Abstract: Computer system for performing biometric matching in a way that balances accuracy level required in the biometric matching against computing resources (for example, processor cycles) that will be needed to match authentication requesters with profiles of authorized users. In some embodiments, this is achieved by controlling the number of clusters and/or the number of clusters to be searched pursuant to an authentication request.

Abstract: In some implementations, an authentication system may receive, from a client device, a credential associated with a user account and a request to access a resource. The authentication system may transmit, to the client device, a request for an image of a customized physical security token associated with the user account. The authentication system may receive, from the client device, a first image. The authentication system may compare the first image with a representation of a second image of the customized physical security token associated with the user account. The authentication system may grant or denying access to the resource based on comparing the first image with the representation of the second image.

Abstract: Aspects of the disclosure relate to using machine-learning models to authenticate users and protect enterprise-managed information and resources. In some embodiments, a computing platform may receive user interaction data from enterprise computing infrastructure and may train one or more authentication models based on this data. Subsequently, the computing platform may receive, from a first application server, a request to authenticate a first user to a first user account in a first usage session hosted by the first application server. In response to receiving this request, the computing platform may identify whether session-specific interaction data for the first usage session is valid based on the one or more authentication models. If the interaction data is identified as being valid, the computing platform may generate and send one or more commands directing the first application server to allow the first user to access the first user account in the first usage session.

Abstract: An Identity and Access Management Service implements persistent source values PSVs) for assumed identities. A source value (e.g., an original identifier of an entity) is persisted across assumed identities, facilitating identification of entities (users or applications) responsible for actions taken by the assumed (e.g., alternative) identities. The Manager receives a request to assume an identity. The request includes the entities current credentials and a PSV. The current credentials are authenticated and a persistent source value policy may be relied on to determine whether and/or how to grant the assumed identity. The PSV may be copied from credentials in the request in order to be included in the credentials for the requested identity that the Manager provides in response to the request. Use of the requested credentials, including the PSV, to access services or resources may be logged, the logs including the PSV from the request to assume the identity.

Abstract: A method for verifying identities of parties to a transaction includes receiving a login attempt from a mobile communication device, the login attempt including a security credential. The method determines that the security credential of the login attempt from the mobile communication device is authentic. The method communicates a one-time access code to the mobile communication device. The method receives a one-time entry code and mobile communication device information from the mobile communication device. The method determines that the one-time entry code and the mobile communication device information from the mobile communication device satisfies the communicated one-time access code and predetermined user mobile communication device information. The method provides by the mobile communication device access to a secure transaction environment.

Abstract: An artificial intelligence-based system and method for automatically generating and adjusting tags associated with one or more UI/UX related components or features is provided. Analysis may be performed on the data collected by the one or more tags so that design change recommendations can be dynamically recommended and/or implemented. When design changes are implemented, the system may automatically reconfigure or adjust all relevant tags. The AI-based system may be a standalone platform or may be incorporated into existing UI/UX programs.

Abstract: To reduce a data amount required for tactile presentation while enabling driving of different types of tactile presentation devices corresponding to different physical amounts. An encoding device according to the present technology is provided with an encoding unit that generates coded data by performing encoding to compress an information amount by utilizing an interconversion property between physical amounts on a plurality of tactile signals representing different physical amounts. This makes it possible to obtain the tactile signals representing desired physical amounts within a range in which interconversion may be performed while compressing the information amount by utilizing the interconversion property between the physical amounts.

Abstract: Example computing devices that are enabled to enter secure operating modes are provided. An example computing device includes a main processor to run an operating system enabled to establish communication from an external device to the main processor via a hardware interrupt handler when the external device is connected to the computing device. The computing device further includes a keyboard controller to detect a lock keystroke sequence at a keyboard, and, in response to detecting the lock keystroke sequence, cause the main processor to halt the operating system and to enter a secure operating mode in which communication from the external device to the main processor via the hardware interrupt handler is blocked.

Abstract: A method and apparatus for generating a dynamic security certificate. The method creates an entropic element from user input, receives metadata from user input and generates a dynamic security certificate using the entropic element and the metadata. The dynamic security certificate is then trusted through user input.

Abstract: Method and system are provided for user authentication using original and modified images. The method includes receiving an original image for a user, where the original image is a private image that meets certain configured criteria. The method uses a pre-trained Convolutional Neural Network (CNN) model to extract one or more image features of the original image and feeds the extracted image feature into a Generative Adversarial Network (GAN) image generator to realistically modify the extracted image feature to generate a modified image. The method authenticates a user based on recognition of a presented original image or a presented modified image.

Abstract: An information processing apparatus includes a processor configured to change control of sound collection in accordance with a state of an upper body region of a user who is photographed, during a communication of transmitting a sound.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to detect attacks in V2X networks. An example apparatus includes a challenge handler to (a) transmit a first challenge packet to a first vehicle to request a transmission of a first response, (b) instruct a second challenge packet to be transmitted to a second vehicle to request a transmission of a second response, (c) increment a first counter when the first response is not obtained, (d) increment a second counter when the second response is not obtained, and (e) after repeating (a)-(d), determine that the first and second vehicles are phantom vehicles associated with an attacker with a half-duplex radio when at least one of the first or second counters satisfy a threshold, and a network interface to instruct a third vehicle associated with the V2X network to ignore future messages from the phantom vehicles based on the determination.

Abstract: A communication management system provides a cognition test electronically to control access to an account. A test implementer includes a graphical user interface. One or more processors are configured to administer the cognition test by: displaying a plurality of image components on the graphical user interface such that each image component of the plurality of image components moves along a respective movement path within the graphical user interface; receiving an input via the graphical user interface; comparing the input to a solution value for the cognition test, wherein the solution value is based on the plurality of image components; blocking access to a protected account based on the input not correlating to the solution value; and allowing access to the protected account based on the input correlating to the solution value.

Abstract: A vehicle-mounted key-generation method is for a vehicle including electronic control units (ECUs) that communicate with each other via a vehicle-mounted network. At least one ECU includes a key generation module and a key transmission module, and each of the other ECUs includes a key receiving module and a key invoking module. The method includes receiving, through at least one ECU, a secure access request sent from an authorized user through a secure access device, and, after confirming to accept the secure access request from the secure access device, waiting for the secure access device to send a key generation request. The method further includes, after receiving the key generation request, generating a key through the key generation module, using the key transmission module to send the key to other ECUs via the vehicle-mounted network, and receiving the key through the key receiving module in other ECUs.

Abstract: An apparatus for estimating bio-information according to an embodiment of the present disclosure includes a first sensor configured to obtain a fingerprint image of a finger of the user; a second sensor configured to measure a force or a pressure applied by the finger; and a processor configured to obtain, based on the fingerprint image, a first feature value related to pulse waves and a second feature value related to skin elasticity; obtain a third feature value based on the force or the pressure; and estimate the bio-information of the user based on the first feature value, the second feature value, and the third feature value.

Abstract: Systems and methods are provided to identify security vulnerabilities related to containerization platforms. Container images may be received from a repository, and scanned for security vulnerabilities. Containers may be automatically generated and updated with security updates when the images are extracted and identified. Updated versions of images may be generated based on the updated containers. Stored security vulnerability may be automatically updated with CVE information received from external databases at regular intervals, or upon receiving a scan request. Scan results may be generated, stored and compared. Vulnerability comparisons may be generated for an initial version of an image and an updated version of the image that includes the implemented security updates that rectify the identifiable security vulnerabilities.

Abstract: The present disclosure inter alia presents a method of generating a temporary authentication value, for use in a secure transmission to a service provider system having one or several computer servers. The method starts with receiving a first identification data and receiving a security data associated with the first identification data. Thereafter, a hash function is applied to the first identification data and the security data to generate a temporary authentication value. The generated temporary authentication value is divided into a first and a second part. The method thereafter comprises transmitting only the second part of the divided temporary authentication value to the service provider system for verification.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: An electronic device, method, and computer program product provide automated static or dynamic format selection of screen shot capture responsive to display size. An application, executed by a processor of the electronic device, presents, via a display, at least a portion of an electronic page. In response to receiving an input, via at least one input device of the electronic device, to capture a screen shot of the display, a controller of the electronic device determines a number of screens required to present an entirety of the electronic page. In response to the number of screens being equal to or less than a first threshold number of screens, the controller generates a static screen shot image of the electronic page. In response to the number of screens being greater, the controller generates a dynamic screen shot image that automatically scrolls or page flips through the entirety of the electronic page.

Abstract: Systems and methods of managing a certificate associated with a component located at a remote location from a certificate authority system are provided. A certificate request is received, wherein the certificate request comprises a key associated with the component. A certificate is generated corresponding to the key received in the certificate request, and a validity status of the certificate is caused to be set to invalid. The certificate is provided to the component and it is determined whether the component matches the certificate. Upon determining that the component matches the certificate, the validity status is caused to be set to valid.

Abstract: A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.

Abstract: A video generation method, a video playing method, a video generation device, a video playing device, an electronic apparatus and a computer-readable storage medium are provided. The video generation method includes: acquiring a first video; executing Gaussian blur special effect processing on the first video to obtain a second video; superimposing an additional dynamic effect on the second video to generate a third video, wherein the additional dynamic effect is a dynamic image that presents a related information corresponding to the first video in a dynamic effect; and splicing the first video with the third video to generate a fourth video, wherein an image area of the fourth video comprises a first image area configured to display an image of the first video and a second image area configured to display an image of the third video.

Abstract: A method, system and product including obtaining a media stream depicting a real-time communication of a participant in a communication context; identifying the communication context; obtaining a personalized model of the participant when communicating in the communication context, wherein the personalized model is configured to identify a behavioral pattern of the participant; executing the personalized model on at least a portion of the media stream to determine whether a behavioral pattern of the participant in the media stream matches the behavioral pattern of the participant according to the personalized model; and upon identifying a mismatch between the behavioral pattern of the participant in the media stream and the behavioral pattern of the participant according to the personalized model, performing a responsive action.

Abstract: An apparatus for face image candidate determination for authentication, including a storage and at least one processor wherein the storage stores a reference face image in association with an attribute of the image for each registered person and a score threshold value for each combination of attributes of face images to be collated. The processor configured to: acquire a face image of a person to be determined as a face image for determination, determine an attribute of the face image, collate the reference face image with the face image and calculates a score indicating a degree of matching, and select a reference face image satisfying the score threshold value as a face image candidate for authentication and selects the face image candidate and the score thereof as authentication information of the face image for determination.

Abstract: According to some embodiments, a user vector generator may access information about a user (e.g., a software deployment developer or operator) in a user data store that contains electronic records each associated with different user. Each record may include, for example, a user identifier and user characteristics. Based on the user characteristics, the system may automatically generate a user vector indicating a computing environment skillset level for that user (e.g., beginner, intermediate, or expert). A machine learning privilege assignment platform may receive an indication of the user vector for the user and, based on the user vector and a machine learning algorithm, generate a privilege decision for that user (e.g., when the user attempts to update the system). An indication of the privilege decision may be output, according to some embodiments, to an SMT solver to review the privilege decision before granting the user access to the computing environment.

Abstract: A processing system includes an acquisition portion that acquires information based on a captured image of a user, and a processor that performs a login process and a logout process on an electronic device. When it is determined that a gesture of a user for instructing to log out from the electronic device is performed based on the captured image of the user, the processor performs the logout process.

Abstract: A method and apparatus provides for securely unlocking a locked program domain by a third party wishing to gain extraordinary access to the program domain by a third party. The third party and the program domain are mutually authenticated using exclusive self-escrow of credentials that are generated, revealed, or stored within the program domain. Multiple third parties that are required for unlocking the program domain may also be authenticated prior to unlocking the program domain. The method and apparatus provides extraordinary access without the use of backdoors or having the program domain provide credentials to third parties.

Abstract: A method for authenticating a user for performing a transaction comprises receiving unique knowledge of the user such as photoauthentication, and receiving a hardware profile associated with the user. The unique knowledge and the hardware profile are compared against previously stored data representing unique knowledge of the user and a hardware profile associated with the user. If both the received data representing the unique knowledge of the user and the received hardware profile are authenticated, the transaction is allowed to go forward.

Abstract: The present invention relates to a handwritten signature authentication apparatus and method. More particularly, the present invention relates to an apparatus and a method of blinding a handwritten signature for authentication in which when a user writes a handwritten signature, a handwritten signature image displayed on a display device is blinded from a third party nearby.

Abstract: A method may involve receiving fingerprint sensor data from a fingerprint sensor system, detecting, according to the fingerprint sensor data, a presence of a digit on an outer surface of the apparatus in a fingerprint sensor system area; determining, according to the fingerprint sensor data, a digit force or a digit pressure of the digit on the outer surface of the apparatus; and making, according to the fingerprint sensor data, a time threshold determination. The time threshold determination may involve determining whether a length of time during which the digit force exceeds a threshold digit force or during which the digit pressure exceeds a threshold digit pressure is greater than or equal to a threshold length of time. The method may involve determining, based at least in part on the time threshold determination, whether to enable one or more emergency response functions of the apparatus.

Abstract: Systems, methods, and computer-readable storage media for authenticating a user account with a synchronized content management system are disclosed. A synchronized online content management system may receive a request from a client device to access content in the content management system via a web browser that is running on the client device. The system may identify that a client-side application for the content management system has been installed on the client device and that the client-side application is already logged into a user account with the content management system. The system can cause the web browser to open a local host connection to the client-side application such that the web browser may be able to obtain from the client application some user account identifying information for the user account. The system can then cause the web browser to log into the user account by using the user account identifying information.

Abstract: A user authentication system includes an image capture device and a controller communicatively coupled to the image capture device. The controller receives first image data associated with user identification information and generates a first set of biometric data based on the first image data. The controller also receives second image data associated with a first user action in response to the first set of biometric data approximately matching a first set of authenticated biometric data. The controller further generates a second set of biometric data based on the second image data and receives third image data associated with a second user action. The controller also generates a third set of biometric data based on the third image data. The controller further grant access to a user account in response to the second and third sets of biometric data approximately matching second and third sets of authenticated biometric data, respectively.

Abstract: Techniques for electronic signature process management are described. Some embodiments provide an electronic signature service (“ESS”) configured to manage electronic identity cards. In some embodiments, the ESS generates and manages an electronic identity card for a user, based on personal information of the user, activity information related to the user's actions with respect to the ESS, and/or social networking information related to the user. The electronic identity card of a signer may be associated with an electronic document signed via the ESS, so that users may obtain information about the signer of the document. The ESS may also generate a trust score for the user based on activity information related to the user's actions with respect to the ESS and/or other factors. The trust score may be used to recommend authentication mechanisms to use with respect to electronic signature transactions.

Abstract: Methods, systems, computer-readable media, and apparatuses for an authentication-based communication link with a peripheral device are presented. In some embodiments, the peripheral device receives, from a host device, and stores, in a memory of the peripheral device, registration data including, for instance, a user credential, a user identifier, and/or a device identifier. Upon a request to pair the peripheral device with the same or a different host device, the peripheral device requests and receives, from such a host device, authentication data including a user credential, a user identifier, and/or a device identifier. The peripheral device determines whether a match exists between the received authentication data and the registration data. If so, a communication link is established with the host device.

Abstract: A baseband processor of a communication device, the baseband processor comprising a multiple encryption manager that utilizes a transmit data stream as an input data stream in the case that the transmit data stream is determined not to already have encryption applied by a higher layer component, and that utilizes a known unencrypted dataset as an input data stream in the case that the transmit data stream is determined to already have encryption applied by a higher layer component, an encryptor block that encrypts the input data stream into an encrypted data stream, and a randomness inspector that is in communication with the encryptor block, the randomness inspector unit accessing the input data stream and the encrypted data stream from the encryptor block and determining a randomness gain by comparing a first randomness measurement associated with the input data stream to a second randomness measurement associated with the encrypted data stream.

Abstract: A method, a device and a system for networking air conditioning units, a storage medium, and a processor. The method includes: determining a wireless network for networking an air conditioning unit of the air conditioning unit, and an identification of the wireless network; and controlling the air conditioning unit to network according to the wireless network and the identification.

Abstract: A mobile security system includes a first camera, a second camera, and a controller. The first and second cameras capture first and second images at a first time and include first and second object images of an object, respectively. The controller: obtains a camera distance between the first and second cameras, receives the first and second images from the first and second cameras, retrieves the first and second object images in the first and second images, respectively; determines first and second object image sizes of the object in the first and second object images, respectively; calculates a first object distance between the first camera and the object using the camera distance and the first and second object image sizes; determines whether the first object distance satisfies criteria of a security policy; and if so, apply a security action associated with the security policy.

Abstract: There is disclosed a method for training a Machine Learning Algorithm (MLA) for classifying a user action sequence that is performed by a user with an electronic service on a computer device. The method comprises: receiving an indication of interface elements of the electronic service and events associated with the interface elements to be monitored; receiving a plurality of indications of the user action sequence, the plurality of indications being of at least two different types of classes, for which the MLA is to be trained for classifying user actions into; generating a training set by: subdividing the given user action sequence into subsequences, determining a frequency of each subsequence appearing in the user action sequences belonging to a given one of the at least two different types of classes; scoring each subsequence based on the frequency; selecting n most informative subsequences.

Abstract: A method for managing power resource in an augmented reality (AR) device is described. In one aspect, the method includes configuring a low-power mode to run on a low-power processor of the AR device using a first set of sensor data, and a high-power mode to run on a high-power processor of the AR device using a second set of sensor data, operating, using the low-power processor, a low-power application in the low-power mode based on the first set of sensor data, detecting a request to operate a high-power application at the AR device, in response to detecting the request, activating the second set of sensors of the AR device corresponding to the high-power mode, and operating, using the high-power processor, a high-power application in the high-power mode based on the second set of sensors.

Abstract: Embodiments are directed to managing sandboxed application extensions. A first request that include includes information that identifies an extension may be provided to an extension server. Information included in a first response may be employed to instantiate an extension shell that corresponds to the extension and embed it in the hosting application such that the extension shell is associated with a first security policy included in the first response. A second request may be provided to the extension server based on information included in the extension shell such that the second request includes an identifier associated with an extension body that corresponds to the extension shell. The first security policy or the second security policy may be employed to enable one or more of the extension shell or the extension body to just access the hosting application or just access the extension server.

Abstract: Systems, methods and apparatus are provided for a Dynamic Group Session Data Access Protocol. The system may monitor participant input in a group interactive session. The system may be trained to monitor and understand the group environment and predict intent of the participant discussion and may predict relevant data. The system may be used by a single participant or by multiple participants. The system may determine the access level of the participants. The system may determine the access level of the data. The system may compare the access level of the participants with the access level of the data. The system may dynamically mask the data if the access level of the participants does not match the access level of the data. The system may create customized views of the data for each participant based on the participant's access level and the access level of the data.

Abstract: A credentials store definition identifying a remote credential store is received. The credential store definition includes access information to enable access to the remote credentials store. A credentials object is created in an internal database based on a credentials object definition. The credentials object identifies a security credential to retrieve from the remote credentials store to access an external resource. At runtime, a request to access the external resource is received, and based on receiving the request, the security credentials identified by the credentials object are retrieved from the remote credential store using the access information. The retrieved security credential is provided to a processing component to access the external resource.

Abstract: A processing method includes displaying a first content, acquiring input information, and displaying a second content in response to the input information satisfying a condition. The input information satisfying the condition indicates presence of a viewer of interest.

Abstract: Apparatus and methods are disclosed, including a memory device or a memory controller configured to supply supported voltages to a host, provide temperature throttling information to the host, or provide an indication that a host attempting to read a result was not the host that caused the placement of the result in a result register. Methods of operation are disclosed, as well as machine-readable medium and other embodiments.

Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: There is provided a system for creating a cryptographic non-fungible identity unique token (IUT), comprising code for: obtaining a private key linked to a public address of an electronic wallet, associated with a wallet address, obtaining a digital representation of a hashed genetic sequence of a user and an associated wallet address of the electronic wallet, storing in the cryptographic non-fungible IUT, an IUT identifier, the IUT identifier is an outcome of hashing a subset of the hashed digital representation and a unique password, storing the IUT in a genetic sequence record stored in a block of a blockchain dataset, wherein the genetic sequence record is associated with the IUT, the IUT is associated to the wallet address, wherein the user is authenticated by a match between a computed value of a password and the wallet address provided by the user, and the IUT identifier stored on the blockchain.

Abstract: Embodiments of the disclosure relate to methods, apparatus and systems for authentication of a user. The described embodiments relate to obtaining ear biometric data for a user to be authenticated. The ear biometric data comprises one or more features characteristic of the user's ear canal and an associated fit metric indicative of a positioning of a personal audio device relative to the user's ear canal, the personal audio device comprising a transducer for application of acoustic stimulus to the user's ear to obtain the ear biometric data. The user may be identified as a particular authorised user based on one or more features and the associated fit metric.

Abstract: A method of speaker identification comprises receiving an audio signal representing speech; performing a first voice biometric process on the audio signal to attempt to identify whether the speech is the speech of an enrolled speaker; and, if the first voice biometric process makes an initial determination that the speech is the speech of an enrolled user, performing a second voice biometric process on the audio signal to attempt to identify whether the speech is the speech of the enrolled speaker. The second voice biometric process is selected to be more discriminative than the first voice biometric process.

Abstract: A computer-implemented method, for verifying an electronic device user, comprising the steps of issuing at least one action instruction to an electronic device user using a notification mechanism of the electronic device; recording response data from a plurality of data acquisition systems of the electronic device, the response data pertaining to the user's response to the at least one action instruction; processing the response data to form classification scores; combining the classification scores to form a classification value; and verifying the user if the classification value satisfies a threshold, wherein each of the at least one action instruction comprises a liveness challenge.

Abstract: A navigation application running in the foreground of the mobile device is run in the background when the mobile device enters a screen locked state. A display may be activated while the mobile device remains in the screen locked state, and an image is rendered over a lock screen of the mobile device, where the image providing a glimpse into the navigation application running in the background while the mobile device remains in the screen locked state. The image displayed over the lock screen is iteratively updated to provide a continuous glimpse into the navigation application running in the background of the mobile device that is in the screen locked state, without having to unlock the mobile device.