Abstract: An electronic device (100) includes a control circuit (208) and one or more modules (210) operable with the control circuit. An application usage module (211) is operable with the control circuit to define one or more applications (104,105,106,107), operable with the control circuit and otherwise available for use by a user (101) when the electronic device is in an unlocked state, that are precluded from use by an authorized person when the electronic device is operably connected to a predefined peripheral accessory (300) when unlocked.

Abstract: An information processing apparatus includes a first acquiring unit that acquires information for specifying an operator, an operator authenticating unit that authenticates the operator, a first determining unit that determines whether information on the operator is continuously acquired, a second acquiring unit that acquires information for specifying a checker, a checker authenticating unit that authenticates a checker corresponding to the operator, a second determining unit that determines whether information on the checker is continuously acquired, and a controller that controls a processing apparatus to execute processing, on the condition that the operator is authenticated and the checker is authenticated.

Abstract: An application program installed in a user device is monitored. if it is determined that a user requests access to the application program, it is determined whether the application program is encrypted. If the application program to which the user requests access is encrypted, the user is requested to input verification information and it is determined whether the verification information is correct. If the verification information is correct, the application program to which the user requests access is run and a running result is presented. If the verification is not correct, a protection operation is performed to the application program to which the user requests access.

Abstract: A system and method of maintaining a user profile for a handheld computer in a shared, scalable computing resource is described. The method includes receiving user profile data from the handheld computer at the shared, scalable computing resource, the user profile data comprising a user security factor. The user profile data is received via a secure wireless communication protocol having authentication of an identity of the handheld computer. The method includes storing the user profile data on the shared, scalable computing resource as a portion of a user profile, the user profile further comprising user preference data. The method further includes receiving the user security factor from a second computing device. The user security factor is received via a secure wireless communication protocol having authentication of an identity of the second computing device. The method further includes downloading user preference data to the second computing device.

Abstract: Embodiments of the present invention relate to systems, methods, and computer storage media for identifying, authenticating, and authorizing a user to a device. A dynamic image, such as a video captured by a depth camera, is received. The dynamic image provides data from which geometric information of a portion of a user may be identified as well as motion information of a portion of the user may be identified. Consequently, a geometric attribute is identified from the geometric information. A motion attribute may also be identified from the motion information. The geometric attribute is compared to one or more geometric attributes associated with authorized users. Additionally, the motion attribute may be compared to one or more motion attributes associated with the authorized users. A determination may be made that the user is an authorized user. As such the user is authorized to utilize functions of the device.

Abstract: Embodiments facilitate confidential and secure sharing of anonymous user profile data to improve the delivery of customized content. Embodiments of the invention provide a data appliance to an entity such as a business to convert profile data about the business's customers into anonymous identifiers. A similar data appliance is provided to a content provider in one embodiment to generate identifiers for its user profile data. Because the anonymous identifiers are generated with the same anonymization method, identical identifiers are likely generated from profile data of the same users. Therefore, the identifiers can be used to anonymously match the customers of the business to the users of the content provider. Therefore, data can be shared to improve customized content such as advertisements that the business wishes to place with the content provider without requiring the business to disclose customer data in an unencrypted form, and any non-matched data can remain confidential.

Abstract: Private information can be displayed using alternate frame sequencing to prevent unauthorized viewing. The private information can be ascertained by an authorized user using an active shutter viewing device synchronized to the alternate frame sequencing display. Private information can be displayed on a portion of the display, while public information, including a basic user interface, can be displayed on a second portion visible to authorized and unauthorized users. For enhanced security, alternate frame sequencing synchronization parameters can be encrypted and exchanged between a display device and the viewing device. When and where to display private information using alternate frame sequencing can be determined using environmental sensors. A single display screen can be configured to simultaneously present private information to multiple users, each user permitted to view a portion of the private information according to the unique synchronization parameters employed by a user's viewing device.

Abstract: This invention is related to authentication schemes utilizing advertising video-passwords, which require the user to watch and remember parts of a given advertisement video. Different embodiments of the invention can utilize just time reference point information, or can optionally include grid element, click point, tag phrase, or a combination of both click point and tag phrase information. A reference video-password is defined based on the time reference point information, and optionally with grid element, click point, or tag phrase information. Subsequently, the user will attempt authentication and the candidate video-password will be defined with the associated time reference point determined from the user's input, and optionally with grid element, click point, or tag phrase information received from the user. The system would then authenticate the user based on the comparison result between the reference video-password and the candidate video-password.

Abstract: Methods, systems, and apparatus for voice authentication and command. In an aspect, a method comprises: receiving, by a data processing apparatus that is operating in a locked mode, audio data that encodes an utterance of a user, wherein the locked mode prevents the data processing apparatus from performing at least one action; providing, while the data processing apparatus is operating in the locked mode, the audio data to a voice biometric engine and a voice action engine; receiving, while the data processing apparatus is operating in the locked mode, an indication from the voice biometric engine that the user has been biometrically authenticated; and in response to receiving the indication, triggering the voice action engine to process a voice action that is associated with the utterance.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: A system and method wherein an intermediary process provides access to a restricted object associated with a source process on behalf of a destination process. The intermediary process may be a trusted process that is available as a service to other processes on the computing platform. The intermediary process may assume one or more privileges associated with the source process whereby the restricted object may be accessed by the intermediary process on behalf of the destination process. Secure access to the restricted object and the risk of malicious exploitation are mitigated since the intermediary process is a trusted service that is known to provide specific functionality.

Abstract: Systems, methods, apparatus, and computer readable media are provided for disposable component authentication with respect to a biological fluid processing device instrument. An example instrument authentication system includes a computer facilitating configuration and operation of the biological fluid processing instrument using a disposable component. A first interface is provided by the computer and is used by a service technician to configure the biological fluid processing instrument for a number of disposable components and to provide a service technician with a validation code. A key generator is to accept the validation code from the service technician and generate an authentication key in response to the entered validation code. A second interface is provided by the computer, the second interface prompting the service technician to enter an authentication key, wherein the authentication key authorizes use of a certain number of disposable components for the biological fluid processing instrument.

Abstract: A method for secure authentication is provided which includes having a user who wishes to gain access to a computer or computer network select from among a plurality of randomly displayed images, having different background colors, the correct image and background color which correspond to the user's computer account. In one advantageous form, in addition to selecting the correct image, the user must first enter a username and password. In an alternative form, if a user is seeking access to a computer network by using a preapproved access point or computer having an approved IP address, a user is allowed to gain access to the computer network without being prompted to select a correct image.

Abstract: A method, server and system for obtaining a licensed application is provided. In one example embodiment, the method comprises: receiving an application download request from a user of the electronic device by way of an input mechanism associated with the electronic; transmitting a download request from the electronic device to an application delivery server; receiving an application from the application delivery server at the electronic device; receiving a license key from the application delivery server; and automatically injecting the license key into the application.

Abstract: The invention relates to providing access control to service units of a computer system. When a program unit such as a process or a thread accesses a service unit, the service unit generates an access signal (e.g. an interrupt) indicating the service unit has been accessed. This access signal is handled e.g. by an interrupt handling arrangement at the processor, and in case the program unit is not authorized to access the service unit, the program unit is terminated.

Abstract: A computer-based system, method and computer program product for controlling access to protected personal information is disclosed. Protected personal information that is accessible by an information management application program is stored in a computer memory. In response to a request from an authenticated user for information, which includes protected personal information, information is displayed indicating that user has requested protected personal information, but the protected personal information is not displayed. In response to receiving user input requesting access to the protected personal information, a determination is made as to whether the user is authorized to access the requested protected personal information. If so, requested protected personal information is displayed to the user and information is stored relating to the user's access to protected personal information.

Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.

Abstract: Systems and methods of managing keystroke data in embedded keyboard environments may involve transferring a mode request from a management controller to an embedded controller of a keyboard via a dedicated communication channel. Keystroke activity can be detected at the keyboard, and keystroke data may be transferred from the embedded controller to the management controller via the dedicated communication channel in response to the keystroke activity and the mode request. In addition, the management controller may be used to encrypt the keystroke data, wherein the encrypted keystroke data can be transmitted from the management controller to an off-platform service via a network controller.

Abstract: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Abstract: The present disclosure discloses an upper-order computer, a lower-order computer, a monitoring system and a monitoring method, so as to eliminate the disadvantages of low standardization level and small scale in manually setting and adjusting performance parameters. The upper-order computer includes a central control module and an information interacting module, the information interacting module including a human-computer interacting unit, and the central control module including a processing unit, a display control unit and a parameter configuring unit, wherein the processing unit is adapted for controlling a lower-order computer by sending control commands; the display control unit is adapted for processing effective operating data acquired from the lower-order computer, and is adapted for instructing the human-computer interacting unit to perform presenting; and the parameter configuring unit is adapted for configuring parameters of the lower-order computer by sending parameter configuring commands.

Abstract: User authentication is provided. At least one of a social network and a business network of each user in a plurality of users is accessed. User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network. Challenge questions requiring a user response are generated based on monitoring the user history data of the users. The user response to a generated challenge question is evaluated. A set of events is triggered based on evaluating the user response.

Abstract: The present invention relates to an apparatus and a method for managing digital rights using virtualization technique, and more particularly to an apparatus and a method for enabling a user to access a desired text file in an independent area through a virtual machine corresponding to a licensed right for accessing the text file. The present invention comprises a virtual machine (VM) management unit for controlling a user access authorization function for accessing the text file in the area to which the virtualization technique is applied.

Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.

Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.

Abstract: In one example, a platform device includes a control unit configured to receive a first software package signed by a first software development entity with a first certificate of a first certificate hierarchy associated with the first software development entity, execute the first software package only after determining that a root of the first certificate hierarchy corresponds to a certificate authority of a developer of the platform device, receive a second software package signed by a second software development entity with a second certificate of a second certificate hierarchy associated with the second software development entity, wherein the second certificate hierarchy is different than the first certificate hierarchy, and execute the second software package only after determining that a root of the second certificate hierarchy corresponds to the certificate authority of the developer of the platform device.

Abstract: A method, system and apparatus for controlling access to a media server are provided. A browse request is received at a computing device, from a remote computing device to browse a memory structure including content files. Authentication of the remote computing device is initiated. Prior to the remote computing device being authenticated, a response is transmitted to the remote computing device indicative that the memory structure is empty of the content files, regardless of actual content of the memory structure. After the remote computing device is authenticated, a further response is transmitted to the remote computing device indicative of the actual content of the memory structure.

Abstract: A mobile device includes a user interface that has a plurality of non-password-protected desktop screens and at least one password protected desktop screen. The mobile device includes a touch sensitive display device that accepts gestures used to navigate between the desktop screens. Applications may be installed to password protected desktop screens.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: Data are accessed securely in a data storage device that includes a non-volatile solid-state storage device integrated with a magnetic storage device. An identical copy of drive security data, such as an encrypted version of a drive access password, is stored in both the non-volatile solid-state storage device and in the magnetic storage device. In response to receiving a command from a host device that results in access to the magnetic storage device, access is granted to the magnetic storage device if the copy of drive security data stored in the non-volatile solid-state storage device matches the copy of drive security data stored in the magnetic storage device. Furthermore, encrypted drive-unique identification data associated with the drive may be stored in both the non-volatile solid-state storage device and the magnetic storage device, and access is granted if both copies of the encrypted drive-unique identification data match.

Abstract: Systems, methods, and apparatus are disclosed for electronically sharing data using authentication variables, such as biometrics and contextual data. Example contextual data includes machine identifications (IDs) and data collected from sensors of computing devices.

Abstract: The invention relates to a method for evaluating the authenticity of peripheral devices of a self-service machine having an operating system that provides at least one global mutex, having software layers, that are arranged on the operating system, having processes that run on the self-service machine and that access the operating system and/or the software layers, comprising the steps of: evaluating of authenticity of a connected peripheral device by a first process; if it was determined during the evaluation that the peripheral device could not be authenticated, setting of the mutex; evaluating the mutex by a second process based on an event and, if the mutex is set, switching the self-service machine to an error state.

Abstract: An improved system and method for controlling access of components to industrial automation system resources by reference to the various operational states of the industrial automation system. A central access control system includes a processing circuitry, interface circuitry configured to receive information pertaining to the operational state of an automation system, memory circuitry, and a display and user interface. In operation, access to automation components are either allowed or denied based on the designation of an operational state of an automation system.

Abstract: Described herein are systems and methodologies for managing document access permissions. Embodiments of the invention have been particularly developed for allowing group-based permission management in a file system. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.

Abstract: A method, system, and medium are provided for locating a lost mobile device utilizing a radio frequency signal associated with the lost mobile device. One embodiment of the method includes activating a signal on a lost mobile device. An identifier associated with the lost mobile device allows a locating mobile device to receive the signal from the lost mobile device and filter out interference. The strength of the signal is determined and a location of the lost mobile device is communicated to a user based on the strength of the signal.

Abstract: A method of authenticating access to an electrical device. The method comprises comparing, at an electronic processor, one or more patterns of temporal or physical properties, associated with an access entry string, to a non-transitory electronic profile data base of ranges of the corresponding patterns, from previously approved access entry strings. The method also comprises approving or denying at the electronic processor, the access entry string. The access entry string is approved if the one or more patterns falls within the respective range of the corresponding patterns in the profile data base. The access entry string is denied if the one or more patterns falls outside the respective range of the corresponding patterns in the profile data base.

Abstract: A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.

Abstract: Techniques to manage digital telephones are described. An apparatus may comprise a digital telephone management component having a telephone interface module operative to receive security information in the form of a personal identification number (PIN) for an operator or device. The digital telephone management component may also comprise a telephone security module communicatively coupled to the telephone interface module, the telephone security module operative to receive encrypted security credentials from a computing device, and decrypt the encrypted security credentials with the PIN. The digital telephone management component may further comprise a telephone authentication module communicatively coupled to the telephone security module, the telephone authentication module operative to authenticate the digital telephone using the security credentials. Other embodiments are described and claimed.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.

Abstract: With their ubiquitous nature and perceived personalized character portable electronic devices are increasingly forming part of individual's life as applications exist for practically anything today and new ones are released daily. It is therefore increasingly important for these electronic devices to dynamically adapt applications, information, user interface etc.

Abstract: Embodiments relate an address translation/specification (ATS) field. An aspect includes receiving a work queue entry from a work queue in a main memory by a hardware accelerator, the work queue entry corresponding to an operation of the hardware accelerator that is requested by user-space software, the work queue entry comprising a first ATS field that describes a structure of the work queue entry. Another aspect includes, based on determining that the first ATS field is consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, executing the operation corresponding to the work queue entry by the hardware accelerator. Another aspect includes, based on determining that the first ATS field is not consistent with the operation corresponding to the work queue entry and the structure of the work queue entry, rejecting the work queue entry by the hardware accelerator.

Abstract: A system implements dishonest policies for managing unauthorized access requests. The system includes memory management hardware to store a set of dishonest policy bits, each dishonest policy bit that is configured to a predetermined value indicating disallowed access for one of a set of memory ranges. When a processor receives an access request for a location in a memory range to which access is not allowed as indicated by a set dishonest policy bit, the processor returns a false indication according to a dishonest policy that the requested access has been performed.

Abstract: The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the client device is received from the server by a host device, communication with the server is maintained, and authentication information from the client device is received by the host device. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.

Abstract: Some embodiments provide a system that executes a native code module. During operation, the system obtains the native code module. Next, the system loads the native code module into a secure runtime environment. Finally, the system safely executes the native code module in the secure runtime environment by using a set of software fault isolation (SFI) mechanisms that maintain control flow integrity for the native code module and constrain store instructions in the native code module by bounding a valid memory region of the native code module with one or more guard regions.

Abstract: The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the host device is received from a server via a wide area network, routing information of the client device is provided to the server, and authentication information is provided to the host device via the wide area network. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.

Abstract: In one embodiment, a processor includes a microcode storage including processor instructions to create and execute a hidden resource manager (HRM) to execute in a hidden environment that is not visible to system software. The processor may further include an extend register to store security information including a measurement of at least one kernel code module of the hidden environment and a status of a verification of the at least one kernel code module. Other embodiments are described and claimed.

Abstract: A service accessible by a set of entities may be provided to each entity at a different service level (e.g., with a different set of privileges) based on the privilege level of the entity. However, many users may attempt to perform malicious activities through the service, and may do so with impunity if the penalties of detection are inconsequential. Instead, privilege levels of entities may be established based on the claims of assets having identifiable value. Such claims may be established by submitting an asset identifier to the service, such as proof of a software license identified by the submission of a license key purchased at a substantial cost. The penalties of malicious activities performed by such users may include the invalidation of such asset identifiers. Establishing the privilege levels of respective entities in this manner raises the penalties, and hence the deterrence, of attempted malicious use of the service.

Abstract: Systems and methods for integrating biometric authentication with video conference sessions are described. An individual seeking to participate in a video conference may first be identified with a biometric parameter such as an iris scan based on a comparison of the scanned iris with a database of stored parameters. If authorized, the system may connect the individual to the video session. In addition, the system may generate dynamic tags that allow the participants to identify and locate individuals in the video conference. For example, if one of the participants is speaking and moving within the room, her tag may change color and move with her on the video screen.

Abstract: Embodiments of the invention relate to generating security permissions for applications. A static analysis on an application is carried out to determine security exceptions and to determine the application components responsible for the security exceptions. The determined security exceptions are analyzed to calculate permissions required for each component. A security policy file that includes a hierarchy of the required permissions suitable for the type of application is formatted and applied to the application to provide a security enabled application.

Abstract: A processor and method are described for managing different privilege levels associated with different types of program code, including binary translation program code. For example, one embodiment of a method comprises entering into one of a plurality of privilege modes responsive to detecting the execution of a corresponding one of a plurality of different types of program code including native executable program code, translated executable program code, and binary translation program code. In one embodiment, the binary translation program code includes sub-components each of which are associated with a different privilege level for improved security.

Abstract: An end device may include a camera configured to capture an image of an object, a touch screen configured to receive a touch input and a processor configured to determine to unlock the end device based, at least in part, on the image of the object and the touch input.