Abstract: In a system and method of controlling a wireless communication module in communication with an electronic device, when a manufacturer certificate, a wireless device credential, and a user credential each meet a respective first, second and third validity criteria, an encryption value is generated, and the encryption value is used to generate a cryptographic hash value. The cryptographic hash value is used to enable a device to communicate with a communication network.

Abstract: A method for operating a vehicle includes receiving, at a wearable article, a first input from a user indicating a vehicle function to be performed on a vehicle, receiving a second input indicating a gesture by the user for authentication, and generating, at the wearable article, a control signal for performing the vehicle function on the vehicle based on a successful authentication of the user.

Abstract: A method for device driver self authentication is provided. The method includes accessing a device driver having encrypted authentication parameters therein including, for instance, a vendor identification, a device identification, a serial number, an expiration date and a filename. The method includes executing an authentication portion of the device driver to generate a message digest of these parameters and comparing the message digest to a stored digest for a match thereof. The method further includes loading the device driver only if the authentication portion successfully authenticates the device driver, e.g., there is a match. The method can be applied to USB device drivers and peripherals.

Abstract: A method for authenticating the identity of a handset user is provided. The method includes: obtaining, a login account and a password from the user; judging whether the login account and the password are correct; if the login account or the password is incorrect, refusing the user to access an operating system of the handset; if the login account and the password are correct, sending the login account and the password to a cloud server, wherein the login account and the password correspond to a face sample image library of the user stored on the cloud server; acquiring an input face image of the user; sending the input face image to the cloud server; authenticating, by the cloud server, the identity of the user according to the login account, the password and the input face image.

Abstract: A processing device comprises a processor coupled to a memory and is configured to receive authentication information from a user, to generate a message authentication code based at least in part on the received authentication information, to generate a credential for a particular access control interval based at least in part on the message authentication code and an intermediate value of a hash chain, and to provide the credential to a user in order to allow the user to access a protected resource in the particular access control interval. The message authentication code may be generated over a message payload that includes a password provided by the user. The credential may comprise a combination of the message authentication code and the intermediate value of the hash chain.

Abstract: A scope hierarchy corresponding to a resource to which a type of access is requested is identified, the scope hierarchy including multiple scope levels each of which has an associated access control list. An access control list associated with a lower scope level can further restrict access permitted to the resource by an access control list associated with a higher scope level. Based at least in part on one or more of the access control lists associated with the multiple scope levels, a determination is made as to whether the requested type of access to the resource is permitted.

Abstract: An embodiment generally relates to a method of managing tokens. The method includes detecting a presence of a token at a client and determining a status of the token. The method also includes formatting the token at the client in response to the status of the token being unformatted.

Abstract: In a system and method for managing mainframe computer usage, preferred values for service class defined performance goals are determined to optimize workload performance in service classes across a logical partition. A method for managing mainframe computer system usage can include receiving a performance optimization goal for workload performance in a service class, the service class having a defined performance goal. Achievement of the performance optimization goal is assessed, and a preferred value for the defined performance goal is determined based on assessing achievement of the performance optimization goal. Workload criticality can be taken into account, and automatic changes to the performance goal authorized.

Abstract: A system facilitates collaborative communications and information sharing in a network defined by a model. The model and a portion of the system are stored on a storage component coupled to a terminal. The system captures context information and user-defined data, the user-defined data provided during user interaction of the user in a first domain of the network, and dynamically stores the context information as metadata associated with the user-defined data, the user-defined data and the metadata stored on the storage component; a tracking component for tracking a change of the user from the first domain to a second domain of the network and dynamically updating the stored metadata based on the change, where the user accesses the user-defined data from the second domain; and an interface to the system that permits the user to create and view the user-defined data according to the model of the network.

Abstract: A user authentication device provided on an apparatus as an object of operation acquires feature data representing notable portion of the user, using a camera device, after user authentication. Based on the acquired feature data, the user authentication device tracks the user by the camera (step S1030). If it is detected by the tracking that the user has left the apparatus, the user authentication device displays a log-in screen image on an operation panel (step S1060). If it is detected that the user once left the apparatus has returned to a position where he/she can operate the apparatus, the user authentication device displays the screen image that has been previously operated by the user. On the other hand, if it is detected that the tracking has been interrupted after the user left the apparatus, the user authentication device executes a log-out process (step S1120).

Abstract: A computer-implemented biometric identity verification method including the steps of storing a database of registered users, including data identifying profile attributes of each registered user and a respective plurality of stored biometric signatures, each stored biometric signature associated with a corresponding one or more of the profile attributes. A predicted biometric signature is derived for a requesting user when it is determined that a period of time has elapsed since the requesting user's stored biometric signature was last updated, by adapting the stored biometric signature based on biometric variances derived from a biometric peer group of registered users with at least one profile attribute in common with the requesting user. The predicted biometric signature is used to verify the identity of the requesting user.

Abstract: An electronic device (100) includes a control circuit (208) and one or more modules (210) operable with the control circuit. An application usage module (211) is operable with the control circuit to define one or more applications (104,105,106,107), operable with the control circuit and otherwise available for use by a user (101) when the electronic device is in an unlocked state, that are precluded from use by an authorized person when the electronic device is operably connected to a predefined peripheral accessory (300) when unlocked.

Abstract: A biometrics authentication device utilizes biometrics information and performs individual authentication enables secure modification of authorization details for an authorized agent other than the principal. A verification device verifies biometrics information registered on an IC card against biometrics information detected by a detection unit. When results in satisfactory biometrics authentication, modification of authorization details of an authorized agent, registered on the IC card, is permitted. Authorization details for an authorized agent can be securely modified on a card on which biometrics information for the principal and the authorized agent is registered.

Abstract: An application program installed in a user device is monitored. if it is determined that a user requests access to the application program, it is determined whether the application program is encrypted. If the application program to which the user requests access is encrypted, the user is requested to input verification information and it is determined whether the verification information is correct. If the verification information is correct, the application program to which the user requests access is run and a running result is presented. If the verification is not correct, a protection operation is performed to the application program to which the user requests access.

Abstract: An information processing apparatus includes a first acquiring unit that acquires information for specifying an operator, an operator authenticating unit that authenticates the operator, a first determining unit that determines whether information on the operator is continuously acquired, a second acquiring unit that acquires information for specifying a checker, a checker authenticating unit that authenticates a checker corresponding to the operator, a second determining unit that determines whether information on the checker is continuously acquired, and a controller that controls a processing apparatus to execute processing, on the condition that the operator is authenticated and the checker is authenticated.

Abstract: A system and method of maintaining a user profile for a handheld computer in a shared, scalable computing resource is described. The method includes receiving user profile data from the handheld computer at the shared, scalable computing resource, the user profile data comprising a user security factor. The user profile data is received via a secure wireless communication protocol having authentication of an identity of the handheld computer. The method includes storing the user profile data on the shared, scalable computing resource as a portion of a user profile, the user profile further comprising user preference data. The method further includes receiving the user security factor from a second computing device. The user security factor is received via a secure wireless communication protocol having authentication of an identity of the second computing device. The method further includes downloading user preference data to the second computing device.

Abstract: Embodiments of the present invention relate to systems, methods, and computer storage media for identifying, authenticating, and authorizing a user to a device. A dynamic image, such as a video captured by a depth camera, is received. The dynamic image provides data from which geometric information of a portion of a user may be identified as well as motion information of a portion of the user may be identified. Consequently, a geometric attribute is identified from the geometric information. A motion attribute may also be identified from the motion information. The geometric attribute is compared to one or more geometric attributes associated with authorized users. Additionally, the motion attribute may be compared to one or more motion attributes associated with the authorized users. A determination may be made that the user is an authorized user. As such the user is authorized to utilize functions of the device.

Abstract: Private information can be displayed using alternate frame sequencing to prevent unauthorized viewing. The private information can be ascertained by an authorized user using an active shutter viewing device synchronized to the alternate frame sequencing display. Private information can be displayed on a portion of the display, while public information, including a basic user interface, can be displayed on a second portion visible to authorized and unauthorized users. For enhanced security, alternate frame sequencing synchronization parameters can be encrypted and exchanged between a display device and the viewing device. When and where to display private information using alternate frame sequencing can be determined using environmental sensors. A single display screen can be configured to simultaneously present private information to multiple users, each user permitted to view a portion of the private information according to the unique synchronization parameters employed by a user's viewing device.

Abstract: This invention is related to authentication schemes utilizing advertising video-passwords, which require the user to watch and remember parts of a given advertisement video. Different embodiments of the invention can utilize just time reference point information, or can optionally include grid element, click point, tag phrase, or a combination of both click point and tag phrase information. A reference video-password is defined based on the time reference point information, and optionally with grid element, click point, or tag phrase information. Subsequently, the user will attempt authentication and the candidate video-password will be defined with the associated time reference point determined from the user's input, and optionally with grid element, click point, or tag phrase information received from the user. The system would then authenticate the user based on the comparison result between the reference video-password and the candidate video-password.

Abstract: Embodiments facilitate confidential and secure sharing of anonymous user profile data to improve the delivery of customized content. Embodiments of the invention provide a data appliance to an entity such as a business to convert profile data about the business's customers into anonymous identifiers. A similar data appliance is provided to a content provider in one embodiment to generate identifiers for its user profile data. Because the anonymous identifiers are generated with the same anonymization method, identical identifiers are likely generated from profile data of the same users. Therefore, the identifiers can be used to anonymously match the customers of the business to the users of the content provider. Therefore, data can be shared to improve customized content such as advertisements that the business wishes to place with the content provider without requiring the business to disclose customer data in an unencrypted form, and any non-matched data can remain confidential.

Abstract: Systems, methods, apparatus, and computer readable media are provided for disposable component authentication with respect to a biological fluid processing device instrument. An example instrument authentication system includes a computer facilitating configuration and operation of the biological fluid processing instrument using a disposable component. A first interface is provided by the computer and is used by a service technician to configure the biological fluid processing instrument for a number of disposable components and to provide a service technician with a validation code. A key generator is to accept the validation code from the service technician and generate an authentication key in response to the entered validation code. A second interface is provided by the computer, the second interface prompting the service technician to enter an authentication key, wherein the authentication key authorizes use of a certain number of disposable components for the biological fluid processing instrument.

Abstract: A system and method wherein an intermediary process provides access to a restricted object associated with a source process on behalf of a destination process. The intermediary process may be a trusted process that is available as a service to other processes on the computing platform. The intermediary process may assume one or more privileges associated with the source process whereby the restricted object may be accessed by the intermediary process on behalf of the destination process. Secure access to the restricted object and the risk of malicious exploitation are mitigated since the intermediary process is a trusted service that is known to provide specific functionality.

Abstract: A method for secure authentication is provided which includes having a user who wishes to gain access to a computer or computer network select from among a plurality of randomly displayed images, having different background colors, the correct image and background color which correspond to the user's computer account. In one advantageous form, in addition to selecting the correct image, the user must first enter a username and password. In an alternative form, if a user is seeking access to a computer network by using a preapproved access point or computer having an approved IP address, a user is allowed to gain access to the computer network without being prompted to select a correct image.

Abstract: Methods, systems, and apparatus for voice authentication and command. In an aspect, a method comprises: receiving, by a data processing apparatus that is operating in a locked mode, audio data that encodes an utterance of a user, wherein the locked mode prevents the data processing apparatus from performing at least one action; providing, while the data processing apparatus is operating in the locked mode, the audio data to a voice biometric engine and a voice action engine; receiving, while the data processing apparatus is operating in the locked mode, an indication from the voice biometric engine that the user has been biometrically authenticated; and in response to receiving the indication, triggering the voice action engine to process a voice action that is associated with the utterance.

Abstract: A method, server and system for obtaining a licensed application is provided. In one example embodiment, the method comprises: receiving an application download request from a user of the electronic device by way of an input mechanism associated with the electronic; transmitting a download request from the electronic device to an application delivery server; receiving an application from the application delivery server at the electronic device; receiving a license key from the application delivery server; and automatically injecting the license key into the application.

Abstract: A method for composing an authentication password associated with an electronic device is implemented by a password composing system including a display, a receiving unit, and a processing unit. In the method, the display is configured to display a start point, and a plurality of displayed paths. The receiving unit is configured to detect a set of user-input movements of a contact point at the display. The processing unit is configured to determine whether the user-input movements conform with a predefined valid user-input gesture, store a plurality of codes corresponding to the valid user-input gestures, and to compose the authentication password according to valid ones of the series of the user-input movements.

Abstract: The invention relates to providing access control to service units of a computer system. When a program unit such as a process or a thread accesses a service unit, the service unit generates an access signal (e.g. an interrupt) indicating the service unit has been accessed. This access signal is handled e.g. by an interrupt handling arrangement at the processor, and in case the program unit is not authorized to access the service unit, the program unit is terminated.

Abstract: Generally, this disclosure describes devices, methods and systems for securely providing context sensor data to mobile platform applications. The method may include configuring sensors to provide context data, the context data associated with a mobile device; providing an application programming interface (API) to a sensor driver, the sensor driver configured to control the sensors; providing a trusted execution environment (TEE) operating on the mobile device, the TEE configured to host the sensor driver and restrict control and data access to the sensor driver and to the sensors; generating a request for the context data through the API, the request generated by an application associated with the mobile device; receiving, by the application, the requested context data and a validity indicator through the API; verifying, by the application, the requested context data based on the validity indicator; and adjusting a policy associated with the application based on the verified context data.

Abstract: Methods and systems are provided for fine tuning access control by remote, endpoint systems to host systems. Multiple conditions/states of one or both of the endpoint and host systems are monitored, collected and fed to an analysis engine. Using one or more of many different flexible, adaptable models and algorithms, an analysis engine analyzes the status of the conditions and makes decisions in accordance with pre-established policies and rules regarding the security of the endpoint and host system. Based upon the conditions, the policies, and the analytical results, actions are initiated regarding security and access matters. In one described embodiment of the invention, the monitored conditions include software vulnerabilities.

Abstract: A method, system and computer-usable medium are disclosed for managing identity authorizations to access information processing system resources. An application thread requiring access to target resources is initiated and associated with an authenticated client identity and a server identity. The resource authorization attribute of a resource required for execution of the application thread designates the use of a client identity, a server identity, or a client identity and server identity when attempting authorized access of the resource. The client identity, the server identity, or the client identity and server identity is then respectively used to access the target resource and the application thread is executed.

Abstract: The present invention relates to an apparatus and a method for managing digital rights using virtualization technique, and more particularly to an apparatus and a method for enabling a user to access a desired text file in an independent area through a virtual machine corresponding to a licensed right for accessing the text file. The present invention comprises a virtual machine (VM) management unit for controlling a user access authorization function for accessing the text file in the area to which the virtualization technique is applied.

Abstract: A computer-based system, method and computer program product for controlling access to protected personal information is disclosed. Protected personal information that is accessible by an information management application program is stored in a computer memory. In response to a request from an authenticated user for information, which includes protected personal information, information is displayed indicating that user has requested protected personal information, but the protected personal information is not displayed. In response to receiving user input requesting access to the protected personal information, a determination is made as to whether the user is authorized to access the requested protected personal information. If so, requested protected personal information is displayed to the user and information is stored relating to the user's access to protected personal information.

Abstract: The present disclosure discloses an upper-order computer, a lower-order computer, a monitoring system and a monitoring method, so as to eliminate the disadvantages of low standardization level and small scale in manually setting and adjusting performance parameters. The upper-order computer includes a central control module and an information interacting module, the information interacting module including a human-computer interacting unit, and the central control module including a processing unit, a display control unit and a parameter configuring unit, wherein the processing unit is adapted for controlling a lower-order computer by sending control commands; the display control unit is adapted for processing effective operating data acquired from the lower-order computer, and is adapted for instructing the human-computer interacting unit to perform presenting; and the parameter configuring unit is adapted for configuring parameters of the lower-order computer by sending parameter configuring commands.

Abstract: User authentication is provided. At least one of a social network and a business network of each user in a plurality of users is accessed. User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network. Challenge questions requiring a user response are generated based on monitoring the user history data of the users. The user response to a generated challenge question is evaluated. A set of events is triggered based on evaluating the user response.

Abstract: A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.

Abstract: In one example, a platform device includes a control unit configured to receive a first software package signed by a first software development entity with a first certificate of a first certificate hierarchy associated with the first software development entity, execute the first software package only after determining that a root of the first certificate hierarchy corresponds to a certificate authority of a developer of the platform device, receive a second software package signed by a second software development entity with a second certificate of a second certificate hierarchy associated with the second software development entity, wherein the second certificate hierarchy is different than the first certificate hierarchy, and execute the second software package only after determining that a root of the second certificate hierarchy corresponds to the certificate authority of the developer of the platform device.

Abstract: Systems and methods of managing keystroke data in embedded keyboard environments may involve transferring a mode request from a management controller to an embedded controller of a keyboard via a dedicated communication channel. Keystroke activity can be detected at the keyboard, and keystroke data may be transferred from the embedded controller to the management controller via the dedicated communication channel in response to the keystroke activity and the mode request. In addition, the management controller may be used to encrypt the keystroke data, wherein the encrypted keystroke data can be transmitted from the management controller to an off-platform service via a network controller.

Abstract: Systems, methods, and apparatus are disclosed for electronically sharing data using authentication variables, such as biometrics and contextual data. Example contextual data includes machine identifications (IDs) and data collected from sensors of computing devices.

Abstract: Data are accessed securely in a data storage device that includes a non-volatile solid-state storage device integrated with a magnetic storage device. An identical copy of drive security data, such as an encrypted version of a drive access password, is stored in both the non-volatile solid-state storage device and in the magnetic storage device. In response to receiving a command from a host device that results in access to the magnetic storage device, access is granted to the magnetic storage device if the copy of drive security data stored in the non-volatile solid-state storage device matches the copy of drive security data stored in the magnetic storage device. Furthermore, encrypted drive-unique identification data associated with the drive may be stored in both the non-volatile solid-state storage device and the magnetic storage device, and access is granted if both copies of the encrypted drive-unique identification data match.

Abstract: A mobile device includes a user interface that has a plurality of non-password-protected desktop screens and at least one password protected desktop screen. The mobile device includes a touch sensitive display device that accepts gestures used to navigate between the desktop screens. Applications may be installed to password protected desktop screens.

Abstract: An improved system and method for controlling access of components to industrial automation system resources by reference to the various operational states of the industrial automation system. A central access control system includes a processing circuitry, interface circuitry configured to receive information pertaining to the operational state of an automation system, memory circuitry, and a display and user interface. In operation, access to automation components are either allowed or denied based on the designation of an operational state of an automation system.

Abstract: The invention relates to a method for evaluating the authenticity of peripheral devices of a self-service machine having an operating system that provides at least one global mutex, having software layers, that are arranged on the operating system, having processes that run on the self-service machine and that access the operating system and/or the software layers, comprising the steps of: evaluating of authenticity of a connected peripheral device by a first process; if it was determined during the evaluation that the peripheral device could not be authenticated, setting of the mutex; evaluating the mutex by a second process based on an event and, if the mutex is set, switching the self-service machine to an error state.

Abstract: Systems and methods are described for enabling users to model security resources and user access keys as resources in a template language. The template can be used to create and update a stack of resources that will provide a network-accessible service. The security resources and access keys can be referred to in the template during both stack creation process and the stack update process. The security resources can include users, groups and policies. Additionally, users can refer to access keys in the template as dynamic parameters without any need to refer to the access keys in plaintext. The system securely stores access keys within the system and allows for templates to refer to them once defined. These key references can then be passed within a template to resources that need them as well as passing them on securely to resources like server instances through the use of the user-data field.

Abstract: A method, system and apparatus for controlling access to a media server are provided. A browse request is received at a computing device, from a remote computing device to browse a memory structure including content files. Authentication of the remote computing device is initiated. Prior to the remote computing device being authenticated, a response is transmitted to the remote computing device indicative that the memory structure is empty of the content files, regardless of actual content of the memory structure. After the remote computing device is authenticated, a further response is transmitted to the remote computing device indicative of the actual content of the memory structure.

Abstract: Described herein are systems and methodologies for managing document access permissions. Embodiments of the invention have been particularly developed for allowing group-based permission management in a file system. While some embodiments will be described herein with particular reference to that application, it will be appreciated that the invention is not limited to such a field of use, and is applicable in broader contexts.

Abstract: A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.

Abstract: Techniques to manage digital telephones are described. An apparatus may comprise a digital telephone management component having a telephone interface module operative to receive security information in the form of a personal identification number (PIN) for an operator or device. The digital telephone management component may also comprise a telephone security module communicatively coupled to the telephone interface module, the telephone security module operative to receive encrypted security credentials from a computing device, and decrypt the encrypted security credentials with the PIN. The digital telephone management component may further comprise a telephone authentication module communicatively coupled to the telephone security module, the telephone authentication module operative to authenticate the digital telephone using the security credentials. Other embodiments are described and claimed.

Abstract: A method, system, and medium are provided for locating a lost mobile device utilizing a radio frequency signal associated with the lost mobile device. One embodiment of the method includes activating a signal on a lost mobile device. An identifier associated with the lost mobile device allows a locating mobile device to receive the signal from the lost mobile device and filter out interference. The strength of the signal is determined and a location of the lost mobile device is communicated to a user based on the strength of the signal.

Abstract: A method of authenticating access to an electrical device. The method comprises comparing, at an electronic processor, one or more patterns of temporal or physical properties, associated with an access entry string, to a non-transitory electronic profile data base of ranges of the corresponding patterns, from previously approved access entry strings. The method also comprises approving or denying at the electronic processor, the access entry string. The access entry string is approved if the one or more patterns falls within the respective range of the corresponding patterns in the profile data base. The access entry string is denied if the one or more patterns falls outside the respective range of the corresponding patterns in the profile data base.

Abstract: An authorization device for authorizing operations of a remote server requested from user computers via a data communications network includes a computer interface configured to connect to a local user computer for facilitating communication with the remote server via a data communications network, a user interface configured to present information to a user, and control logic. The control logic is adapted to use security data accessible to the control logic to establish, via the local user computer, a mutually-authenticated connection for encrypted end-to-end communications with the server; collect from the server, via the connection, information indicative of any operation requested via a different connection to the server and requiring authorization by the user; and present the information to the user via the user interface to prompt for authorization of the operation.