Abstract: The disclosure relates to a mobile terminal communicable with a glass-type terminal and a method for controlling the same. The mobile terminal comprises a wireless communication unit configured to communicate with a glass-type terminal, a display unit configured to display visual information, and a controller configured to transmit output-limited information having a limitation in output on the display unit to the glass-type terminal so that the output-limited information may be output on the glass-type terminal when the mobile terminal is in communication with the glass-type terminal.

Abstract: A method and an apparatus for smart key management are disclosed. The apparatus for smart key management can receive a smart key duplicate request message from a user terminal, perform user authentication using terminal information or user information included in the smart key duplicate request message, duplicate a registered smart key corresponding to the terminal information or the user information if the result the user authentication is authentication success, and transmit the duplicated smart key to a target terminal using the target terminal information.

Abstract: This invention is for a system capable of securing one or more fixed or mobile computing device and connected system. Each device is configured to change its operating posture by allowing, limiting, or disallowing access to applications, application features, devices features, data, and other information based on the current Tailored Trustworthy Space (TTS) definitions and rules which provided for various situationally dependent scenarios. Multiple TTS may be defined for a given deployment, each of which specifies one or more sensors and algorithms for combining sensor data from the device, other connected devices, and/or other data sources from which the current TTS is identified. The device further achieves security by loading digital credentials through a unidirectional multidimensional physical representation process which allows for the device to obtain said credentials without the risk of compromising the credential issuing system through the data transfer process.

Abstract: A web server authenticates a user with a web client using a database user table and provides a list of new applications, suspended application sessions, and running application sessions. In response to a request for a new application session, a connection is made from an agent server to an application server hosting the requested application, and connection information including a unique session_ID is added to a database session table such that the client can send a user selection for a session_ID to the web server, which associates the requested session_ID to an existing suspended or running application session using the connection database. For additional security, the client is determined to be trusted or untrusted, and if untrusted, connections to the client are made through a forwarding host, which makes connections to the agent server, and the agent server maintains persistent connections from the agent server to the application server.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for detecting an input comprising an object contacting a surface of an apparatus, determining object characteristics based on the detected input and selecting a user profile based on the determined object characteristics.

Abstract: According to one embodiment, an identity authentication system includes a detecting unit that detects an identity theft by determining whether a photographing target is a living body or a non-living body, a collating unit that performs identity collation based on a photographed image, and a control unit that controls execution timing of a detection process performed by the detecting unit and an identity collating processing performed by the collating unit and, in a case where the detection performed by the detecting unit is performed for a first number of times, performs the collation process performed by the collating unit, wherein the first number of times is set in consideration of a tradeoff between a required intensity of security and convenience of a user using the identity authentication system.

Abstract: Methods and apparatus for performing user authentication using pointing device gestures are disclosed. An example method includes receiving, by a computing device, input data from a pointing device that is operatively coupled with the computing device, where the received input data corresponds with a user gesture, and comparing the received user gesture with one or more authorized user gestures to determine if the received user gesture matches one of the authorized user gestures, where each of the one or more authorized user gestures corresponds with at least one of a respective username and a respective password. If the received user gesture matches one of the authorized user gestures, the example method include granting access to the computing device and/or a user account. If the received user gesture does not match any of the authorized user gestures, the example method includes denying access to the computing device and/or the user account.

Abstract: Some embodiments provide a method for configuring a logical firewall in a hosting system that includes a set of nodes. The logical firewall is part of a logical network that includes a set of logical forwarding elements. The method receives a configuration for the firewall that specifies packet processing rules for the firewall. The method identifies several of the nodes on which to implement the logical forwarding elements. The method distributes the firewall configuration for implementation on the identified nodes. At a node, the firewall of some embodiments receives a packet, from a managed switching element within the node, through a software port between the managed switching element and the distributed firewall application. The firewall determines whether to allow the packet based on the received configuration. When the packet is allowed, the firewall the packet back to the managed switching element through the software port.

Abstract: Provided is a system for controlling access to a security engine of a mobile terminal including a basic operating system and a security engine in which an app ID and user authentication information are transmitted to the security engine in order to execute a reliable app installed in the basic operating system and use a security function of the security engine, and the security engine performs authentication of whether an app is the reliable app or whether a user executing the reliable app is an owner of the mobile terminal based on the app ID transmitted from the basic operating system and the user authentication information and then permits access to the security engine.

Abstract: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: An authentication processing device receives biometric data to be checked from a biometric measuring device; transforms the biometric data that is input from the biometric measuring device by using a checking transformation parameter that is different from a registration transformation parameter; and creates checking biometric data. Then, the authentication processing device performs a differential transformation process on the created checking biometric data by using a differential parameter by which a transformation state transformed by the checking transformation parameter and a transformation state transformed by the registration transformation parameter have the same state. Thereafter, the authentication processing device checks the transformed checking biometric data against the registration biometric data stored in a transformation registration data DB and performs authentication.

Abstract: A method is provided for using obtaining a reproducible device identifier from a physically unclonable function. An authentication device may receive a first physically unclonable function (PUF) dataset from the electronic device, the first PUF dataset including characteristic information generated from a physically unclonable function in the electronic device. The authentication device may then identify a pre-stored PUF dataset corresponding to the electronic device. Authentication of the electronic device may be performed by correlating the pre-stored PUF dataset and the first PUF dataset for the electronic device, wherein such correlation is based on a pattern or distribution correlation the pre-stored PUF dataset and the first PUF dataset. Because such correlation is performed on datasets, and not individual points, systematic variations can be recognized by the correlation operation leading to higher correlation than point-by-point comparisons.

Abstract: Aspects of the subject technology relate to a compliance station including a test breakout board coupled to a computing device and a trusted platform module, wherein the test breakout board is configured to allow signaling to pass between the computing device and the trusted platform module and a test controller interface coupled to the test breakout board. In certain aspects, the test controller interface is configured to provide signaling to the trusted platform module and to receive signaling from the trusted platform module. A method and computer-readable medium are also provided.

Abstract: An apparatus and method for zero knowledge proof security techniques within a computing platform. One embodiment includes a security module executed on a processing core to establish a domain of trust among a plurality of layers by sending a challenge from a verification layer to a first prover layer, the challenge comprising an indication of at least one selected option; in response to receiving the challenge, generating first verification information at the first prover layer based on the secret and the indication of the selected option; sending the first verification information to at least a second prover layer, the second prover layer generating second verification information based on the first verification information and the indication of the selected option; and performing a verification operation at the verification layer using the second verification information based on the selected option.

Abstract: A keyboard is disclosed. The keyboard may comprise a biometric sensor configured for authenticating a user; a docking station configured for receiving a security device; and a processor configured for facilitating communication between the biometric sensor and the security device docked in the docking station with a computing device coupled to the keyboard.

Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.

Abstract: An unlock processing method for a terminal, includes: receiving an input unlocking instruction from a user; determining whether the user belongs to a preset user group according to the unlocking instruction; and acquiring and storing information regarding the user, if it is determined that the user does not belong to the preset user group.

Abstract: Provided herein is an image forming apparatus, comprising: a consumable unit where a CRUM (Customer Replaceable Unit Monitoring) chip is mounted; and a main body configured to perform at least one of a first authentication and a second authentication of the consumable unit, when the consumable unit is mounted, wherein the main body comprises: a main controller for performing the first authentication according to firmware stored in the image forming apparatus; and an authentication controller for using at least one ASIC (Application Specific Integrated Circuit) to perform the second authentication of the consumable unit. Accordingly, it is possible to effectively authenticate a consumable unit even when the image forming apparatus is hacked.

Abstract: A protection system for an automate process control system (APCS) includes a plurality of programmable anti-intrusion (PAI) modules. The PAI modules are places throughout the APCS used for: analyzing a system for presence of un-authorized devices or un-authorized connections; detection of undocumented (i.e., not declared) devices and suspicious commands from connected devices; filtering various types of activities (i.e., wrong packets, unidentified activities, certain types of commands etc.); analyzing different network layers for un-authorized data transmissions; and maintaining device behavior (heuristic) logs.

Abstract: Method and apparatus for secure processing. The method includes detecting communication among secure and non-secure data entities, prohibiting execution of non-secure executable instructions on secure data entities unless the non-secure executable instructions are recorded in a permitted instruction record, and prohibiting execution of non-secure executable instructions if the non-secure executable instructions are recorded in a prohibited instruction record.

Abstract: An access control system includes a mobile device, a control device and an electronic lock module. The mobile device includes an input module, an identification module, a display module, a storage module, a battery module, a wireless transmission module and a central processor. The control device connects with the mobile device wirelessly and includes a wireless transceiver module, a power module, a memory module, an electronic control module and a microcontroller. The electronic control module of the control device is electrically connected with the electronic lock device. The identification module captures the biological characteristic of the user so as to make the identification module identify the biological characteristic of the user, so as to lower an identification burden of the access control system and ensure a usage security of the access control system.

Abstract: A method and apparatus for extending an authentication timeout period for an electronic device includes a primary processor of the electronic device initiating an authentication timeout period at a timeout initiation time and putting the primary processor into a sleep mode. The method also includes awakening the primary processor from the sleep mode at an expiration time, upon expiration of the authentication timeout period, and determining whether an authentication timeout extending input was detected by an adjunct processor of the electronic device at an input detection time that occurred during the authentication timeout period. The method further includes extending the authentication timeout period to expire at an extended expiration time, which is based on the input detection time, when the authentication timeout extending input was detected by the adjunct processor or locking the electronic device when the authentication timeout extending input was not detected by the adjunct processor.

Abstract: System and method for securing a personal device that includes a device core and a peripheral device from unauthorized access or operation. The system comprises an isolated switch, included fully or partially within an envelope of the personal device. The isolated switch cannot be affected in its operation by either the device core or the peripheral device. The switch may be operated by an authorized user of the personal device either preemptively or in response to a detected threat. In some embodiments, the isolated switch includes an isolated controller which can send one or more signals to the peripheral device and/or part of peripheral device. In some embodiments, the isolated switch includes an isolated internal component and an isolated external component, both required to work together to trigger the isolated switch operation. In some embodiments, the isolated switch includes an isolated disconnector for connecting and disconnecting the device core from part of the peripheral device.

Abstract: A SoC includes multiple hardware modules that are implemented on a substrate. The hardware modules include a plurality of hardware and software security features and the SoC provides one or more external interfaces for accessing the security features. A validation module, implemented in the boot code of the SoC for example, manages security certificates to control access to the plurality of security features. Each security certificate includes one or more unique identifiers corresponding to one or more hardware modules in the SoC and access control settings for one or more security features of the one or more hardware modules. The security certificate additionally includes a certificate signature signed by a secure key.

Abstract: A user of a computing device can be authenticated using image information captured by at least one camera of the computing device. In addition to analyzing the image information using a facial recognition algorithm, for example, variations in color of a portion of the captured image information corresponding to a user's face can be monitored over a period of time. The variations can be analyzed to determine whether the captured image information likely corresponds to an actual human user instead of a representation (e.g., photo) of a human user, such as where the chroma variations in at least a red channel occur with an oscillation frequency and amplitude consistent with changes due to a pulse or heartbeat.

Abstract: An image processing apparatus capable of executing a task including a plurality of processes includes the following units: an acquisition unit that acquires the security levels of the plurality of processes based on security-level information that defines the security level of each process; a specification unit that specifies a lowest-level process that is a process having a lowest security level, from among the plurality of processes; and a notification unit that notifies a user of information regarding the lowest-level process.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: An electronic device includes an acceleration sensor and a rotation sensor, both being independently powered, in providing a method of unlocking when locked. An acceleration of the electronic device is detected using the acceleration sensor and a rotation angle of the electronic device is then detected using the rotation sensor. The electronic device is unlocked only if the acceleration of the electronic device exceeds the predetermined value and the electronic device is additionally rotated a predetermined angle within a predetermined time.

Abstract: Systems, methods and products directed toward facilitating firmware updates in a hybrid computing environment. One aspect includes providing a primary operating environment and a secondary operating environment in an information handling device; downloading one or more firmware update packages appropriate for the secondary operating environment to the primary operating environment; and executing a firmware update tool from the primary operating environment, the firmware update tool being configured to install the one or more firmware update packages on the secondary operating environment. Other embodiments are described herein.

Abstract: The present invention relates to a system and architecture for securing otherwise unsecured computer subsystems. According to one aspect, the invention provides an independent hardware platform for running software in a secure manner. According to another aspect, the invention provides the means to control and secure all disk, network and other I/O transactions. According to still further aspects, the invention provides a means to monitor and prevent unauthorized user and malicious software activity Additional aspects include providing a secure platform for device and user authentication as well as encryption key management, providing a means to perform background backup snapshots, and providing the means for enabling full management over computer operations.

Abstract: A software widget running on a user device may be designed to operate in a locked or an unlocked mode. In unlocked mode, the user has full interactivity with the widget. In locked mode, however, at least some of the interactivity with the widget is restricted, despite the fact that the widget still operates normally otherwise while in the locked mode. While in locked mode, user input may be compared against a predefined unlocking sequence to determine if the widget should be unlocked.

Abstract: Provided is a license management system comprising: a license check device that independently operates on a platform; and an information processing device that is connected to the license check device, in which the license check device includes: a license check unit that checks for presence or absence of a license of the information processing device; a first start unit that starts the license check unit in response to a call instructed by the platform; and a calling unit that calls, when the license check unit determines that the license is present, the information processing device, and in which the information processing device includes: an information processing unit that performs a specific information processing; and a second start unit that starts the information processing unit only in response to the call from the license check device.

Abstract: Methods, systems, and apparatus for voice authentication and command. In an aspect, a method comprises: receiving, by a data processing apparatus that is operating in a locked mode, audio data that encodes an utterance of a user, wherein the locked mode prevents the data processing apparatus from performing at least one action; providing, while the data processing apparatus is operating in the locked mode, the audio data to a voice biometric engine and a voice action engine; receiving, while the data processing apparatus is operating in the locked mode, an indication from the voice biometric engine that the user has been biometrically authenticated; and in response to receiving the indication, triggering the voice action engine to process a voice action that is associated with the utterance.

Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.

Abstract: A method for digitally signing a document, a secure device, and a computer program product for implementing the method. The method employs a secure device which is protected against malicious software or malware and is adapted to establish a secure connection to a recipient via a host. The method includes: connecting to a terminal; accessing the contents of a document received by the secure device; instructing at the secure device to communicate the accessed contents to an output device other than the terminal such that the contents can be verified by a user; ascertaining at the secure device a command received to digitally sign the document; executing at the secure device the ascertained command; and instructing to send a digitally signed document to a recipient over a connection established via the host connected to a telecommunication network.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: A method and apparatus for unlocking a lock screen in an electronic device are provided. A method for unlocking a lock screen in an electronic device includes displaying a lock screen in which objects of the On and Off state have been randomly disposed, detecting a gesture for unlocking the lock screen, determining whether or not a first unlocking value generated in response to the gesture is identical with a predetermined second unlocking value, and unlocking the lock screen if the first unlocking value is identical with the second unlocking value.

Abstract: Provided is an information processing apparatus configured to execute at least one function, including: a storage configured to store a first code; an authentication unit configured to obtain a second code from an external storage medium, and to verify the second code against the first code to thereby authenticate the second code; an execution allowing unit configured, when the authentication unit succeeds in authentication, to allow execution of a predetermined function out of the at least one function; and an update unit configured, when the authentication unit succeeds in authentication, to update the first code stored in the storage with another first code, and to update the second code stored in the external storage medium with another second code such that the authentication unit will succeed in authentication based on the updated first code.

Abstract: The pureness of a connection between an external device and a host computer can be inspected or monitored to determine the status: connected or disconnected. When it is determined that a disconnection state is entered, an indication can be sent to the host and, in parallel, the data transportation from and/or to the external device may be manipulated. In some embodiments an exemplary connection protector device (CPD) may be added to the connection in between the external device and the host. The CPD can have two connectors one for the host and one for the cable of the external device. The CPD can be adapted to identify any disconnection in the connection with the host and/or the connection with the external device on the other side of the CPD.

Abstract: The present invention relates to an apparatus and a method for managing digital rights using virtualization technique, and more particularly to an apparatus and a method for enabling a user to access a desired text file in an independent area through a virtual machine corresponding to a licensed right for accessing the text file. The present invention comprises a virtual machine (VM) management unit for controlling a user access authorization function for accessing the text file in the area to which the virtualization technique is applied.

Abstract: A system is provided for updating the conditions under which a telecommunication device accesses services provided by a telecommunication network. The system includes a network access point through which the device accesses the network, and a database, wherein the system authenticates the device via the access point on the basis of authentication data transferred by the device as well as the database storing the profile associated with the authentication data. The access point controls the conditions under which the device accesses the network services once the device has been authenticated and on the basis of the device profile. The system generates a second authentication command for the device via the access point following an alteration of the profiled associated with the authentication data.

Abstract: An unlocking application limits access to a computer application on a computing device. The unlocking application is configurable with at least one unlocking command comprising a sequence of inputs received by input devices of the computing device. The unlocking application limits access to at least one of the computer applications by requiring a user of the computing device to provide the at least one unlocking command using the input devices to access the at least one computer application.

Abstract: A computing device can receive an indication of a change in the proximity state of a first structure of an attachment mechanism and a second structure of the attachment mechanism. Responsive to receiving the indication, the computing device can be operable to change, based at least in part on the indication, a current access mode provided by the computing device. In some examples, both the computing device and the attachment mechanism may be part of a wearable computing device. In other examples, the computing device may be or be part of a physically separate device from the attachment mechanism.

Abstract: The present invention relates to a motion input device for portable terminal and an operation method using the same. A motion input device of a portable terminal of the present invention includes a sensor unit configured to collect a sensor signal from at least one sensor; an operation recognition unit configured to generate a motion signal corresponding to an operation of portable terminal based on the sensor signal; a scenario preparation unit configured to generate an input scenario based on at least one motion signal; and a scenario mapping unit configured to detect, in a scenario database, a standards scenario corresponding to the input scenario, and to generate an input signal corresponding to the standards scenario.

Abstract: Data are accessed securely in a data storage device that includes a non-volatile solid-state storage device integrated with a magnetic storage device. An identical copy of drive security data, such as an encrypted version of a drive access password, is stored in both the non-volatile solid-state storage device and in the magnetic storage device. In response to receiving a command from a host device that results in access to the magnetic storage device, access is granted to the magnetic storage device if the copy of drive security data stored in the non-volatile solid-state storage device matches the copy of drive security data stored in the magnetic storage device. Furthermore, encrypted drive-unique identification data associated with the drive may be stored in both the non-volatile solid-state storage device and the magnetic storage device, and access is granted if both copies of the encrypted drive-unique identification data match.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: Disclosed are a method for unlocking a screen and a system for installing a screen. It is determined whether to unlock the screen by calculating an angle between a starting position and a current position of a touch point on the screen with the unlocking reference point as a vertex of the angle. With a technical solution of the disclosure, no path or destination position for screen unlocking is defined, with more casual operation, enhanced user experience, and simpler setting, thereby facilitating usage. Moreover, unlocking by mistake can also be prevented by the setting.

Abstract: A method of authenticating access to an electrical device. The method comprises comparing, at an electronic processor, one or more patterns of temporal or physical properties, associated with an access entry string, to a non-transitory electronic profile data base of ranges of the corresponding patterns, from previously approved access entry strings. The method also comprises approving or denying at the electronic processor, the access entry string. The access entry string is approved if the one or more patterns falls within the respective range of the corresponding patterns in the profile data base. The access entry string is denied if the one or more patterns falls outside the respective range of the corresponding patterns in the profile data base.

Abstract: Two computing subsystems are disclosed, one a control subsystem, the other a user subsystem, each using engines with augmented conventional instruction sets, together with hardware and/or firmware, to compartmentalize execution of user programs to insure their behavior does not exceed defined bounds. Programs hidden in data cannot execute. User programs cannot alter the control program that manages the overall system.