Abstract: A Smartphone data backup and restoration system on a physical layer is connected to a Smartphone through a data transmission line, and the data backup and restoration system and the Smartphone are identified and paired by a datalink layer and a network layer, and then a transport layer transmits an identification program to the Smartphone, and a session layer completes a trusted connection according to a TCP communication and transmission protocol such as USBMUXD, ADB, MTP, and PTP, so that the Smartphone is capable of performing a data transmission operation including data backup and restoration at a presentation layer and an application layer to improve the convenience of operation and use.

Abstract: A first device establishes a connection with a second device and attempts access, via the connection to an enterprise server of an enterprise. The first device may have a number of security perimeters, ones of which are allowed to use various communications proxies provided by the second device. If the first device and the second device are associated with a same common enterprise, an enterprise perimeter of the first device may be enabled to access the enterprise using an enterprise proxy of the second device.

Abstract: Methods and apparatus for performing user authentication using pointing device gestures are disclosed. An example method includes receiving, by a computing device, input data from a pointing device that is operatively coupled with the computing device, where the received input data corresponds with a user gesture, and comparing the received user gesture with one or more authorized user gestures to determine if the received user gesture matches one of the authorized user gestures, where each of the one or more authorized user gestures corresponds with at least one of a respective username and a respective password. If the received user gesture matches one of the authorized user gestures, the example method include granting access to the computing device and/or a user account. If the received user gesture does not match any of the authorized user gestures, the example method includes denying access to the computing device and/or the user account.

Abstract: The invention relates to a method for activating a terminal (4) by an operator, the activation of the terminal allowing secured exchanges of information between the terminal (4) and a secured server, characterized in that it comprises the following steps for the terminal (4): receiving from the operator (2) a first piece of activation information, receiving from an authorization server (3) a second piece of activation information, using the first and second pieces of activation information for activating the terminal.

Abstract: Provided is a system for controlling access to a security engine of a mobile terminal including a basic operating system and a security engine in which an app ID and user authentication information are transmitted to the security engine in order to execute a reliable app installed in the basic operating system and use a security function of the security engine, and the security engine performs authentication of whether an app is the reliable app or whether a user executing the reliable app is an owner of the mobile terminal based on the app ID transmitted from the basic operating system and the user authentication information and then permits access to the security engine.

Abstract: A method includes executing microcode in a processing unit of a processor to implement a machine instruction, wherein the microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction. A processor includes a public communication bus, a peripheral device coupled to the public communication bus, and a processing unit. The processing unit is to execute microcode to implement a machine instruction. The microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction.

Abstract: A system and method for creating switchable desktops each with its own authorization. The system provides a custom authentication and authorization data store that defines permission sets called roles, and lists which roles each user may assume. The system also provides a custom virtual desktop manager that creates new virtual desktops using the permissions defined by roles allowed for each user. When a user requests a new virtual desktop and role from the desktop manager, the manager requests new virtual desktop components from the operating system. The desktop manager intercepts a request by the operating system to the Local Security Authority module for permissions to grant the new virtual desktop. The manager substitutes the user's requested role permissions (if the user may assume the rule) for the permissions granted by the LSA module. The LSA module and operating system grant those role permissions to the user's activities in a newly created virtual desktop.

Abstract: A method, apparatus, and computer usable program product for automatic activation of roles is provided. When a user initiates an action, a set of roles needed for the action is identified. A set of roles assigned to the user is also identified. From the two sets of roles, all roles that are common to both sets are identified in a subset of roles. Roles in this subset are assigned to the user and are sufficient for the action. One or more roles from this subset of roles is selected for activation depending on system policies in effect. Selected roles are automatically activated without requiring any intervention from the user. Once the selected roles are activated, they can become inactive upon completion of the current action, or remain active for subsequent actions by the user during all or part of a user session. System policies can decide how the roles are selected for activation, and the duration of which the roles remain active once activated.

Abstract: An authentication processing device receives biometric data to be checked from a biometric measuring device; transforms the biometric data that is input from the biometric measuring device by using a checking transformation parameter that is different from a registration transformation parameter; and creates checking biometric data. Then, the authentication processing device performs a differential transformation process on the created checking biometric data by using a differential parameter by which a transformation state transformed by the checking transformation parameter and a transformation state transformed by the registration transformation parameter have the same state. Thereafter, the authentication processing device checks the transformed checking biometric data against the registration biometric data stored in a transformation registration data DB and performs authentication.

Abstract: Knowledge-based authentication (KBA) is provided using historically-aware questionnaires. The KBA can obtain a plurality of historically different answers from the user to at least one question; challenge the user with the question for a given period of time; receive a response from the user to the question; and grant access to the restricted resource if the response is accurate for the given period of time based on the historically different answers. Alternatively, the KBA can be based on historically aware answers to a set of inter-related questions. The user is challenged with the inter-related questions for a given period of time. Historically different answers can comprise answers with applicable dates, or correct answers to the question over time. Historically aware answers can comprise an answer that is accurate for an indicated date or period of time. An accurate response demonstrates knowledge of multiple related personal events.

Abstract: In the field of communications, to solve the problem in the prior art that a device management (DM) server needs to communicate with user terminals for multiple times to obtain Uniform Resource Identifiers (URIs) of various user terminal DM nodes, a DM server, a DM client, and a method for locating a target operation object are provided. The location method includes: obtaining a management command sent by a DM server; and operating a target operation object according to the management command, in which the management command comprises Management Object (MO) location information, MO instance feature node information, and target operation object information. The present disclosure has the following beneficial effects. A target operation object of a DM client may be located by communicating once, and thus increasing the efficiency of communications between the DM server and user terminals.

Abstract: A computer implemented method, a computer program product, and a computer distribute a virtual machine image. A request for a virtual machine image is received. Responsive to receiving the request or the virtual machine image, the authenticity of a virtual machine image catalog associated with the virtual machine image is identified. Responsive to identifying that the virtual machine image catalog is authentic, a first digital signature to be sent with the virtual machine image is determined. Responsive to determining the signature, the virtual machine image and the signature is sent.

Abstract: In a resource-on-demand environment, virtual machine images are validated before use. A provider or source of a virtual machine image may generate a manifest, indicating executable components of the machine image. Before use, a created virtual machine may compare its executable components with those specified by the manifest. To ensure authenticity, the manifest may be associated with a signature, and the virtual machine may use the signature to verify the manifest and the source of the machine image.

Abstract: An MFP sets an access condition for an external device with respect to a cloud box. The access condition is transmitted from the MFP to a relay device, and is registered in a memory of the relay device. When the relay device receives an access request made by the external device with respect to the MFP serving as an internal device, the relay device determines whether to permit or deny access to the MFP by comparing the access request with the access condition. When the access is permitted, the access request is transferred from the relay device to the MFP, whereas when the access is denied, the relay device notifies the external device of it.

Abstract: The present invention relates to a terminal for checking a calibration history of a scale, a system for managing a calibration history of a scale and a method of checking a calibration history of a scale, and more particularly, a terminal for managing history of calibrating or revising the reference data being a standard when calculating a weight, the system thereof and the method thereof. According to the present invention, it is expected to prevent business transactions of a scale user because a general user as well as a qualified person can determine whether a scale is manipulated without authority. In addition, according to the system of the present invention, it is possible to greatly lower the calibration cost of a scale.

Abstract: A system and method to troubleshoot a defect in at least one machine is provided. The system includes a portable device having a tracking system to detect when within a threshold proximity of a machine, and a controller to perform the steps of: authenticating the user to operate the portable device and communicating a first signal including the unique identifier of the portable device in response to detecting when within threshold proximity of the at least one machine. The system can further include an agent located at the machine to receive the first signal from the portable device, and in response to automatically verify authorization of the portable device to access the machine; and automatically trigger transmission of an operational data of the least one machine to the portable device over a secure channel.

Abstract: When the terminal device attempts to use a special content, which has an attribute including information distinguishing the special content from regular contents and is stored in the recording medium device, the recording medium device refers to the revocation information indicating terminal devices restricted from using the special content. When the recording medium device determines the terminal device as a terminal device to be restricted from using the special content based on the terminal identifying information of the terminal device, the usage information output unit of the recording medium device does not transmit the necessary information for using the special content to the terminal device.

Abstract: A secure user input system is implemented for a computer system having a user input apparatus and a user output apparatus. The system comprises a user input template, provided to the user on the user output apparatus; and a personal user output interface providing, to the user, personal input interface information, mapped to the user input template, to enable the user to input information through the user input apparatus that is intelligible only to a party having access both to the user input template and the personal input interface information.

Abstract: An image forming apparatus performs a direct printing function. A selecting section selects at least two files from a plurality of files stored in at least one of an internal storage medium and an external storage medium. A human interface receives passwords form a user. A password determining section determines whether the selected files are protected by passwords. A file extracting section extracts the selected files from an internal storage medium or external storage medium. A password verifying section determines whether passwords contained in the selected files and the passwords inputted through the human interface coincide. A printer prints the selected files. A printing controller controls the printer, causing the printer to print at least one of selected files if the password verifying section has determined that the password contained in the at least one selected file and the password inputted by the user coincide.

Abstract: The image forming device includes an image data input unit that receives image data of a document; a set password acquisition unit that acquires information regarding a password from the image data received by the image data input unit; an input password receiving unit that starts reception of input of the password before the reception of the image data of all pages of the document is completed by the image data input unit; a password verification unit that performs verification between an input password and a set password; and a job execution unit that cancels execution limit of a job based on a verification result and executes the job, wherein, when the password is set in arbitrary one page of the document, the image data input unit sequentially completes the reception of the image data of the next page of the arbitrary one page of the document, before the input of the password corresponding to the password set in the arbitrary one page is completed by the input password receiving unit.

Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.

Abstract: An information handling system includes a memory and a detector circuit. The memory is configured to store a first electrocardiogram measurement. The detector circuit is configured to receive a second electrocardiogram measurement in response to a specific combination of keys of a keyboard being pressed for a specific period of time, wherein each key in the specific key combination includes an electrocardiogram sensor on a top surface of the key, to authorize a user and log the user onto the information handling system when the second electrocardiogram measurement matches the first electrocardiogram measurement, and otherwise: to deny access to the information handling system; to increase a counter; to determine whether the counter has exceeded a threshold; and to request that an input window is displayed when the counter has exceeded the threshold.

Abstract: Systems and methods for presenting a request are disclosed. The systems and methods may include one or more steps, such as receiving, by an electronic device, request information from an entity. The request information may include a request for approval by a user. The steps may further include transmitting, by the electronic device, data containing the request information to a computing device, receiving, by the electronic device, a symbology corresponding to the request information from the computing device and presenting, by the electronic device, the symbology to the user.

Abstract: The invention provides a method and apparatus for authenticating a user in a touchscreen environment. A first tier may be defined having at least one object, and a destination tier may be defined having at least one bin. An authentication-key may be registered, the authentication-key comprising a length defining a number of nodes and a correct sequence of nodes, each node specifying a movement of one object from the first tier to one bin of the destination tier. A user sequence of at least one touchscreen gestures is received, each gesture specifying that one object from the first tier should be moved to one bin of the destination tier. Access is permitted if the at least one touchscreen gestures corresponds to the length, the correct sequence, and the movement of the authentication-key.

Abstract: A memory device includes a plurality of memory chips, including one or more memory chips that store authentication information, and a controller including a first register that stores information indicating a representative memory chip, from among the one or more memory chips that store the authentication information, that stores valid authentication information.

Abstract: A storage unit 601g of a recording medium device 600g stores a content and a revocation list. The revocation list includes a revocation identifier that is associated with the content and identifies a revoked public key certificate allocated to an apparatus related to use of the content. A controller 602g of the recording medium device 600g is provided with an acquisition unit 621g that acquires, from an apparatus 300g, an acquisition request for the content and an apparatus identifier identifying a public key certificate of the apparatus 300g; a judgment unit 622g that judges whether the apparatus identifier matches a revocation identifier; and a control unit 623g that controls to prohibit output of the content to the apparatus when the apparatus identifier and the revocation identifier match.

Abstract: A method includes executing microcode in a processing unit of a processor to implement a machine instruction, wherein the microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction. A processor includes a public communication bus, a peripheral device coupled to the public communication bus, and a processing unit. The processing unit is to execute microcode to implement a machine instruction. The microcode is to manipulate the processing unit to access a peripheral device on a public communication bus at a private address not visible to other devices on the public communication bus and not specified in the machine instruction.

Abstract: Embodiments of the invention relate to collecting keystroke timing data of samples of a phrase input by a user on an input device during different user sessions, and creating a biometric user template based on the timing data collected during the different sessions. Once a sufficient number of samples are collected, the template may be used to authenticate the user.

Abstract: A security system assesses the response time to requests for information to determine whether the responding system is in physical proximity to the requesting system. Generally, physical proximity corresponds to temporal proximity. If the response time indicates a substantial or abnormal lag between request and response, the system assumes that the lag is caused by the request and response having to travel a substantial or abnormal physical distance, or caused by the request being processed to generate a response, rather than being answered by an existing response in the physical possession of a user. If a substantial or abnormal lag is detected, for example due to the fact that the information was downloaded from the Internet, the system is configured to limit subsequent access to protected material by the current user, and/or to notify security personnel of the abnormal response lag.

Abstract: A file cabinet drawer includes support rails supporting asset panels each with a plurality of asset positions to support respective assets and associated asset indicators. A controller activates panel, drawer, and asset indicators to locate assigned assets. A recipient can be reauthenticated and assigned a duplicate asset if the assigned asset becomes unavailable. An administrator can be authenticated to conduct assignment of duplicate assets. Where asset(s) include electronic identification tags, the panels can include contacts in electrical communication with support rails in respective drawers coupled to the controller to read an asset identifier from each tag.

Abstract: According to an embodiment, an information processing apparatus includes a main processor, a secure operating system (OS) module, a non-secure OS module, a secure monitor memory setting module, a timer, and an address space controller. When receiving a notification of an interrupt from the timer, a secure monitor instructs the secure OS module to execute certain processing. The secure OS module is configured to execute certain processing instructed by the secure monitor and store data of a result of the processing in a first memory area.

Abstract: A method for authentication checking comprises receiving an authentication verification request for accessing an application. The authentication verification request includes a user identification, a device identification and an application identification. A validity of the authentication verification request is determined based on at least a last known authentication information, and a first subset of an application policy rule-set specific to the user identification and the device identification, if the application policy rule-set permits cross-application authentication; otherwise the validity is determined based on at least a second subset of the application policy rule-set specific to the user identification, the device identification and the application identification. Access to the application is enabled if the validity of the authentication verification request is true; otherwise a new authentication is requested.

Abstract: A device is configured for providing at least one secure cryptographic key for performing a cryptographic security function using a control device which requires a cryptographic key therefor. A configured key provided for the security function is selected from a first configuration memory and is tested using the read configured key whether a secure replacement key associated with the read configured key is memorised in a second configuration memory, said replacement key is provided for the control device for performing the security function instead of the configure key.

Abstract: Techniques for managing stored information in an implantable medical device system using multiple user accounts are described. An implantable medical device system may provide a general user account and a set of authenticable user accounts. In some examples, the general user account does not require a user of a programmer in an implantable medical device system to enter user identity information to manage information stored in the implantable medical device system. The general user account may be permitted to perform a subset of actions available to an authenticable user account. In some examples, an authenticable user account may rollback changes made to the stored information by the general user account. An authenticable user account may also be able to synchronize changes made to the stored information across all or some of the user accounts.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: Mechanisms are provided for performing centralized control of application sessions across a distributed computing environment comprising a plurality of application servers. A request to perform an application session control operation to control the application sessions associated with a specified user account identifier across the plurality of application servers in the distributed computing environment is received. A plurality of application instances upon which to perform the requested application session control operation are identified. An application session control request is transmitted to a plurality of session control clients associated with the application instances on the plurality of application servers of the distributed computing environment.

Abstract: A home subscriber server (400) receives a request for authentication information from an authentication server (300) and transforms cryptographic keys for a user equipment (100) into access specific cryptographic keys based on an identity of an authenticator (200) controlling access from the user equipment (100) to an EPS network, and generates the authentication information including the access specific cryptographic keys and a separation indicator which is set. The user equipment (100) checks whether the separation indicator included in the authentication information is set, and if the separation indicator is set, transforms cryptographic keys into access specific cryptographic keys based on the identity of the authenticator (200), and computes a key specific to an authentication method from the access specific cryptographic keys.

Abstract: In a system and method of controlling a wireless communication module in communication with an electronic device, when a manufacturer certificate, a wireless device credential, and a user credential each meet a respective first, second and third validity criteria, an encryption value is generated, and the encryption value is used to generate a cryptographic hash value. The cryptographic hash value is used to enable a device to communicate with a communication network.

Abstract: An embodiment of the invention provides a method for controlling access to a system, wherein a request to access the system and metadata of the request are received from a user, the request including a user identification. The metadata includes: information obtained from a history of prior accesses to an application access system, information obtained from a history of prior accesses to a wireless authentication system, and/or confirmation of the user identification by an entity physically proximate to the user. A database is queried with the user identification and the metadata to identify relationship data. The relationship data indicates the relationship between the individual assigned the user identification and an entity owning the system, an entity leasing the system, and/or an entity operating the system. The relationship data is input into a rules engine; and, security measure(s) are selected with the rules engine based on the relationship data.

Abstract: A method for operating a vehicle includes receiving, at a wearable article, a first input from a user indicating a vehicle function to be performed on a vehicle, receiving a second input indicating a gesture by the user for authentication, and generating, at the wearable article, a control signal for performing the vehicle function on the vehicle based on a successful authentication of the user.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: A method for device driver self authentication is provided. The method includes accessing a device driver having encrypted authentication parameters therein including, for instance, a vendor identification, a device identification, a serial number, an expiration date and a filename. The method includes executing an authentication portion of the device driver to generate a message digest of these parameters and comparing the message digest to a stored digest for a match thereof. The method further includes loading the device driver only if the authentication portion successfully authenticates the device driver, e.g., there is a match. The method can be applied to USB device drivers and peripherals.

Abstract: A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.

Abstract: A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: In a system and method for managing mainframe computer usage, preferred values for service class defined performance goals are determined to optimize workload performance in service classes across a logical partition. A method for managing mainframe computer system usage can include receiving a performance optimization goal for workload performance in a service class, the service class having a defined performance goal. Achievement of the performance optimization goal is assessed, and a preferred value for the defined performance goal is determined based on assessing achievement of the performance optimization goal. Workload criticality can be taken into account, and automatic changes to the performance goal authorized.

Abstract: A system facilitates collaborative communications and information sharing in a network defined by a model. The model and a portion of the system are stored on a storage component coupled to a terminal. The system captures context information and user-defined data, the user-defined data provided during user interaction of the user in a first domain of the network, and dynamically stores the context information as metadata associated with the user-defined data, the user-defined data and the metadata stored on the storage component; a tracking component for tracking a change of the user from the first domain to a second domain of the network and dynamically updating the stored metadata based on the change, where the user accesses the user-defined data from the second domain; and an interface to the system that permits the user to create and view the user-defined data according to the model of the network.

Abstract: A user authentication device provided on an apparatus as an object of operation acquires feature data representing notable portion of the user, using a camera device, after user authentication. Based on the acquired feature data, the user authentication device tracks the user by the camera (step S1030). If it is detected by the tracking that the user has left the apparatus, the user authentication device displays a log-in screen image on an operation panel (step S1060). If it is detected that the user once left the apparatus has returned to a position where he/she can operate the apparatus, the user authentication device displays the screen image that has been previously operated by the user. On the other hand, if it is detected that the tracking has been interrupted after the user left the apparatus, the user authentication device executes a log-out process (step S1120).

Abstract: A computer-implemented biometric identity verification method including the steps of storing a database of registered users, including data identifying profile attributes of each registered user and a respective plurality of stored biometric signatures, each stored biometric signature associated with a corresponding one or more of the profile attributes. A predicted biometric signature is derived for a requesting user when it is determined that a period of time has elapsed since the requesting user's stored biometric signature was last updated, by adapting the stored biometric signature based on biometric variances derived from a biometric peer group of registered users with at least one profile attribute in common with the requesting user. The predicted biometric signature is used to verify the identity of the requesting user.

Abstract: A biometrics authentication device utilizes biometrics information and performs individual authentication enables secure modification of authorization details for an authorized agent other than the principal. A verification device verifies biometrics information registered on an IC card against biometrics information detected by a detection unit. When results in satisfactory biometrics authentication, modification of authorization details of an authorized agent, registered on the IC card, is permitted. Authorization details for an authorized agent can be securely modified on a card on which biometrics information for the principal and the authorized agent is registered.