Abstract: The present invention provides a remote control method and system for a smart card. The remote control method for a smart card includes the following steps: a smart card management platform receives a request for destruction of a smart card from a user (S101); the smart card management platform carries out short message interactive processing with a terminal via a mobile network platform according to the request to make the terminal destruct the smart card (S103).

Abstract: Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.

Abstract: A cloud connector key includes a network interface configured to connect to a network, a mass storage interface configured to connect to a network isolated device, and a computation module operatively connected to the network interface and the mass storage interface. The computational module is configured to connect to a cloud repository using the network interface by obtaining, from storage on the cloud connector key, a network address of the cloud repository, requesting connection to the cloud repository using the network address, and authenticating, using credentials in the storage on the cloud connector key, to an account in the cloud repository. The computational module is further configured to transfer a file between the account in the cloud repository and a network isolated device via the mass storage interface.

Abstract: Disclosed are systems, methods and computer program products for multi-level user authentication. In one example, method includes detecting a plug-in token connected to a device that controls user access to a protected resource; identifying one or more authorized users associated with the detected token who are authorized to access the protected resource; authenticating whether a first user requesting accessing the protected resource is associated with the detected token and authorized to access the protected resource; detecting presence of one or more wireless transponders of one or more authorized users associated with the token, including at least a transponder of the first user; and providing access to the protected resource to the first user when the first user is authenticated as an authorized user associated with the detected token and the transponder of at least the first user is detected.

Abstract: A method for authorizing access to a first computing device is provided. The method comprises the first computing device forming a challenge, encoding the challenge into a symbol, and displaying the symbol. The first computing device receives a request for access from a user. Access to the first computing device is allowed in response to provision of an access code to the first computing device by the user. The access code is formed by a server in response to capturing the symbol, decoding the symbol into the challenge, forming a request from the challenge, and providing the request to the server. The server forms a decision to allow access by the user to the first computing device.

Abstract: An image processing device includes a plurality of printers (Pr1, Pr2, Pr3, Pr4, . . . ) and a plurality of client machines (PC1, PC2, PC3, PC4, PC5, . . . ). When requesting an image data processing to a printer other than the printer to which an image data processing has been requested firstly, the client machine checks the security level of the other printer to which the image data processing is to be requested before requesting the image data distribution processing to the other printer. When selecting another printer to which the image data distribution processing is to be requested, the security level in each printer is sufficiently considered.

Abstract: An information processing apparatus includes firmware incorporated in the apparatus; utility software that can be installed and uninstalled; a first restricting unit; and a second restricting unit. The information processing apparatus executes the firmware and the utility software to access a device. The firmware uses the first restricting unit to restrict use of the device on the basis of restriction information, supplies the restriction information to the utility software, and removes the restriction by the first restricting unit if an instruction to remove the restriction is received from the utility software. The utility software determines whether the use of the device has already been restricted by the second restricting unit when the utility software receives the restriction information from the firmware, and instructs the firmware to remove the restriction by the first restricting unit if the use of the device has already been restricted by the second restricting unit.

Abstract: An insulin pump is configurable by a configurator. The pump has parameter blocks, each with a respective parameter and an associated restriction setting, and the configurator has an authorization level. Configuring the pump includes receiving, by the configurator, a request to access a parameter on the pump. The method also includes identifying, by the configurator, the parameter block that includes the parameter. Moreover, the method includes retrieving, by the configurator from the pump, the parameter and the associated restriction setting, and comparing, by the configurator, the authorization level of the configurator to the restriction setting. Also, the method includes determining, by the configurator, whether the configurator is authorized to write to the parameter block based on the comparison. Additionally, the method includes writing, by the configurator, to the parameter block on the insulin pump in response to a determination that the configurator is authorized to write to the parameter block.

Abstract: A system is configured to communicate an identity and perform a physical task. The system has an application controlled identity device is configured to receive and to store a user identity. An application controlled detection device is communicatively coupled to the application controlled identity device. An actuator is communicatively coupled to the application controlled detection device. The application controlled detection device comprises computer code programmed to compare the identity with the stored identity. The application controlled detection device further comprises computer code programmed to activate the actuator when the identity matches the stored identity.

Abstract: Devices, systems and methods that route a communication link to a proper destination are disclosed. The method may include connecting the communication link to a first destination; requesting a response from the first destination; validating the response from the first destination; and disconnecting the communication link to the first destination if the response from the first destination is not valid. The method may also include connecting the communication link to a second destination; requesting a response from the second destination; and disconnecting the communication link to the second destination if the response from the second destination is not valid. The devices, systems and methods may provide hunt group, call center and conference call features as discussed later herein.

Abstract: A method, system, and computer-readable storage medium for providing a unique identifier for a computer system and a message from a service external to the computer system, such as a laptop return service, for display when the computer system is powered on. The computer system is configured to restrict functionality until the service authorizes restoration of full functionality of the computer system. The message includes contact information for the laptop return service and, when the service is contacted, the service sends an instruction to return the computer system to full functionality. Other embodiments are described and claimed.

Abstract: An image forming apparatus includes a main controller unit provided in a main body of the image forming apparatus. The main controller includes a replacement component management memory to store lifespan information of a replacement component is provided in An authentication operation is performed with respect to the replacement component management memory, and the lifespan information of the replacement component is encrypted and stored in the replacement component management memory. Accordingly, the security of the main controller unit may be enhanced and illegal use of the replacement component may be prevented.

Abstract: Improved techniques to control utilization of accessory devices with electronic devices are disclosed. The improved techniques can use cryptographic approaches to authenticate electronic devices, namely, electronic devices that interconnect and communicate with one another. One aspect pertains to techniques for authenticating an electronic device, such as an accessory device. Another aspect pertains to provisioning software features (e.g., functions) by or for an electronic device (e.g., a host device). Different electronic devices can, for example, be provisioned differently depending on different degrees or levels of authentication, or depending on manufacturer or product basis. Still another aspect pertains to using an accessory (or adapter) to convert a peripheral device (e.g., USB device) into a host device (e.g., USB host). The improved techniques are particularly well suited for electronic devices, such as media devices, that can receive accessory devices.

Abstract: A device control apparatus includes: a usage instruction acceptance unit that accepts a usage instruction for a device; a determination unit that determines whether or not the device is a registered device that has been registered in a server based on registration information obtained from the server, and determines whether or not the device is a loaner device for the registered device based on loaner device information; a notification unit that performs a notification prompting a user to register the device as a registered device in the server; a prohibition unit that prohibits the device from being used in accordance with the usage instruction; and a permission unit that permits the device to be used in accordance with the usage instruction.

Abstract: According to one embodiment, a method of authenticating a user includes receiving login credentials identifying a user. A plurality of pressure readings are received from a plurality of pressure sensors coupled to a biometric grip device. The plurality of pressure readings comprise a first biometric pressure reading from a first pressure sensor coupled to the biometric grip device and a second biometric pressure reading from a second pressure sensor coupled the biometric grip device. The first and second biometric pressure readings measure a first pressure exerted at the first pressure sensor and a second pressure exerted at the second pressure sensor. A neurological number is generated from the plurality of pressure readings. The user is authenticated by comparing the neurological number with a registered neurological number. If the neurological number matches the registered neurological number, the user is authorized to access a computer system coupled to the biometric grip device.

Abstract: Managing and accessing personal data is described. In one example, an apparatus has an application processor, a memory to store data, a receive and a transmit array coupled to the application processor to receive data to store in the memory and to transmit data stored in the memory through a wireless interface, and an inertial sensor to receive user commands to authorize the processor to receive and transmit data through the receive and transmit array.

Abstract: A method for verifying the certification of a recording apparatus (14) associated to a control device (12), wherein the control device (12) validates a first certificate written on the recording apparatus (14). Furthermore, a method for identification of a recording apparatus (14), a method for handling a recording apparatus (14), and a recording apparatus for use in connection with a control device (12) are disclosed.

Abstract: A system and method of transmitting an authentication code includes automatically calculating a security code on a device executing a security program. The security program may periodically calculate a respective unique security code. In response to a user requesting the security code, the device automatically vibrates according to a pattern representing the security code. The pattern tactilely communicates the security code to the user.

Abstract: A method for authorizing a program sequence provides, despite centralization and the associated high latency and optionally faulty communication, an undisturbed program sequence accompanied by protection of base functionalities. Data of the program sequence may be maintained in various provided states, and at least one instruction of the program sequence which accesses the data is maintained in different, functionally equivalent implementations. The set of the state indices of the provided states and the multiset form a directed acyclic (multi)graph, wherein the provided states form the nodes, and the implementations of the instruction form the edges and/or multiple edges, of the graph.

Abstract: Systems and methods for stateless system management are described. Examples include a method wherein a user sends the management system a request to act upon a managed system. The management system determines whether the user is authorized for the requested action. Upon authorization, the management system looks up an automation principal, which is a security principal native to the managed system. The management system retrieves connecting credentials for the automation principal, and connects to the managed system using the retrieved credentials. Once the managed system is connected, the management system performs the requested action on the managed system, and sends the result back to the user.

Abstract: A method is disclosed herein for employing detected device context, user history, and inferred identity to cause biometric sensors identification levels to automatically adjust to reduce device access time, computational complexity, and power.

Abstract: The mock tool can be configured to create a mock execution environment for supporting software development processes. The mock execution environment is isolated from resources of the computing system supporting the mock execution environment and other mock execution environments. Further, the mock execution environment can be created to simulate disabling on any features of the operating system supporting the mock execution environment that could cause problems in the software development process.

Abstract: A method for protecting an integrated circuit. According to the method, the start-up of all, or part, of the circuit is determined in the presence of a key which is recorded in a non-volatile manner in the circuit, following the production thereof, and depends on at least one first parameter which is present in a non-volatile manner in the circuit after the production thereof.

Abstract: An avatar in a virtual world is provided with credentials for access to various parts of the virtual world by embedding information derived from avatar identification and authorized credential information in the form of a graphic image associated with the avatar. The embedded information is preferably encrypted.

Abstract: The present disclosure provides a method and system for remote control of a smart card. The method comprises that: a smart card management platform receives a request of locking or unlocking a smart card from a subscriber; and the smart card management platform performs interactive processing with a terminal side according to the request via a mobile network platform, so as to enable the terminal side to perform the locking or unlocking of the smart card. The present disclosure enables the payment subscriber to avoid loss when the terminal is robbed, lost, stolen, or is illegally used seriously, and provide a higher flexibility to the payment system.

Abstract: The invention relates to an apparatus for detecting malicious sites, comprising: a monitoring unit for monitoring all processes being executed in a computing apparatus; a hook code insertion unit for inserting a hook code in a process executed in a browser when the execution of the browser is detected by the monitoring unit; a danger level determining unit that, upon the detection of a website movement, uses the hook code to inspect a stack structure of a process implemented according to the website movement and determine whether or not to perform the stack structure inspection, and determines whether or not the website to which the movement has been made is a malicious site; and a database for storing a list of sites determined to be malicious.

Abstract: Techniques are provided for securely storing data files in, or retrieving data files from, cloud storage. A data file transmitted to cloud storage from a client in an enterprise computing environment is intercepted by at least one network device. Using security information received from a management server, the data file is converted into an encrypted object configured to remain encrypted while at rest in the cloud storage.

Abstract: Trusted user accounts of an application provider are determined. Graphs, such as trees, are created with each node corresponding to a trusted account. Each of the nodes is associated with a vouching quota, or the nodes may share a vouching quota. Untrusted user accounts are determined. For each of these untrusted accounts, a trusted user account that has a social networking relationship is determined. If the node corresponding to the trusted user account has enough vouching quota to vouch for the untrusted user account, then the quota is debited, a node is added for the untrusted user account to the graph, and the untrusted user account is vouched for. If not, available vouching quota may be borrowed from other nodes in the graph.

Abstract: An authentication device authenticates a user based on a user's operation. The authentication device comprises a display control unit, an operation input unit, and an authentication unit. The display control unit is a processor-based logic that displays a three-dimensional model on a display device. The operation input unit is a hardware unit that inputs a user's operation on the displayed three-dimensional model. The authentication unit is a processor-based logic that authenticates the user based on the user's operation, wherein the user's operation comprises a change operation of at least one of a position and posture of the three-dimensional model having been input from the user.

Abstract: A browser is requested to display a text file having a description of a screen structure. The state information on a current state of the embedded device is acquired. An access request for requesting the browser to update, with the acquired state information, a value of at least one node in a document object model (DOM) tree generated from the text file by the browser, is submitted by a state display control program. The at least one node is recorded in an access history list. At a subsequent time, it is determined whether to permit a subsequent access request. If the source of the subsequent access request is not the state display control program, and the at least one node is recorded in the access history list, the subsequent access request is denied.

Abstract: Methods, systems, and products verify identity of a person identification verification. A signature, representing the presence of a device, is acquired. The signature is compared to a reference signature. When the signature favorably compares to the reference signature, then the identity of a user associated with the device is verified.

Abstract: Human Interaction Proofs (“HIPs”, sometimes referred to as “captchas”), may be generated automatically. An captcha specification language may be defined, which allows a captcha scheme to be defined in terms of how symbols are to be chosen and drawn, and how those symbols are obscured. The language may provide mechanisms to specify the various ways in which to obscure symbols. New captcha schemes may be generated from existing specifications, by using genetic algorithms that combine features from existing captcha schemes that have been successful. Moreover, the likelihood that a captcha scheme has been broken by attackers may be estimated by collecting data on the time that it takes existing captcha schemes to be broken, and using regression to estimate the time to breakage as a function of either the captcha's features or its measured quality.

Abstract: A computationally implemented method includes, but is not limited to: determining that a computing device that was presenting one or more portions of one or more items and that was in possession of a first user has been transferred from the first user to a second user; and marking, in response to said determining, the one or more portions of the one or more items to facilitate the computing device in returning to the one or more portions upon the computing device being at least transferred back to the first user. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.

Abstract: Method for accessing a resource in a data-processing environment. The resource includes a set of objects. The data-processing environment is capable of storing in association with at least one object of the resource at least one modified object. The data-processing environment is capable of storing in association with such an object information of degree of elaboration. The method performs the steps of identifying, for each object of the resource to which corresponds at least a modified object, by using the information of degree of elaboration, at least a most elaborate version of said object, and assembling the objects thus identified for them to be displayed in the resource.

Abstract: Managing a digital certificate includes a landlord providing a digital certificate, a secure hardware device generating a series of n hash values, the secure hardware device providing an nth hash value to the landlord, wherein other hash values are not readily available to the landlord, the landlord placing the nth hash value in the certificate, the landlord digitally verifying the certificate containing the nth hash value to obtain a digitally signed certificate, a tenant obtaining the digitally signed certificate, the tenant obtaining the n hash values and the tenant managing the certificate by periodically issuing a previous hash value in the series of n hash values in response to the certificate being valid when the previous hash value is issued.

Abstract: A method for imputing different usernames and passwords using an input device with a display to use different protected assets that requires the inputting of a preselected username into a username enter box and the inputting of a preselected password into a password entry box immediately prior to use. The method includes the steps of designating two or more username keys on said input device, each said username key being assigned with a unique letter or number located on said input device and to a unique username made of a plurality of alpha-number characters, designating two or more password keys on the input device each being assigned with a letter or number located on said input device and to a unique password made of a plurality of alpha-number characters. Next the protected asset is then accessed and the username key and keyword key assigned to the asset is imputed.

Abstract: The invention is directed to a control system for managing access of users to a plurality of restricted areas. The control system includes at least one manager module and one or more provider modules. The modules are configured in particular fashions.

Abstract: A computer-implemented authentication method is described. The method includes the steps of (a) receiving an authentication request at an authentication computing system, the request including a resource identifier, (b) identifying one or more authentication pools associated with the resource identifier, each authentication pool including at least one authentication method implementation, (c) executing a pool authentication process for the one or more identified authentication pools, and (d) transmitting a response to the identification authentication request based on the execution of the pool authentication process for the one or more identified authentication pools.

Abstract: Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device.

Abstract: A key integrates with a biometric input device. According to an aspect of the present disclosure, a fingerprint scanner may be integral with a spacebar.

Abstract: A device apparatus transmits a request for delegating authority, after it is delegated from a user, to an application, together with first authority information identified, to an approval server system, and acquires second authority information issued based on the first authority information from the approval server system.

Abstract: A trusted platform module stores information in a protected object having an associated policy. A program requesting access to the information is allowed to access the information if the policy is satisfied, and is denied access to the information if the policy is not satisfied. The trusted platform module uses one or more monotonic counters associated with the protected object to track attempts to access the information. If a threshold number of unsuccessful requests to access the information are received, then the trusted platform module locks the information to prevent the program from accessing the information for an indefinite amount of time.

Abstract: In a communication system in which two communication entities seek to have a private or confidential communication session, a trust relationship needs first be established. The trust relationship is based on the determination of a shared secret which in turn is generated from contextual information. The contextual information can be derived from the circumstances surrounding the communication session. For example, the contextual information can include topological information, time-based information, and transactional information. The shared secret may be self-generated or received from a third party. In either event, the shared secret may be used as key material for any cryptographic protocol used between the communication entities.

Abstract: A security management system, comprising: an authentication unit for authenticating an operator of an operating terminal in order to determine whether the operator is permitted to log in or release a lock; a current operator information inquiry unit for inquiring for login status information and current operator information; an authority information inquiry unit for inquiring for authority information regarding the operator and that regarding the current operator; a lock unit for detecting an event, where a predetermined lock condition is satisfied, in the login status to allow the operating terminal to change to a lock status, and for allowing the operating terminal to change to an operable status in response to a login instruction or an instruction for a release; and a lock control unit for transmitting the instruction for a release to the lock unit when a predetermined condition is satisfied.

Abstract: Methods, apparatuses and storage medium associated with securely provisioning a digital content protection scheme are disclosed. In various embodiments, a method may include forming a trust relationship between a media application within an application execution environment of a device and a security controller of the device. The application execution environment may include an operating system, and the operating system may control resources within the application execution environment. Additionally, the security controller may be outside the application execution environment, enabling components of the security controller to be secured from components of the operating system. Further, the method may include the security controller in enabling a digital content protection scheme for the media application to provide digital content to a digital content protection enabled transmitter within the application execution environment for provision to a digital content protection enabled receiver.

Abstract: In a method of switching a locked state of an electronic device with a user-verifying function, a biologic feature data from a user is captured while receiving an input from the user for an operation when the electronic device is in a locked state. Whether the biologic feature data conforms to a reference biologic feature data is then determined. If it is determined that the biologic feature data conforms to the reference biologic feature data, the electronic device is switched from the locked state into a non-locked state and directly controls the electronic device to perform the operation according to the input when the biologic feature data is determined conforming to the reference biologic feature data.

Abstract: A method includes receiving, at a computing device, one or more replicated authorization databases. At least one of the one or more replicated authorization databases corresponds to a subscription to access selected data. The selected data is aggregated from a plurality of sources. The method also includes storing the one or more replicated authorization databases at the computing device. The method also includes determining, via the replicated authorization databases, user permission to access the selected data via the computing device. The method also includes enabling access to the selected data at the computing device after determining the user permission to access the selected data.

Abstract: A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users.

Abstract: The present application discloses a method and system for remote control of a smart card. The method includes: a smart card management platform receives a request to destroy the smart card from a subscriber (S101); according to the request, the smart card management platform performs interactive processing with a terminal side via a mobile network platform to make the terminal side destroy the smart card (S103). The present application enables the subscriber to avoid loss when the terminal is robbed, lost, stolen, or is illegally used seriously, and provide a higher flexibility to the payment system.

Abstract: The disclosure discloses a method and a system for remote control of a smart card; the method comprises: receiving, by a smart card management platform, a request for performing a LOCKING/UNLOCKING operation for a smart card from a user (S101); and the smart card management platform performs a short message interaction with a terminal side through a mobile network platform based on the request, so as to make the terminal side perform the LOCKING/UNLOCKING operation for the smart card (S103). By means of the disclosure, the effects are achieved that the user can apply to a smart card supervision department for locking/unlocking the smart card and a terminal through a short message and disabling or enabling the smart card, when the smart card and the terminal in which the smart card is located are robbed, lost, stolen and has a serious illegal behavior, so as to protect the security of the user and the smart card relevant department to the greatest extent and provide a better flexibility for a payment system.