus along with the security indicator that is associated with the address translation information for the requested address.

Abstract: A system for privacy screen-based security comprises an input interface and a processor. The input interface is configured to receive authentication information. The processor is configured to, in the event authentication is determined to be successful, provide a privacy access screen, wherein the privacy access screen provides access to a set of applications or data, and determine whether to automatically transition to a new privacy screen, wherein the transition to the new privacy screen is automatic under a specific set of circumstances.

Abstract: This document relates to user-authentication gestures. One example can capture multiple biometric features when a user-authentication gesture is performed as a device authentication attempt. The example can compare values of the multiple biometric features to previous values stored for the user. The example can further unlock the computing device in an instance where the values of the multiple biometric features satisfy a similarity threshold relative to the previous values.

Abstract: Embodiments are described for authenticating a login request for logging in to a user account on a host system. An example method includes receiving, by the host system, as part of the login request, an authentication image. The method also includes determining that the login request is sent from an authorized login-location, by comparing the authentication image with a reference image from the authorized login-location. The method further includes, in response to the login request being sent from the authorized login-location, facilitating access to the user account.

Abstract: A stylus comprises a barrel having a scribing nib disposed at one end thereof. The barrel supports at least one multi-level force-sensitive user interface. A control circuit operably couples to this control surface and responds differently to each of at least two different levels of applied force as applied to that control surface. For example, the control circuit can respond to one level of applied force by causing the transmission of a first signal to influence in a first way the scribing interaction between the stylus and the scribing surface and can respond to a second, different level of applied force by causing the transmission of a second, different signal to influence in a second, different way the scribing interaction between the stylus and the scribing surface.

Abstract: A method for estimating the strength of a graphical password comprising two or more segments is disclosed. In some embodiments, this advantageous solution is achieved by implementing a multi-step process. In one step, the data processing system applies a first operation on a first segment to produce a transformed segment. In another step, the data processing system performs a comparison operation between the transformed segment and a second segment. In another step, the data processing system performs a penalty operation with respect to the first segment based on an outcome of the comparison operation. The penalty operation includes one or more of (1) calculating a penalty value, wherein the penalty value may be used in calculating a value representing the strength of the graphical password; and (2) disregarding the first or the second segment when calculating the value representing the strength of the graphical password.

Abstract: In the case where a user in the login state exists, the control unit: controls, on a condition that the multi-login is set to be ineffective, the guidance display unit to turn its light off regardless of whether or not a person is detected by the human sensor; and controls, on a condition that the multi-login is set to be effective, the guidance display unit to turn its light on when a person is detected by the human sensor and controls the guidance display unit to turn its light off when that no person is detected by the human sensor.

Abstract: A method of operating a lock from a portable remote device includes sending a radio frequency identification signal from the portable remote device to a controller for the lock, and receiving the radio frequency identification signal at the lock controller and identifying the remote device as an authorized user of the lock. The method then includes sending a sound frequency identification signal from the portable remote device to the lock controller, receiving the sound frequency identification signal at the lock controller and identifying the remote device as an authorized user of the lock. The method further includes authorizing operation of the lock in accordance with the radio or sound frequency identification signal from the portable remote device. A system for practicing the method includes a lock controller capable of receiving a radio frequency identification signal and a sound frequency identification signal from the portable remote device.

Abstract: A system according to the present invention includes a first communication unit, a second communication unit, and an executing unit. The first communication unit is connected to a first network segment. The second communication unit is connected to a second network segment different from the first network segment, and receives a processing request, which requests to execute predetermined processing, from an apparatus via the second network segment and transmits the received processing request to the first communication unit. The executing unit executes the predetermined processing in response to the processing request received by the first communication unit.

Abstract: Systems and methods are provided for administering a test using an electronic device. The electronic device is registered to a test-taker, where the registering includes receiving identifying information from the test-taker and associating the electronic device with the test-taker using the identifying information. The test is stored in encrypted form on the electronic device, and the test includes a test question. The test is decrypted prior to test administration. The test is administered to the test-taker via the electronic device, and the administering includes displaying the test question on the electronic device and receiving an answer to the test question on the electronic device. The administered test is removed from the electronic device after transferring the answer to a testing service.

Abstract: A method and apparatus are provided for providing network access to a connecting apparatus. A method may include determining, at a terminal apparatus, a selection of a network access credential for a network from a plurality of available network access credentials installed on the terminal apparatus. The method may further include responsive to the selection, activating the selected network access credential. The method may additionally include using the activated network access credential to cause a connecting apparatus to be provided with access to the network via a local connection between the terminal apparatus and the connecting apparatus. A corresponding apparatus is also provided.

Abstract: A method for backing up data in a data center, device and system are provided. The data in all the VMs of one data center can be backed up simultaneously, and the associations between the VMs are also backed up during the backup, so it is unnecessary to concern the recovery orders of the VMs when the data of the data center is recovered. Meanwhile, when the stored data is exported from the hypervisor node, it is unnecessary to notify the upper layer OS for a backup, thereby improving the data backup efficiency and reducing the system logical complexity.

Abstract: A system, method, and computer program product are provided for controlling loading of an operating system, including mounting an image of an operating system in a pre-boot environment of a programmable device, identifying an untrusted component of the operating system registered to be automatically loaded or loaded during a boot-up stage of the operating system that is predetermined to be early, and substituting a trusted component for the untrusted component.

Abstract: A method, a system, and an apparatus for detecting malicious code to solve the problem that detection efficiency is low and that more resources are occupied. The method includes: monitoring execution of an instruction in a virtual machine supervisor of a host computer, where the instruction is generated in escape mode when a read-write request generated during execution of program code in a virtual machine of the host computer is delivered to the virtual machine supervisor; obtaining execution characteristics of the program code according to execution of the instruction; and comparing the obtained execution characteristics with pre-stored execution characteristics of known malicious code, and determining that the program code is malicious code when the obtained execution characteristics and the pre-stored execution characteristics are the same. This improves the detection efficiency, and saves the storage resources and the processing resources in the host computer.

Abstract: Present novel and non-trivial methods for electronically recording a taxi clearance on a display unit are disclosed. In one method, an interactive surface map is displayed from which selections of an assigned takeoff runway and taxiway(s) stated in a taxi clearance may be made electronically through advanced gesturing techniques. These selections highlight the surfaces stated in the taxi clearance. The selections may be made through a series of touch screen taps and/or by the grabbing, dragging, and releasing of a “rubber band” which snaps into place over the selected surface. In another method, an auto-route generating algorithm may be employed to create a preliminary taxi clearance after a presumed runway for takeoff has been selected by the pilot. Then, as the taxi clearance is being received, changes may be made through the pilot's interaction with the graphical user interfaces commensurate with the actual taxi clearance.

Abstract: A set of compliance policy updates are received. The compliance policy updates are sent to workloads for application. A status of the application of the compliance policies to the workloads is received from the workloads and output.

Abstract: The present invention discloses a wireless receiver capable of outputting a notification on an event occurred in a mobile terminal and remotely controlling the mobile terminal and a method of controlling therefor. To this end, a wireless receiver may include an earphone, a short-range communication unit configured to communicate with the mobile terminal and if the mobile terminal receives an incoming signal, a controller configured to control a first audio data including information on a caller of the incoming signal to be received from the mobile terminal and control the first audio data to be outputted via the earphone.

Abstract: The present invention discloses methods, devices, and systems for unobtrusively recognizing a user of a mobile device. Methods including the steps of: unobtrusively collecting motion data from the mobile device during normal device usage by monitoring standard authorized-user interaction with the device, without any form of challenge or device-specified action; demarcating the motion data into user motion-sequences based on changes in a motion-state or an elapsed time-period without an occurrence of the changes, wherein the motion-state refers to a placement and speed of the mobile device at a point in time; calculating user motion-characteristics from the user motion-sequences; and generating a motion-repertoire from the user motion-characteristics, whereby the motion-repertoire enables unobtrusive recognition of the user.

Abstract: A method authenticates users. During user enrollment, a computing device records 3D gesture samples captured by a depth sensor as performed by a first user. Each recorded gesture sample includes a temporal sequence of locations for multiple specified body parts. The device computes an average gesture, and selects an error tolerance. These are stored as a gesture template for the first user. A second user performs a gesture for authentication. The depth sensor captures a 3D gesture from the second user, where the captured 3D gesture includes a temporal sequence of locations for the multiple body parts. The device computes the distance between the captured 3D gesture and the average gesture. When the distance is less than the error tolerance, the second user is authenticated as the first user, and the device grants access to some secured features. Otherwise, the second user is not authenticated.

Abstract: A method of using handwriting input on a touch screen device to verify the identity of a user. The user writes a profile word in an input space provided on the touch screen. Features of the handwriting are captured and sent to a server, which stores the data in a data record associated with the authorized user. When a user subsequently writes a challenge word, the handwriting features of the challenge word are compared to the authorized user's handwriting data record and given a rating of similarity. If the rating is within a prescribed range, the user's identity is verified as being the authorized user and permitted to access a given asset. If not, the user's identity is not verified and that user may be denied access to the asset or other action taken. This biometric feature of authentication may be used alone or in a multi-factor authentication environment.

Abstract: A computer-implemented monitoring method includes electronically determining destination naming conventions of packets passing out of a first computing device for transmission on an electronic communication network, and electronically determining if each destination naming convention is that same as the naming convention of a second computing device. When at least one destination naming convention is not the same as the naming convention of the second computing device, the second computing device is electronically notified.

Abstract: A system for privacy screen-based security comprises an input interface and a processor. The input interface is configured to receive authentication information. The processor is configured to, in the event authentication is determined to be successful, provide a privacy access screen, wherein the privacy access screen provides access to a set of applications or data, and determine whether to transition to a new privacy screen.

Abstract: Systems and methods for the remote verification and monitoring of conditions surrounding an alarm signal are disclosed. In an aspect, a security system can comprise a security gateway located at a premises, wherein the security gateway is operable to detect an alarm condition and to receive video of at least a portion of the premises relating to the alarm condition, a first network coupled to the security gateway, and a second network coupled to the security gateway. The security gateway can be configured to cause transfer of alarm information comprising at least a portion of the received video and a first notification of the alarm condition in substantially real time through only the first network. The security gateway can be further configured to cause transfer of a second notification of the alarm condition through the second network substantially simultaneously with causing transfer of the alarm information through the first network.

Abstract: A system or method may include receiving, by a processor, data describing a network, wherein the network includes a plurality of entities and links describing relationships between the plurality of entities. The method may further include identifying a set of seed entities from the plurality of entities based on predefined rules. The method may further include generating a set of sub-networks based on the set of identified seed entities, wherein each of the sub-networks may include one or more other entities of the plurality of entities having at least one link to the at least one seed entity. The method may further include calculating a risk score for each of the generated sub-networks.

Abstract: Systems and methods described herein provide for administering and proctoring of a secure online exam that allows for complex testing utilizing practical examination tasks. The practical examination tasks provide for evaluation of the knowledge of the exam taker, as well as the exam taker's ability to apply that knowledge in a real-world environment. By performing the practical examination tasks in the context of a secure online exam, the competence of the test taker can be readily determined without worrying about the exam taker illicitly accessing information on their computer or via a remote source of data. The exam taker may perform the practical examination tasks through manipulation of an evaluation application executing on the exam taker's secured computer. The practical examination tasks may also be carried out through manipulation by the exam taker of an evaluation apparatus coupled to the exam taker's secured computer.

Abstract: A behavioral characteristics authentication system and method (“BCA system”) that facilitates authentication of the identity of a user, registrant, or applicant of a website, application, or other accessible computer resource using a verification process that incorporates behavioral characteristics. In operation, the BCA system compares a single user's behavior with their previous behavior, a user's behavior with behavior generally attributed to non-fraudulent behavior, or a user's behavior with behavior generally attributed to fraudulent behavior. The population of other users that a user's behavior is compared with may be selected to have similar demographic or other characteristics as the user. By analyzing various behavioral characteristics associated with legitimate or fraudulent multi-factor authentication attempts, the BCA system adds another layer of security to online transactions.

Abstract: Various approaches provide for the delivery of information on a portable computing device in response to being at or near a particular geographic location. In addition, optional functionality associated with the information can also be provided. In various embodiments, one or more applications are available to a user for download. The applications could come prepackaged with the device. It can be beneficial to monitor the user of the portable computing device to learn a user's habits. Understanding a user's habits, along with their stated preferences, allows a service to provide a user with timely and relevant information that is not only relevant to the user, but also relevant to the user's current location.

Abstract: There is provided a computer implemented method of controlling a user interface and displaying a game board arrangement, the method comprising the following implemented by at least one processor in communication with said interface and at least one memory: displaying a subset of a set of game objects, each game object having one or more characteristics, information on said subset of game objects and said game objects being stored in said at least one memory, determining a position and trajectory of movement in dependence on user input via said user interface, executing an algorithm for determining if a particular game object is to be selected or if a different subset of game objects is to be displayed in dependence on the position and trajectory of movement and the stored information on said subset of game objects, updating said subset of game objects and information such that the particular game object is selected or a different subset of game objects is displayed; and displaying said updated subset of objec