Abstract: Various approaches provide for the delivery of information on a portable computing device in response to being at or near a particular geographic location. In addition, optional functionality associated with the information can also be provided. In various embodiments, one or more applications are available to a user for download. The applications could come prepackaged with the device. It can be beneficial to monitor the user of the portable computing device to learn a user's habits. Understanding a user's habits, along with their stated preferences, allows a service to provide a user with timely and relevant information that is not only relevant to the user, but also relevant to the user's current location.

Abstract: There is provided a computer implemented method of controlling a user interface and displaying a game board arrangement, the method comprising the following implemented by at least one processor in communication with said interface and at least one memory: displaying a subset of a set of game objects, each game object having one or more characteristics, information on said subset of game objects and said game objects being stored in said at least one memory, determining a position and trajectory of movement in dependence on user input via said user interface, executing an algorithm for determining if a particular game object is to be selected or if a different subset of game objects is to be displayed in dependence on the position and trajectory of movement and the stored information on said subset of game objects, updating said subset of game objects and information such that the particular game object is selected or a different subset of game objects is displayed; and displaying said updated subset of objec

Abstract: A method for assessing and responding to a level of awareness of a flight crew member onboard an aircraft is provided. The method assesses an eye-scanning behavior of the flight crew member to determine whether the flight crew member is aware of a system-initiated change to a flight parameter; and when the flight crew member is not aware of the system-initiated change, orients the flight crew member to the system-initiated change.

Abstract: Method and apparatus for secure processing. The method includes detecting communication among secure and non-secure data entities, prohibiting execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in a permitted instruction record, and prohibiting execution of non-secure executable instructions if the non-secure executable instructions are recorded in a prohibited instruction record.

Abstract: Present novel and non-trivial methods for electronically recording a taxi clearance on a display unit are disclosed. In one method, an interactive surface map is displayed from which selections of an assigned takeoff runway and taxiway(s) stated in a taxi clearance may be made electronically through advanced gesturing techniques. These selections highlight the surfaces stated in the taxi clearance. The selections may be made through a series of touch screen taps and/or by the grabbing, dragging, and releasing of a “rubber band” which snaps into place over the selected surface. In another method, an auto-route generating algorithm may be employed to create a preliminary taxi clearance after a presumed runway for takeoff has been selected by the pilot. Then, as the taxi clearance is being received, changes may be made through the pilot's interaction with the graphical user interfaces commensurate with the actual taxi clearance.

Abstract: A planned virtual machine, for use in staging the construction of a virtual machine. Such a planned virtual machine may be used as part of a method for migrating virtual machines. The method may include creating a planned virtual machine based on a first realized virtual machine or a template, performing a configuration operation on the planned virtual machine, and converting the planned virtual machine to a second realized virtual machine. The configuration operation may comprise interaction with a virtualization platform managing the planned virtual machine and may be based on input provided by a user.

Abstract: A transmission terminal includes an authentication unit that determines, when the transmission terminal is not connected to a network, whether authentication of a storage medium is confirmed based on authentication information stored in a storage unit and authentication information read from the storage medium, and transmits, when the transmission terminal is connected to the network, an authentication request containing the authentication information read from the storage medium to an authentication device connected to the network, and a maintenance unit that alters maintenance functions executable on the transmission terminal based on whether authentication of the storage medium is confirmed based on the authentication information stored in the storage unit or a notice indicating that authentication of the storage medium is confirmed is received from the authentication device.

Abstract: Methods and devices for connecting a mobile device with different data storage devices located either locally or remotely are provided. The device may apply one or more rules to create a hierarchical virtualization of the several data storage devices. The virtualization may then be provided to the user as a single, hierarchical file system. Further, a monitoring system may monitor the file system to determine if any new applications have been installed or if applications are currently being executed. If a connection is made to a secure network, the system may provide the information derived from the monitoring to the secure network. The secure network can then analyze the information to determine if any of the applications should be uninstalled from the device or should be stopped while the device is connected to the network.

Abstract: A device includes a PCH including a reset control pin and a disable control pin. A BIOS chip to control the PCH to send a low logic level from the reset control pin to the reset pin to reset a Ethernet controller. A timing adjusting circuit and the Ethernet controller. The Ethernet controller includes a reset pin and a disable pin, the reset pin is connected to the reset control pin via the timing adjusting circuit, and the disable pin is connected to the disable control pin via the timing adjusting circuit. The PCH sends a low logic level from the disable control pin to the disable pin to disable the Ethernet controller, and the timing adjusting circuit delays the low logic level, which makes the low logic level of the disable pin come later than the high logic level of the reset pin.

Abstract: A method, computer-readable storage device and apparatus for encrypting a broadcast message of a base station are disclosed. For example, the method selects an encryption key for the broadcast message and encrypts the broadcast message using the encryption key to create an encrypted broadcast message. The method then transmits an identifier of the encryption key and transmits the encrypted broadcast message over a broadcast channel. A method for decrypting a broadcast message that is encrypted is also disclosed.

Abstract: An image processing apparatus includes an operating unit comprising a user interface configured to receive an operation from a user who has logged-in to the image processing apparatus, a job execution unit configured to execute a job based on the received operation, a determination unit configured to determine whether the job requires an instruction via the operating unit after detecting a logout event, and a control unit configured to, when the job is determined to require the instruction via the operation unit after the logout event has been detected, prevent a user's instruction-waiting state from occurring after the user has logged-out, and when the job is determined to not require the instruction via the operation unit after the logout event has been detected, allow the job to continue under execution after the user has logged-out. At least part of the control unit is implemented by a processor and a memory.

Abstract: A method, apparatus and system enable a temporary partition on a host to be isolated. More specifically, a temporary partition may be initialized in a partitioned host, assigned its own security policy and given the necessary resources to complete a task. Thereafter, the temporary partition may be dismantled. Since the temporary partition is isolated from the remaining partitions on the host, the temporary partition may be allowed to run a “weaker” security policy than the rest of the partitions because the isolation of the temporary partition ensures that the security of the remaining partitions may remain uncompromised.

Abstract: A user provides at least one electronic contact address, such as a telephone number, during a registration process. The user is verified by establishing a connection with the user via the electronic contact address. Notification events are established, and the electronic contact address re-verified with the user via the electronic contact address when the notification event occurs. A re-verification code is conveyed to the user, which is returned by the user via an on-line form or telephone entry.

Abstract: Concepts and technologies are disclosed herein for preventing spoofing attacks for bone conduction applications. According to one aspect, a device can receive an authentication signal that has propagated through a body. The device can prevent an adversary from using the authentication signal to spoof a user to be authenticated by the device. The device can also authenticate the user.

Abstract: An information processing apparatus, a method of controlling the same, and a non-transitory computer-readable storage medium. The information processing apparatus comprises management unit configured to manage a login application at least having both a login screen display function and a user authentication function. The apparatus, in a case where a plug-in module, having one function out of the login screen display function and the user authentication function, is added to the information processing apparatus, enables the function of the plug-in module, and enables the function of the login application other than the function of the plug-in module.

Abstract: A display device is disclosed. The display device comprising: a display unit; a sensor unit; a storage unit; and a processor configured to: provide feedback for indicating a security on state of selected first information when selection input for selecting the first information in the security on state is detected, when a security off input for clearing security is detected in response to the feedback, obtain the fingerprint using the display unit, and convert the first information in the security on state into a security off state when the obtained fingerprint is matched with a pre-stored fingerprint, when a security maintenance input for maintaining security is detected in response to the feedback, maintain the security on state of the first information.

Abstract: Various embodiments described herein relate to apparatus for executing software in a secure computing environment. A secure processor can be used and configured to request a context swap from a first context to a second context when switching execution from a first portion of software to a second portion of software. A context manager, which can be in communication with the secure processor, can be configured to receive and initiate a requested context swap. A trust vector verifier, which can be in communication with the secure processor and the context manager, can be configured to load a trust vector descriptor upon command from a context manager.

Abstract: In a printing apparatus, a controller authenticates a user with using first authentication information, and printing is allowed according to successful authentication using the first authentication information and printing is prohibited according to failed authentication using the first authentication information. The controller determines whether an authentication request condition is satisfied, and according to determination that the authentication information request condition is satisfied, the controller requests a user to input second authentication information and authenticates the user with using the second authentication information. Printing is allowed according to successful authentication using the second authentication information, and printing is prohibited according to failed authentication using the second authentication.

Abstract: First and second active optical modules that terminate first and second active optical cable segments, each of which having a respective active end and a respective passive end, can be authenticated by: reading information from active-end storage devices attached to the respective active ends of the first and second active optical modules; providing information read from the active-end storage devices to an aggregation point; reading information from passive-end storage devices attached to the respective passive ends of the first and second active optical cable segments; providing information read from passive-end storage devices to the aggregation point; and authenticating the first and second active optical modules using information provided to the aggregation point.

Abstract: Embodiments for updating roles based system access to a user include systems for identifying an application login event and a role associated with the login event. Further the embodiments include selecting an application shell comprising data for an application, the data being associated with the identified role and where the application is a first version of the application, selecting a second version of the application that is different from the first version, modifying the data of the application shell in response to selecting the second version of the application, and providing the modified data to the application associated with a computing device of a user in response to the login event. In specific embodiments, data unrelated to the identified role is not provided to the application or stored in the computing device.

Abstract: The disclosure relates to a mobile terminal communicable with a glass-type terminal and a method for controlling the same. The mobile terminal comprises a wireless communication unit configured to communicate with a glass-type terminal, a display unit configured to display visual information, and a controller configured to transmit output-limited information having a limitation in output on the display unit to the glass-type terminal so that the output-limited information may be output on the glass-type terminal when the mobile terminal is in communication with the glass-type terminal.

Abstract: Provided are an apparatus and method for enhancing security and safety of an embedded system by monitoring and blocking unauthorized execution of a shell command in the embedded system. The apparatus for guaranteeing safe execution of the shell command in the embedded system includes a shell command detection part configured to detect an execution request of the shell command, and a shell command execution control part configured to control execution of the shell command according to whether a password based on safety is provided for the detected shell command.

Abstract: A method and an apparatus for smart key management are disclosed. The apparatus for smart key management can receive a smart key duplicate request message from a user terminal, perform user authentication using terminal information or user information included in the smart key duplicate request message, duplicate a registered smart key corresponding to the terminal information or the user information if the result the user authentication is authentication success, and transmit the duplicated smart key to a target terminal using the target terminal information.

Abstract: This invention is for a system capable of securing one or more fixed or mobile computing device and connected system. Each device is configured to change its operating posture by allowing, limiting, or disallowing access to applications, application features, devices features, data, and other information based on the current Tailored Trustworthy Space (TTS) definitions and rules which provided for various situationally dependent scenarios. Multiple TTS may be defined for a given deployment, each of which specifies one or more sensors and algorithms for combining sensor data from the device, other connected devices, and/or other data sources from which the current TTS is identified. The device further achieves security by loading digital credentials through a unidirectional multidimensional physical representation process which allows for the device to obtain said credentials without the risk of compromising the credential issuing system through the data transfer process.

Abstract: A web server authenticates a user with a web client using a database user table and provides a list of new applications, suspended application sessions, and running application sessions. In response to a request for a new application session, a connection is made from an agent server to an application server hosting the requested application, and connection information including a unique session_ID is added to a database session table such that the client can send a user selection for a session_ID to the web server, which associates the requested session_ID to an existing suspended or running application session using the connection database. For additional security, the client is determined to be trusted or untrusted, and if untrusted, connections to the client are made through a forwarding host, which makes connections to the agent server, and the agent server maintains persistent connections from the agent server to the application server.

Abstract: According to one embodiment, an identity authentication system includes a detecting unit that detects an identity theft by determining whether a photographing target is a living body or a non-living body, a collating unit that performs identity collation based on a photographed image, and a control unit that controls execution timing of a detection process performed by the detecting unit and an identity collating processing performed by the collating unit and, in a case where the detection performed by the detecting unit is performed for a first number of times, performs the collation process performed by the collating unit, wherein the first number of times is set in consideration of a tradeoff between a required intensity of security and convenience of a user using the identity authentication system.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for detecting an input comprising an object contacting a surface of an apparatus, determining object characteristics based on the detected input and selecting a user profile based on the determined object characteristics.

Abstract: Some embodiments provide a method for configuring a logical firewall in a hosting system that includes a set of nodes. The logical firewall is part of a logical network that includes a set of logical forwarding elements. The method receives a configuration for the firewall that specifies packet processing rules for the firewall. The method identifies several of the nodes on which to implement the logical forwarding elements. The method distributes the firewall configuration for implementation on the identified nodes. At a node, the firewall of some embodiments receives a packet, from a managed switching element within the node, through a software port between the managed switching element and the distributed firewall application. The firewall determines whether to allow the packet based on the received configuration. When the packet is allowed, the firewall the packet back to the managed switching element through the software port.

Abstract: Methods and apparatus for performing user authentication using pointing device gestures are disclosed. An example method includes receiving, by a computing device, input data from a pointing device that is operatively coupled with the computing device, where the received input data corresponds with a user gesture, and comparing the received user gesture with one or more authorized user gestures to determine if the received user gesture matches one of the authorized user gestures, where each of the one or more authorized user gestures corresponds with at least one of a respective username and a respective password. If the received user gesture matches one of the authorized user gestures, the example method include granting access to the computing device and/or a user account. If the received user gesture does not match any of the authorized user gestures, the example method includes denying access to the computing device and/or the user account.

Abstract: Provided is a system for controlling access to a security engine of a mobile terminal including a basic operating system and a security engine in which an app ID and user authentication information are transmitted to the security engine in order to execute a reliable app installed in the basic operating system and use a security function of the security engine, and the security engine performs authentication of whether an app is the reliable app or whether a user executing the reliable app is an owner of the mobile terminal based on the app ID transmitted from the basic operating system and the user authentication information and then permits access to the security engine.

Abstract: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: An authentication processing device receives biometric data to be checked from a biometric measuring device; transforms the biometric data that is input from the biometric measuring device by using a checking transformation parameter that is different from a registration transformation parameter; and creates checking biometric data. Then, the authentication processing device performs a differential transformation process on the created checking biometric data by using a differential parameter by which a transformation state transformed by the checking transformation parameter and a transformation state transformed by the registration transformation parameter have the same state. Thereafter, the authentication processing device checks the transformed checking biometric data against the registration biometric data stored in a transformation registration data DB and performs authentication.

Abstract: A method is provided for using obtaining a reproducible device identifier from a physically unclonable function. An authentication device may receive a first physically unclonable function (PUF) dataset from the electronic device, the first PUF dataset including characteristic information generated from a physically unclonable function in the electronic device. The authentication device may then identify a pre-stored PUF dataset corresponding to the electronic device. Authentication of the electronic device may be performed by correlating the pre-stored PUF dataset and the first PUF dataset for the electronic device, wherein such correlation is based on a pattern or distribution correlation the pre-stored PUF dataset and the first PUF dataset. Because such correlation is performed on datasets, and not individual points, systematic variations can be recognized by the correlation operation leading to higher correlation than point-by-point comparisons.

Abstract: Aspects of the subject technology relate to a compliance station including a test breakout board coupled to a computing device and a trusted platform module, wherein the test breakout board is configured to allow signaling to pass between the computing device and the trusted platform module and a test controller interface coupled to the test breakout board. In certain aspects, the test controller interface is configured to provide signaling to the trusted platform module and to receive signaling from the trusted platform module. A method and computer-readable medium are also provided.

Abstract: An apparatus and method for zero knowledge proof security techniques within a computing platform. One embodiment includes a security module executed on a processing core to establish a domain of trust among a plurality of layers by sending a challenge from a verification layer to a first prover layer, the challenge comprising an indication of at least one selected option; in response to receiving the challenge, generating first verification information at the first prover layer based on the secret and the indication of the selected option; sending the first verification information to at least a second prover layer, the second prover layer generating second verification information based on the first verification information and the indication of the selected option; and performing a verification operation at the verification layer using the second verification information based on the selected option.

Abstract: A keyboard is disclosed. The keyboard may comprise a biometric sensor configured for authenticating a user; a docking station configured for receiving a security device; and a processor configured for facilitating communication between the biometric sensor and the security device docked in the docking station with a computing device coupled to the keyboard.

Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.

Abstract: Provided herein is an image forming apparatus, comprising: a consumable unit where a CRUM (Customer Replaceable Unit Monitoring) chip is mounted; and a main body configured to perform at least one of a first authentication and a second authentication of the consumable unit, when the consumable unit is mounted, wherein the main body comprises: a main controller for performing the first authentication according to firmware stored in the image forming apparatus; and an authentication controller for using at least one ASIC (Application Specific Integrated Circuit) to perform the second authentication of the consumable unit. Accordingly, it is possible to effectively authenticate a consumable unit even when the image forming apparatus is hacked.

Abstract: An unlock processing method for a terminal, includes: receiving an input unlocking instruction from a user; determining whether the user belongs to a preset user group according to the unlocking instruction; and acquiring and storing information regarding the user, if it is determined that the user does not belong to the preset user group.

Abstract: An access control system includes a mobile device, a control device and an electronic lock module. The mobile device includes an input module, an identification module, a display module, a storage module, a battery module, a wireless transmission module and a central processor. The control device connects with the mobile device wirelessly and includes a wireless transceiver module, a power module, a memory module, an electronic control module and a microcontroller. The electronic control module of the control device is electrically connected with the electronic lock device. The identification module captures the biological characteristic of the user so as to make the identification module identify the biological characteristic of the user, so as to lower an identification burden of the access control system and ensure a usage security of the access control system.

Abstract: A protection system for an automate process control system (APCS) includes a plurality of programmable anti-intrusion (PAI) modules. The PAI modules are places throughout the APCS used for: analyzing a system for presence of un-authorized devices or un-authorized connections; detection of undocumented (i.e., not declared) devices and suspicious commands from connected devices; filtering various types of activities (i.e., wrong packets, unidentified activities, certain types of commands etc.); analyzing different network layers for un-authorized data transmissions; and maintaining device behavior (heuristic) logs.

Abstract: Method and apparatus for secure processing. The method includes detecting communication among secure and non-secure data entities, prohibiting execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in a permitted instruction record, and prohibiting execution of non-secure executable instructions if the non-secure executable instructions are recorded in a prohibited instruction record.

Abstract: A SoC includes multiple hardware modules that are implemented on a substrate. The hardware modules include a plurality of hardware and software security features and the SoC provides one or more external interfaces for accessing the security features. A validation module, implemented in the boot code of the SoC for example, manages security certificates to control access to the plurality of security features. Each security certificate includes one or more unique identifiers corresponding to one or more hardware modules in the SoC and access control settings for one or more security features of the one or more hardware modules. The security certificate additionally includes a certificate signature signed by a secure key.

Abstract: A method and apparatus for extending an authentication timeout period for an electronic device includes a primary processor of the electronic device initiating an authentication timeout period at a timeout initiation time and putting the primary processor into a sleep mode. The method also includes awakening the primary processor from the sleep mode at an expiration time, upon expiration of the authentication timeout period, and determining whether an authentication timeout extending input was detected by an adjunct processor of the electronic device at an input detection time that occurred during the authentication timeout period. The method further includes extending the authentication timeout period to expire at an extended expiration time, which is based on the input detection time, when the authentication timeout extending input was detected by the adjunct processor or locking the electronic device when the authentication timeout extending input was not detected by the adjunct processor.

Abstract: System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device.

Abstract: An image processing apparatus capable of executing a task including a plurality of processes includes the following units: an acquisition unit that acquires the security levels of the plurality of processes based on security-level information that defines the security level of each process; a specification unit that specifies a lowest-level process that is a process having a lowest security level, from among the plurality of processes; and a notification unit that notifies a user of information regarding the lowest-level process.

Abstract: A user of a computing device can be authenticated using image information captured by at least one camera of the computing device. In addition to analyzing the image information using a facial recognition algorithm, for example, variations in color of a portion of the captured image information corresponding to a user's face can be monitored over a period of time. The variations can be analyzed to determine whether the captured image information likely corresponds to an actual human user instead of a representation (e.g., photo) of a human user, such as where the chroma variations in at least a red channel occur with an oscillation frequency and amplitude consistent with changes due to a pulse or heartbeat.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: An electronic device includes an acceleration sensor and a rotation sensor, both being independently powered, in providing a method of unlocking when locked. An acceleration of the electronic device is detected using the acceleration sensor and a rotation angle of the electronic device is then detected using the rotation sensor. The electronic device is unlocked only if the acceleration of the electronic device exceeds the predetermined value and the electronic device is additionally rotated a predetermined angle within a predetermined time.