Abstract: A system and method for exchanging secure information between Secure Removable Media (SRM) devices. An initialization operation is performed between the SRM devices. After a mutual authentication operation is performed between the SRM devices, a secret key is exchanged for secure information exchange. An installation setup operation is then performed to establish an environment for moving rights between the SRM devices, and the rights information can be directly exchanged between the SRM devices by performing a rights installation operation between the SRM devices.

Abstract: A method of authenticating a user of a computing device is proposed, together with computing device on which the method is implemented. In the method a modified base image is overlaid with a modified overlay image on a display. At least one of the modified base image and modified overlay image is moved by the user. Positive authentication is indicated in response a first point relative to the base image reference point being aligned with a second point relative to the overlay image reference point.

Abstract: Systems and methods for integrating biometric authentication with video conference sessions are described. An individual seeking to participate in a video conference may first be identified with a biometric parameter such as an iris scan based on a comparison of the scanned iris with a database of stored parameters. If authorized, the system may connect the individual to the video session. In addition, the system may generate dynamic tags that allow the participants to identify and locate individuals in the video conference. For example, if one of the participants is speaking and moving within the room, her tag may change color and move with her on the video screen.

Abstract: A device and method to use a password by touch-less gesture are described. The device includes two or more ambient light sensors arranged at respective surface locations of the device, each of the two or more ambient light sensors measuring light intensity at the respective surface location. The device also includes a first processor to execute a password application on the device, and a second processor to detect two or more gestures performed by an object in touch-less communication with the device and define or verify a password based on the two or more gestures.

Abstract: A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application.

Abstract: A display apparatus including an image processor which processes a video signal is provided. The display apparatus includes; a display which displays an image based on a processed video signal; a receiver which receives a key signal input by a user; a storage which stores a password key; and a controller which receives a user's first key signal which comprises an arrow key signal when a password is set up for the display apparatus, sets up and stores the password key which corresponds to the received first key signal, receives a user's second key signal when access is attempted, and allows the access in response to the received second key signal and the stored password key matching each other through a comparison.

Abstract: An approach is provided for authenticating using user actions. A prompt is initiated on a display for an input to authenticate a user. The input is received as a sequence of user actions on the display. A predetermined sequence associated with the user is retrieved. The received sequence is compared with the predetermined sequence to determine a match. The user is declared to be authenticated based on the comparison.

Abstract: A communication device for performing communication by employing first and second communication units, includes: a reception unit for receiving a communication packet including a random number generated for every connection with another communication device, a certificate calculated with the random number, and authentication method information indicating whether or not an authentication method at the second communication unit is compatible with the public key system, through the first communication unit; and a method determining unit for determining whether or not an originator of the communication packet accepts public key encryption based on the authentication method information included in the communication packet; wherein in a case of the method determining unit determining that the originator of the communication packet does not accept the public key system, the random number included in the communication packet is replied to the originator as the identification information of the device itself.

Abstract: To authorize an access to an application, a user interface renders a geometrical pattern on receiving a trigger to access the application. The rendered geometrical pattern includes an instance of an arrangement of one or more first nodes and one or more second nodes. The rendered geometrical pattern is associated with an input type to receive a selection of the first nodes and the second nodes. The selection of the first nodes and the second nodes is received as an authorizing key. The authorizing key is matched with an authorizing passcode stored in memory to provide access to the application.

Abstract: An end device may include a camera configured to capture an image of an object, a touch screen configured to receive a touch input and a processor configured to determine to unlock the end device based, at least in part, on the image of the object and the touch input.

Abstract: Techniques and systems for authentication with an untrusted root between a client and a server are disclosed. In some aspects, a client may connect to a server. The server and client may initiate a secure connection by exchanging certificates. The server may accept a client certificate having an untrusted root that does not chain up to a root certificate verifiable to the server certificate authority. In further aspects, the server may enable the client to associate an untrusted certificate with an existing account associated with the server. The client certificate may be hardware based or generated in software, and may be issued to the client independent of interactions with the server.

Abstract: A method of controlling an electronic device providing a lock screen is provided. The method includes providing the lock screen; detecting and analyzing an event for outputting at least one output event, which is received in the lock screen, so as to determine the output event to be output based on the analysis result; determining at least one module for providing the output event corresponding to the analysis result so as to provide an output instruction to output the output event to the at least one determined module; and outputting the output event by the at least one determined module.

Abstract: A method comprises steps of: acquiring a function operation instruction input by a user; and scanning a fingerprint of the user and performing identity authentication on the user according to the fingerprint, if an operation corresponding to the function operation instruction is authentication; storing data information into a preset storage space, if an operation corresponding to the function operation instruction is data information storage; charging a preset device, if an operation corresponding to the function operation instruction is charging. The multifunctional MCU comprises an acquisition module, an authentication module, a storing module and a charging module.

Abstract: An electronic device with a display and a fingerprint sensor may authenticate a user for a respective function. While access to one or more resources of the device is restricted, the device displays an irregular arrangement of shapes on the touch-sensitive display. The device receives input based on the displayed irregular arrangement of the shapes. In accordance with a determination that the input meets input pattern criteria, the device provides access to the one or more restricted resources. In accordance with a determination that the input does not meet the input pattern criteria, the devices forgoes providing access to the one or more restricted resources of the device.

Abstract: An image forming apparatus has: pluralities of sheet storage units; a printing unit; a sheet driving unit that feeds a sheet of paper from the sheet storage units to the printing unit; a group setting maintaining unit that forms a group of the sheet storage units; a residual sheet amount detecting unit that detects sheet empty on any of the sheet storage units in the group; a sheet storage switching control unit that controls the sheet driving unit to select another one of the sheet storage units in the same group for feeding a sheet, if the residual sheet amount detecting unit detects the sheet empty; and a sheet empty warning unit that warns a user of the sheet empty detected by the residual sheet amount detecting unit.

Abstract: Embodiments of the invention relate to password management of one or more data storage devices. A set of passwords are employed to manage access to the storage devices, with authentication of both passwords enabling access to the subject storage device(s) for read and/or write operation privileges. The first password is known by the user and is used as an initial input string. The second password is not known by the user and is authenticated with the subject storage device(s) through BIOS and without input from the user.

Abstract: Methods and systems for third party client authentication of a client. A method includes displaying a user interface on a display of the client, the user interface including an option to select a supported credential type of a third party authentication server, receiving a command selecting the supported credential type, and sending credential information and the selected supported credential type to an authentication server for third party authentication by the third party authentication server. The third party authentication server may support a token-based authentication protocol for implementing single sign on (SSO).

Abstract: A chip including a processor for performing a predetermined operation, a provider for providing a clock signal, with which the processor is clocked, a counter for decrementing or incrementing a count based on the clock signal, a monitor for signaling the predetermined operation to be prevented, depending on the count, and a non-volatile storage for non-volatily storing the count.

Abstract: A new approach is proposed that contemplates systems and methods to support user identity verification based on social and personal information of the user. Under the approach, customers/users are required to grant identity verifying party a degree of access to their social network information, including but not limited to, account data and social graph information on social networks. The identity verifying party then acquires information of a current or potential user's online presence in addition to other information of the user and utilizes such information to verify the user's identity in the real world and/or to assess the fraud risk of a specific financial transaction requested by the user.

Abstract: This document describes techniques and apparatuses enabling gesture-based authentication without retained credentialing gestures. The techniques are capable of determining an identifier for a credentialing gesture where the identifier can be reproduced on receiving a similar authentication gesture at a later time. The identifier for the credentialing gesture can be encrypted, sent to a secure authentication entity, and then, when an authentication gesture is received, an identifier for the authentication gesture can also be determined, encrypted, and sent to the secure authentication entity. If the secure authentication entity determines that the encrypted identifiers match, the user is authenticated.

Abstract: A method and system to improve the computer in light of the global information network with numerous computer devices services, and apps, so that a user can capture and find information with high security and usability. The method improves capturing information and the user intentions, while minimizing the work that needs to be done by the user to obtain a benefit from the computer system. The invention includes the following methods for the computer: to simplify account creation for new users; to identify them progressively by requesting just the information necessary to provide a service; to authenticate an identity without a priori preparation of security questions and by requesting a user an effort proportional to the value of the service; and to capture the user intentions of permission of information by progressively and interactively asking who can and must not find it.

Abstract: A method for unlocking a handheld device with a touch screen includes accessing a social network using login information, acquiring information of a plurality of friends from the social network. The method further includes creating an unlocking interface on the touch screen according to a second amount of a secondary key based on the plurality of friends and a question based on the first amount of a primary key based on the plurality of friends. An input event of a user on the unlocking interface is detected the handheld device is transitioned from a lock state to an unlock state upon the condition that the input event corresponds to a correct answer.

Abstract: A computer-implemented method for mitigating mobile device loss may include (1) identifying historical data specifying a plurality of past locations of a mobile computing device, (2) identifying a current location of the mobile computing device, (3) determining that the current location deviates from an expected location based on the historical data, and (4) performing a security measure on the mobile computing device in response to determining that the current location deviates from the expected location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure involves a system that includes a computer memory storage component configured to store computer programming instructions and a computer processor component operatively coupled to the computer memory storage component. The computer processor component is configured to run a secure operating system and a non-secure operating system in parallel. The secure and non-secure operating systems are isolated from each other. The computer processor component is configured to execute code to perform the following operations: receiving an authentication request from an application that is run by the non-secure operating system, wherein the authentication request contains credentials of the application; communicating with a secure applet that is run by the secure operating system, and wherein the communicating includes transferring the credentials of the application to the secure applet; and authenticating and vetting the application based on the credentials of the application.

Abstract: Disclosed are various embodiments for the synchronizing of files between a networked storage system and a third party system. A file can be stored in a storage location in a networked storage system. A determination can be whether the storage location is associated with a third party system. An authentication credential can be retrieved that is associated with the third party system. Upload of the file to the third party system can be initiated.

Abstract: An electronic device includes an inertial force sensor, a memory unit, and a control unit connected to the inertial force sensor and the memory unit. The control unit includes a characteristic-waveform processor and an authenticator. The characteristic-waveform processor is operable to generate a characteristic waveform based on output waveforms output from the inertial force sensor in response to operations performed by a first user, and to record the characteristic waveform in the memory unit. The authenticator is operable to generate a reference waveform based on one or more output waveforms output from the inertial force sensor in response to respective ones of one or more operations performed by a second user, and to determine whether or not the first user and the second user are identical to each other by comparing the reference waveform with the characteristic waveform. This electronic device performs accurate authentication with a simple structure.

Abstract: An embodiment includes a method executed by at least one processor comprising: determining a first environmental factor for a mobile communications device; determining a first security authentication level based on the determined first environmental factor; and allowing access to a first module of the mobile communications device based on the first security authentication level. Other embodiments are described herein.

Abstract: A touchscreen security interface for guiding a user in entering a “pattern-based password” (for example, a password based on one or more gestures of a fingertip or stylus). The touchscreen security interface can alternatively be displayed at multiple angular orientations which can make the password entry process more secure with respect to phenomena like grease attacks and shoulder surfing. The touchscreen security device may take the form of a rotatable keypad, rotatable between four different angular orientations occurring at 90 degree angular intervals.

Abstract: An electric device includes an imaging module, a detector and an output module. The imaging module takes an image which is output from another electric device. The detector detects a code designation from data of the image taken by the imaging module. The output module generates another code designation which is different from the code designation which is output from said another electric device, and outputs said another code designation to said another electric device, when the detector detects the code designation which is output from said another electric device.

Abstract: Techniques are disclosed for dynamically mitigating a noncompliant password. The method comprises obtaining a password; generating one or more quality scores for the password using a password policy for an authentication and authorization service; determining whether the password has sufficient score quality; in response to determining that the password does not have sufficient score quality, granting to the user a different level of access to the service than if the password meets the quality criteria; wherein the method is performed by one or more computing devices.

Abstract: Methods, systems, and computer-readable media for implementing a multi-factor authentication scheme utilizing barcode images in computing devices, such as standard mobile devices and smartphones having no native hardware support for reading barcodes other than standard digital camera componentry for capturing digital images of real-world phenomena. A mobile device may be configured by software to require a user, as a first authentication factor, to present a barcode, such as a Quick Response (QR) Code for image scanning using digital camera componentry built into the mobile device. The device analyzes the digital image of the barcode to decode the barcode into its encoded character data. If the device recognizes the character data as valid, then, as a second authentication factor, the device prompts the user to enter a valid password associated with the barcode. If the user-entered barcode is also valid, then the device may grant the user access.

Abstract: Disclosed is a portable storage device including a fingerprint sensor, a fingerprint data processing unit, a data repository, a data processing unit and the like. The fingerprint data processing unit outputs a fingerprint matching signal when fingerprint information received from the fingerprint sensor matches authentication fingerprint information of the fingerprint data repository. If the fingerprint matching signal is received from the fingerprint data processing unit, the data processing unit retrieves a data requested by the user terminal from the data repository, converts the retrieved data into a read-only data and transmits the read-only data to the user terminal.

Abstract: A display component (108) displays multiple icons that a user can touch. A multi-layered sensing component (104) includes at least a high resolution sensing component (204) and a low resolution sensing component (202). The low resolution sensing component is activated to detect objects touching the multi-layer sensing component. In response to the low resolution sensing component detecting an object touching one of the multiple icons, the low resolution sensing component is deactivated and at least a portion of the high resolution sensing component over the touched icon is activated. The high resolution sensing component senses the user's fingerprint, which is authenticated. After sensing the user's fingerprint, the high resolution sensing component is deactivated and the low resolution sensing component is reactivated.

Abstract: Access control systems for computing devices retrieve an identifier (ID) of a physical key and determine whether the physical key has been paired. If the physical key has been paired, then the access control system generates an authorization signal equivalent to input of a valid password. If the physical key has not been paired, then the access control system determines whether the physical key is authentic and, if so, proceeds with a pairing process. In other embodiments, the physical key is used to redeem virtual credits exchangeable for value in an e-commerce interface.

Abstract: An authentication process may involve presenting an image on a display device, such as an icon associated with an application, indicating an area for a user to touch. At least partial fingerprint data may be obtained during one or more finger taps or touches in the area. Based on a comparison of the partial fingerprint data and master fingerprint data of the rightful user, a control system may determine whether to invoke a function. Invoking the function may involve authorizing a commercial transaction or unlocking the display device. In some implementations, determining whether to invoke the function may be based on a level of security.

Abstract: An image processing apparatus which is capable of realizing security improvements without degrading the usability. A user is authenticated, and an operation screen accepting an operation input from the user is displayed. A job is executed according to an instruction of the user authenticated by the user authenticating unit. It is determined whether or not the job of which execution is instructed by the user, is being executed when the user authenticating unit authenticates the user. A first operation screen through which the user inputs an instruction for the job in execution is displayed when the job executing unit is executing the job, of which execution is instructed by the user, whereas another operation screen through which another user inputs an instruction for another job is displayed when not.

Abstract: In one example, a method includes receiving, by a wireless docking center (WDC) and from a wireless dockee (WD), a request to access one or more peripheral functions (PFs) associated with the WDC, and receiving, by the WDC and from the WD, one or more authentication credentials. In this example, the method also includes determining, by the WDC, whether or not the one or more authentication credentials received from the WD grant access to the one or more PFs to which the WD requests access. In this example, the method also includes permitting, by the WDC, the WD to access a first PF of the one or more PFs to which the WD requests access in response to determining that the one or more authentication credentials grant access to the first PF.

Abstract: A method includes obtaining a gaze feature of a user of a device, wherein the device has already been unlocked using a second feature, the gaze feature being based on images of a pupil relative to a display screen of the device, comparing the obtained gaze feature to known gaze features of an authorized user of the device, and determining whether or not the user is authorized to use the device based on the comparison.

Abstract: A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker.

Abstract: An authentication server and method are provided for generating tokens for use by a mobile electronic device for accessing a service. Communications between the device and the authentication server are through a relay. A memory stores a secret shared with a service server from which the service is provided. A processor is configured to generate the token using the shared secret and based on a reliance on the relay to ensure that the device has authorization to access the service. One or more computer readable medium having computer readable instructions stored thereon that cause the device to obtain proof of authorization to access the service is also provided. The instructions implement a method comprising: outputting via a wireless connection to a relay a request addressed to an authentication server for a token and receiving the token from the authentication server via the relay.

Abstract: Systems and method for authorizing third-party authentication to a service are disclosed herein. As exemplary method includes an online service provider subsystem, which is configured to provide a service, 1) receiving a request from a user to use a third-party authentication service to authenticate the user to the service, 2) directing, in response to the request, the user to authenticate to the third-party authentication service, 3) receiving, from a third-party subsystem that provides the third-party authentication service, a third-party user identifier for the user, 4) requiring the user to verify an identity of the user, and 5) authorizing, based on the verified identity of the user, use of the third-party user identifier to authenticate the user to the service. Corresponding methods and systems are also disclosed.

Abstract: A system that includes a memory to store registration information for a particular application hosted by a particular user device, where the registration information includes context information regarding the particular user device and an integrity code based on credentials associated with the particular application.

Abstract: A method and apparatus for accessing contact records in an electronic device with multiple operation perimeters is provided. When accessing contact records from within one operation perimeter, only contact information accessible from that operation perimeter is retrieved. An option is provided to also access contact records of an alternative operation perimeter. If the alternative operation perimeter has a higher security level than the current operation perimeter, a password or other authorization may be required. The contact records may be accessed, for example, to find information for an outgoing communication, to identify information associated with an incoming communication, or to edit a contact record.

Abstract: One or more embodiments of an apparatus and a method prevent a dangerous user behavior with a mobile communication device with an integrated pedometer. In a preferred embodiment of the invention, the integrated pedometer comprises a pedometer sensor and an associated software executed on a CPU and a memory unit of the mobile communication device, wherein the pedometer sensor is configured to detect a user's movements and vibrations to determine whether the user is walking or jogging based on a real-time determination from a sensor threshold value and an operation of the associated software. If the integrated pedometer determines that the user is currently walking or jogging, the associated software can dynamically activate a “walking lock” or a “jogging lock,” which prevents, prohibits, and/or limits the usage of certain device functions as long as the user is determined to be walking or jogging by the integrated pedometer.

Abstract: A token or other storage device uses Internet identities to set file access attribute rights. Subsequently, requests to access a file can be controlled by confirming the Internet identity of the requestor by either validating the request with a known public key or retrieving the public key from an Internet identity provider. Files may be stored encrypted and may be re-encrypted with the public key associated with Internet identity making the request.

Abstract: A multi-environment computer device configured for providing a work environment type and a personal environment type via a user interface for a device user, each of the environments having the same persona, the device having: a computer processor coupled to a memory, wherein the computer processor is programmed to coordinate interaction between the device user and the pair of environments presented on the user interface by: configuring the user interface to present the personal environment for facilitating interaction between the device user and personal applications associated with the personal environment, the personal environment having an assigned user name of said persona and a personal password, the personal environment presented using a set of unique personal environment user interface design elements for distinguishing the personal environment from the work environment via the user interface; and responding to a switch environment command generated by a switch mechanism invoked by the device user via

Abstract: The present disclosure discloses an unlocking method and device, a password setting method and device, relating to the technical field of computers. The unlocking method comprises the following steps of: displaying at least one password ring after a screen is activated; receiving, within a password selection region, a character generated from a slide operation to the password ring; and determining whether the received character is the same as a corresponding character in a preset password, and unlocking the screen if the received character is the same as the corresponding character in the preset password. In the present disclosure, introducing a password ring with characters to unlock a screen avoids the security problem that a trace remains on a screen in the case of a slide operation only, and also makes the use convenient for a user to reduce incorrect operations in inputting a password.

Abstract: A computer-implemented method provides power to a fingerprint reader while the remaining components of the information handling system are held in a low power, non-operating state. Placement of a finger across the fingerprint reader is detected with the information handling system in the non-operating state. A fingerprint is read and a corresponding fingerprint image is generated. The fingerprint image is buffered and an embedded controller is triggered to start an authentication device having a secure storage. The fingerprint image is compared to a fingerprint template contained in the secure storage. In response to the fingerprint image matching the fingerprint template, the authentication device signals the embedded controller to activate a user authenticated wake-up cycle to provide power to the other components of the information handling system such that the information handling system activates an operating system and enters a fully powered and user authenticated, operational state.

Abstract: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM}, and comprises the following steps. First, the computing platform (P) receives configuration values (PCRI . . . PCRn). Then, by means of the trusted platform module (TPM}, a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCRI . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp}} on one of the received configuration values (PCRI . . . PCRn).

Abstract: Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles.