Abstract: By comparing a chip unique password, certification for activating a debug function can be established on the chip unique password. Thus, even when the chip unique password is lost due to negligence, not only certification for activating debugging on other motherboards of the same model number can remain unaffected, but also risks caused by replacing a chip or by a private key leakage from a system manufacturer are eliminated.

Abstract: Biometric authentication and touch differentiation embodiments are described which use a handheld mobile computing device having a signal injection site that injects a signal into a user's hand for a prescribed period of time, and at least one signal sensing site each of which captures a signal emanating from a finger of either of the user's hands that is touching the signal sensing site during at least the period of time the signal is injected. The captured signal or signals are analyzed to determine whether they match, to a prescribed degree, a pre-established signal model that is indicative of a signal or signals expected to be captured. The signal matching determination can be employed to authenticate a user, or identify which finger of a user's hand is touching the computing device.

Abstract: A projection type image display device provided with an unauthorized use preventing system includes a button unit or a remote controller for operating the display device, a condition memory for storing information indicating at least one use condition in an authorized use of the display device, a password memory for storing a password for releasing a restriction on the use of the display device, a detector for detecting a used condition of the display device at a power on timing, and a processor for imposing restrictions on the use of the display device when the use condition detected by the detector does not match the at least one use condition indicated by the information stored in the condition memory and for relieving the restriction based upon input of the password.

Abstract: According to one aspect of the present disclosure, a method and technique for OCR-based single sign-on in a computing environment is disclosed. The method includes: responsive to launching of an application login interface, capturing an image of the login interface; determining a location of a cursor on the login interface from the image; determining whether the location of the cursor corresponds to a credential input field of the login interface; and responsive to determining that the location of the cursor corresponds to the credential input field of the login interface, automatically sending a keystroke to the login interface to insert at least one character to the login interface.

Abstract: Systems and methods for providing authentication using an arrangement of dynamic graphical images. The graphical images can be arranged as a grid or matrix for presentation on a device display for authentication of a user. The kinds of graphical images can be derived from a designated authentication category and non-authenticating categories. A series of password elements corresponding to the graphical images can be displayed with the graphical images. The user may enter the series of one or more password elements corresponding to graphical images from the authentication category which combine to form a password entry. An authentication server can compare the password entry to an authentication password corresponding to the particular arrangement of dynamic graphical images. The selection of graphical images, their arrangement and their corresponding password elements, may dynamically change in between authentication processes.

Abstract: A method of extending an integrity measurement in a trusted device operating in an embedded trusted platform by using a set of policy commands to extend a list of Platform Configuration Registers (PCRs) for the device and the current values of the listed PCRs and an integrity value identifying the integrity measurement into a policy register, verify a signature over the integrity value extended into the policy register, and, if verification succeeds, extend a verification key of the trusted platform, plus an indication that it is a verification key, into the policy register, compare the integrity value extended into the policy register with a value stored in the trusted platform, and, if they are the same: extend the stored value, plus an indication that it is a stored value, into the policy register, and extend the integrity measurement in the trusted device if the value in the policy register matches a value stored with the integrity measurement.

Abstract: Provided is a Captcha Access Control System (CACS) for generating an improved captcha that are based, in one described embodiment, upon a command in one format and a response in a different format, one or both of which are rendered in a format that is difficult for an automated system to interpret. A computer system or program to which a user is requesting access generates a textual or audible command. A video device captures the user's response and transmits the response to a response evaluation device. Based upon an analysis of the transmitted video and a comparison between the analyzed video and the command, the computer or program either enables access or denies access.

Abstract: A controller is provided with a controller key and a first controller identification information unique to the controller. The controller generates a controller unique key unique to a respective controller based on the controller key and the first controller identification information, and a second controller identification information based on the first controller identification information. A decryptor decrypts the encrypted medium device key using the controller unique key to obtain a medium device key. An authentication/key exchange process unit performs authentication/key exchange process with the host device through an interface unit using the medium device key, the medium device key certificate and the second controller identification information to establish a secure channel.

Abstract: This specification relates to a mobile terminal capable of executing a lock state of restricting a touch input and a control method thereof. The control method for the mobile terminal, which displays a lock screen in the lock state of restricting an input of a control command for an application, includes displaying an execution screen of an application on the lock screen, and controlling the lock screen based upon a touch input detected in the lock state.

Abstract: A computer-implemented method and system for verifying the identity of a user in an identity authentication and biometric verification system which includes collecting information from the user regarding the user's identity, which is then electronically authenticated. Upon authentication, personal information regarding the verified identity of the user is retrieved from a source database which is used to verify the identity of the user, via user interaction. Upon successful verification and authentication, biometric data regarding the user is electronically collected.

Abstract: Devices, systems and methods are disclosed for determining an electromagnetic signature for authenticating a device, a user, and/or a location. In exemplary embodiments, a magnetometer captures an electromagnetic signature which is then compared with one or more authorized electromagnetic signatures. If the electromagnetic signature matches an authorized electromagnetic signature, then access is granted. The magnetometer is integrated into a communication device having a processor and a logic. The magnetometer captures an electromagnetic signature of a surrounding environment and detects motion of the communication device through the captured electromagnetic signature. The logic on the communication device locks or unlocks features of the device based upon the captured electromagnetic signature. In further embodiments of the subject disclosure, the magnetometer is in communication with a server which authenticates a user or communication device to provide access to a remote location.

Abstract: A method of unlocking an electronic device having a touch-sensitive display includes at least the following steps: controlling the touch-sensitive display to have unlocking objects displayed at different locations for different time points; and when at least one contact is detected on the touch-sensitive display, determining whether to unlock the electronic device by referring to a contact status on the touch-sensitive display. Besides, a computer readable medium storing a program code is also provided, where the program code causes a processor to perform following steps when executed by the processor: controlling the touch-sensitive display to have unlocking objects displayed at different locations for different time points; and when at least one contact is detected on the touch-sensitive display, determining whether to unlock an electronic device by referring to a contact status on the touch-sensitive display.

Abstract: Described are a system and method for presenting security information about a current site or communications session. Briefly stated, a browsing software is configured to receive a certificate during a negotiation of a secure session between a local device and a remote device. The certificate includes security information about a site maintained at the remote device. The security information is displayed to a user of the browsing software in a meaningful fashion to allow the user to make a trust determination about the site. Displaying the security information may include presenting a certificate summary that includes the most relevant information about the certificate, such as the name of the owner of the site and the name of the certificating authority of the certificate.

Abstract: Computer-implemented methods and systems for using tiered signing certificates to manage the behavior of executables are disclosed. In one example, a method for performing such a task may include: 1) identifying an executable file, 2) identifying a signing certificate associated with the executable file, 3) identifying, within the signing certificate, a privilege level associated with the executable file, and then 4) managing behavior of the executable file in accordance with the privilege level associated with the executable file. Corresponding methods and systems for generating tiered signing certificates for executable files are also disclosed.

Abstract: Example embodiments disclosed herein relate to a storage device. The storage device may include a mechanism that monitors for receipt of cached authentication data from a host computing device upon resuming operation from a standby mode of the host computing device. The storage device may further include a mechanism that unlocks the storage device in response to receipt of the cached authentication data from the host computing device. In addition, the storage device may include a mechanism that monitors for receipt of re-authentication data and a mechanism that locks the storage device when a predetermined period of time has passed since resuming operation from the standby mode without receipt of the re-authentication data. Related computing devices, methods, and machine-readable storage media are also disclosed.

Abstract: A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application.

Abstract: Systems and methods for continuous measurement of an analyte in a host are provided. The system generally includes a continuous analyte sensor configured to continuously measure a concentration of analyte in a host and a sensor electronics module physically connected to the continuous analyte sensor during sensor use, wherein the sensor electronics module is further configured to directly wirelessly communicate sensor information to one or more display devices. Establishment of communication between devices can involve using a unique identifier associated with the sensor electronics module to authenticate communication. Times tracked at the sensor electronics module and the display module can be at different resolutions, and the different resolutions can be translated to facilitate communication. In addition, the frequency of establishing communication channels between the sensor electronics module and the display devices can vary depending upon whether reference calibration information is being updated.

Abstract: A semiconductor memory may be provided with a built-in test mode that is accessible through a password protection scheme. This enables access to a built-in test mode after manufacturing, if desired. At the same time, the password protection prevents use of the built-in test mode to bypass security features of the memory.

Abstract: Apparatus and methods are provided for gravity-based access control. An apparatus may be secured with a gravity-based password that reflects a pattern of manipulation or movement of the apparatus. As the apparatus is moved or reoriented, data produced by a sensor (e.g., an accelerometer, a gyroscope, a position sensor) is assembled to form the password. Elements of the password may identify surfaces of the apparatus as it is flipped or placed in different orientations, or may represent the received sensor data (e.g., acceleration force of gravity, displacement). The sensor data may be multi-dimensional. A target or model password is received and saved, and a user must recreate or re-enter the same pattern in order to unlock the device or otherwise make it available for use.

Abstract: Methods, systems, and computer programs are presented for securing a computing device. One security device includes a processor, memory and a connector. The memory includes a computer program that, when executed by the processor, performs a method. The method includes operations for detecting that the connector is coupled to a second computing device, and for determining a user associated with the security computing device. In addition, the method includes operations for receiving periodic images from an image capture device coupled to the second computing device, and for performing continuous authentication operations to validate an identification of the user based on the periodic images. The user is disabled from using the second computing device after an authentication operation fails.

Abstract: A computer-implemented method entails steps of receiving user input signifying that an application on a computing device is to be locked and, in response to the user input, locking a user within the application to thereby permit the user to utilize functionalities of the application without exiting from the application or switching to another application on the computing device.

Abstract: Embodiments provide a method and apparatus for unlocking a feature of a user portable wireless electronic communication device. The user portable wireless electronic communication device can include a camera configured to capture a characteristic of a waving hand of a user across the user portable wireless electronic communication device. The user portable wireless electronic communication device can include a controller coupled to the camera. The controller can determine whether the user is authorized to access a locked feature of the user portable wireless electronic communication device based on the captured characteristic. The controller can unlock the locked feature if the user is authorized to access the feature.

Abstract: Various systems and methods for locking computing devices are described herein. In an example, a portable device comprises an electro-mechanical lock; and a firmware module coupled to the electro-mechanical lock, the firmware module configured to: receive an unlock code; validate the unlock code; and unlock the electro-mechanical lock when the unlock code is validated. In another example, device for managing BIOS authentication, the device comprising an NFC module, the NFC module comprising an NFC antenna; and a firmware module, wherein the firmware module is configured to: receive an unlock code from an NFC device via the NFC antenna; validate the unlock code; and unlock a BIOS of the device when the unlock code is validated.

Abstract: This disclosure relates to software applications particularly for smart phone which are used to control or access hardware, particularly headsets. The software is available at no cost to anyone, but to control its use, it is coded so that only buyers of designated hardware can use it.

Abstract: In a first example of “Body-Area Networking” (“BAN”), a user wishing to access his electronic device ingests a small pill carrying a transmitter. The transmitter's signal carries an identification code that traverses the user's BAN and is read by the device. If the device recognizes that identification code as authenticate, then the device grants the user the desired access. In another example, the user again swallows a transmitter. When the user shakes hands with another person, the signal originating at the ingested transmitter is carried across the BAN of the first user, travels across the handshake to the BAN of the second user, then traverses the second user's BAN to her device. In a third example, a media player transmits audio information across the BAN to a headset worn by the user. The headset receives the signal, demodulates it, and renders the audio to the user.

Abstract: A user identification system is provided for better parental and security controls on devices that require a user touch them for proper use. The user identification system comprises a base unit, a mobile unit, and the human body that provides signal transmission through capacitive coupling. A signal is sent from the base unit when it is contacted by a user, and the mobile unit sends a response signal containing the user identification. One embodiment of the mobile unit is a data transfer medium (i.e. “smartphone”). Embodiments of the base unit include a media device remote control and a computer input device.

Abstract: A method for improving the security of secret authentication data during authentication transactions is provided that includes converting the secret authentication data of a user into scrambled secret authentication data by associating a different text-string with each item of information included in the secret authentication data. The method also includes capturing the scrambled secret authentication data with a communications device, and conducting an authentication transaction with the captured authentication data.

Abstract: In an information terminal including a touch panel defining a plurality of touch points for security data entry by selecting and designating the touch points forming a prescribed graphic security pattern, the first touch point is confirmed only when a pointing member has continued to remain within a prescribed region surrounding the touch point for more than a first prescribed time period while the remaining touch points can be confirmed on a less rigorous condition so that the first touch point can be confirmed only when the user intentionally designates the first touch point, and an inadvertent confirmation of an unintended touch point as the first touch point can be effectively avoided.

Abstract: In a mobile communication device having segregated workspaces respectively associated with a plurality of users, methods and systems are provided for confirming an authorized user in an appropriate account including a corresponding one of the segregated workspaces. Start-up processing of the device includes taking a picture of an authorized image of the authorized user with the device camera. Current activities of the device by the user are monitored relative to a predetermined set of device activities and usage rules. Certain activities are indicative of a change in user of the device from the authorized user. Upon detection of such a change, the current image of the current user of the device is acquired with the device camera. The current image is compared with the authorized image and if the comparison fails to detect a match, the current user is prompted to initiate a log-in process.

Abstract: A smart card issuance system and method are disclosed. In a first aspect a method and system for issuing a smart card device (SC) is disclosed. The method and system comprise providing an initialization phase of the SC by a manufacturer and providing an authentication phase of the SC by the manufacturer. The method and system also include deploying the SC, providing a first time authentication phase for a specific customer by the issuer (IS) after the SC is deployed and starting a first phase of the registration process of the SC for the specific customer by the issuer. The method and system further include providing another authentication phase of the SC by IS after the first time authentication; and providing of an authentication of the IS by the SC. When both the SC and IS are mutually authenticated, the IS and the specific customer are allowed to complete the registration process. In a second aspect, a data transmission process and system for a smart card device (SC) of an issuer (IS) is disclosed.

Abstract: A custom database connectivity component is deployed in conjunction with a native database connectivity component and a credential manager. The custom connectivity component has a requestor interface for communicating with a requestor application, a credential service interface for communicating with the credential manager, a native database connectivity interface for communicating with native connectivity components, and a decision engine for determining how to convert a request from a requestor to an appropriate API call to the credential manager. The custom connectivity component provides an authenticated and authorized database connection for a requestor application. The component transparently serves retrieves database, or other target resource, credentials on a real time basis, without requiring code changes to the requestor application.

Abstract: An access control system and method with location validation are provided. The method can include receiving a request from an authentication factor, identifying a location module associated with the authentication factor, identifying a location of the location module, and determining whether the location module is within a predetermined distance from the authentication factor or a control system, including an access panel of the control system, that received the request from the authentication factor. When the location module is within the predetermined distance from the authentication factor or the control system that received the request from the authentication factor, the method can include granting the request received from the authentication factor.

Abstract: A method and apparatus which ensures that static data entered into a communications device or apparatus is accurate, or at least consistent with data provided to an authentication service. In some embodiments of the invention, the authentication service may maintain a database of static data associated with each communications apparatus and/or verify the validity of at least a portion of the static data.

Abstract: A method and system for authenticating a user to access a computer system. The method comprises communicating security information to the computer system, and providing the computer system with an implicit input. The method further comprises determining whether the security information and implicit input match corresponding information associated with the user. The method further comprises granting the user access to the computer system in the event of a satisfactory match. When authenticating the user, the method and system consider the possibility of the user being legitimate but subject to duress or force by a computer hacker.

Abstract: Progressive authentication is generally employed to establish the authenticity of a user, such as a user of a computing device, or a user that wants to access a proprietary data item, software application or on-line service. This can entail inputting authentication factors each of which corresponds to one or multiple attributes associated with the user, or historical patterns of one or more attributes associated with the user, or both, and a confidence level that estimates a reliability of the factor. Sensor readings captured by one or more sensors are also input. Each sensor senses a user attribute and are used to quantify each authentication factor confidence level. An overall confidence level is established based at least in part on a combination of the individual confidence levels. A user is then designated as being authentic whenever the established overall confidence level exceeds a prescribed authentication level.

Abstract: Systems and techniques for mediating user communications. A user persona manager maintains one or more user profiles and manages user interactions with other parties and with service providers based on user preferences associated with the user profile or profiles selected for a particular interaction. The persona manager receives a single set of user authentication information to establish the user identity, and provides previously stored information to other parties and service providers as appropriate, and otherwise conducts user interactions involving communications initiated by or on behalf of the user. The persona manager also examines interactions initiated by others, selects user profiles appropriate to the interactions, and routes and responds to the interactions based on information stored in the user profiles.

Abstract: The subject matter of this specification can be embodied in, among other things, a method that includes receiving at a computing device that is in a locked state, one or more user inputs to unlock the device and to execute at least one command that is different from a command for unlocking the device. The method further includes executing in response to the user inputs to unlock the device an unlocking operation by the device to convert the device from a locked state to an unlocked state. The method further includes executing the at least one command in response to receiving the user inputs to execute the at least one command. The at least one command executes so that results of executing the at least one command are first displayed on the device to a user automatically after the device changes from the locked state to the unlocked state.

Abstract: Each of multiple computing devices of a user is registered by obtaining therefrom identifying indicia, obtaining from the user a device-specific password for the computing device, and storing the obtained identifying indicia and device-specific password for the computing device in an entry for the user in a credentials database. The user requests access to a restricted service by way of a particular one of the multiple computing devices with credentials including the device-specific password for the particular computing device, and identifying indicia are obtained therefrom. The obtained identifying indicia and the device-specific password of the particular computing device appear in the entry, and the user is thus granted access to the restricted service.

Abstract: To interwork between a first authentication domain and a second authentication domain, a bridge module performs a first authentication procedure in the first authentication domain for a mobile station, wherein the first authentication domain is part of a wireless access network. Based on information collected in the first authentication procedure, the bridge module performs a second authentication procedure is performed, on behalf of the mobile station, in the second authentication domain.

Abstract: Users of a computer are prevented from directly accessing certain hardware for which a driver is installed on the computer. The users are provided a limited, indirect manner to access the hardware for a specific purpose or to do a specific job. One example of such hardware is a wireless hardware communication interface. The wireless activity of the computer may be restricted so that the wireless hardware communication interface is prevented from communicating with any devices compatible with the wireless hardware communication interface other than one or more specific devices.

Abstract: A method and a device for authenticating a process in a computing device allowing an application loaded into a memory to operate as a process are provided. The method includes receiving a message requesting authentication of the process, acquiring unique information of the process from an operating system of the process in response to the message requesting authentication of the process, comparing the acquired unique information with unique information previously stored in a memory, and determining that the authentication of the process has succeeded, when the acquired unique information coincides with the unique information previously stored.

Abstract: Data are accessed securely in a data storage device that includes a non-volatile solid-state storage device integrated with a magnetic storage device. An identical copy of drive security data, such as an encrypted version of a drive access password, is stored in both the non-volatile solid-state storage device and in the magnetic storage device. In response to receiving a command from a host device that results in access to the magnetic storage device, access is granted to the magnetic storage device if the copy of drive security data stored in the non-volatile solid-state storage device matches the copy of drive security data stored in the magnetic storage device. Furthermore, encrypted drive-unique identification data associated with the drive may be stored in both the non-volatile solid-state storage device and the magnetic storage device, and access is granted if both copies of the encrypted drive-unique identification data match.

Abstract: Disclosed is an apparatus, system, and method for a computing device to display an icon based upon user input. The computing device may receive user input and generate an icon based upon a checksum function of the user input. The computing device may display the icon to a user on a display device.

Abstract: In a switching method of an electronic device, the electronic device receives a message sent from an earphone that is in electronic connection with the electronic device, the message comprising an input password, if the input password is equal to a password to switch an application layer into a host mode, the electronic device switches the application layer into the host mode to access private information of the application layer.

Abstract: Embodiments of the present invention provide methods and apparatuses for providing unique smart identifiers for entities of various entity types, such as documents or portions thereof. Each smart identifier comprises one or more data values provided by a requester of the smart identifier, or data values derived there from. The generation may be entity type based and/or customized. Embodiments include registration of custom smart identifier generation functions, with particular parameter data value requirements for particular entity types. Embodiments include smart identifier requesters inquiring about, and receiving answers to parameter data values required to generate smart identifiers for entities of various entity types.

Abstract: A method for producing an electro-biometric signature allowing legal interaction between and the identification of persons utilizing biometric features. The method includes inputting a user's biometric features in a pre-determined sequence and checking that no feature is entered repeatedly.

Abstract: A method for locally authenticating a vehicle diagnostic tool with a vehicle using a challenge-response authentication scheme includes: receiving a pairing request from the vehicle diagnostic tool; presenting a user with a challenge through at least one of an audio system and an LCD display associated with the vehicle; receiving a response to the challenge from a user; and authenticating the vehicle diagnostic tool if the response from the user is identical to an expected response.

Abstract: Controlling a registered-user session of a registered user on a device using first and second authentication processes and a handoff from the first process to the second process. In one embodiment, the first authentication process is a stronger process performed at the outset of a session, and the second authentication process is a weaker process iteratively performed during the session. The stronger authentication process may require cooperation from the user, while the weaker authentication process is preferably one that requires little or no user cooperation. In other embodiments, a strong authentication process may be iteratively performed during the session.

Abstract: A method for unlocking an electronic device, a first image in a first area and a second image in a second area selected on a touch panel of the electronic device are received. The method combines the first image and the second image to obtain a selected combination image, and unlocks the electronic device upon the condition that the selected combination image is stored in a storage unit of the electronic device.

Abstract: An biological-information authentication device includes, a biological-information reading section configured to read biological information; a comparing section configured to compare biological information read by the biological-information reading section with registered biological information to determine whether they match; a registration section configured to register biological information; a biological-information-input-operation extraction section configured to extract input operation data indicating an input operation of biological information read by the biological-information reading section.