Abstract: A navigation application running in the foreground of the mobile device is run in the background when the mobile device enters a screen locked state. A display may be activated while the mobile device remains in the screen locked state, and an image is rendered over a lock screen of the mobile device, where the image providing a glimpse into the navigation application running in the background while the mobile device remains in the screen locked state. The image displayed over the lock screen is iteratively updated to provide a continuous glimpse into the navigation application running in the background of the mobile device that is in the screen locked state, without having to unlock the mobile device.

Abstract: Methods and systems are provided for user authentication in communication systems. An identification token may be generated in response to a user terminal loading a web page from a web server, with the identification token associated with a time stamp indicating when a network address is used by the user terminal, and with generating the identification token being triggered in response to a request from the user terminal to load the web page. User authentication information, associated with the network address and the time stamp, may be obtained and sent to one or both of the user terminal and the web server for authenticating the user of the communication network. Triggering the generating of the identification token may include instructing the user terminal to request the identification token and/or identifying the network address in response to the request from the user terminal to load the web page.

Abstract: This application relates to a method for adjusting a user interface displayed on a user device. In one aspect, the method for providing a service of hiding account information, performed in a user device linked with a financial institution server, including displaying a plurality of accounts included in account information received from the financial institution server on a home screen of the user device, receiving a screen edit request of a user through selection of an icon displayed on the home screen, and displaying the plurality of accounts in a first area of an edit screen, moving locations of some of the plurality of accounts from the first area to a second area different from the first area based on a user input, and displaying on the home screen only accounts included in the first area of the edit screen.

Abstract: A surveillance monitoring system may use a camera to detect any viewing faces visible within viewing sight of a monitor and determine whether the detected viewing faces belong to authorized individuals who are authorized to view video surveillance footage on the monitor or if any of the detected viewing faces belong to individuals who are not authorized to view video surveillance footage on the monitor. When the detected viewing faces belong only to authorized individuals, the surveillance monitoring system continues to display the video surveillance footage that includes identifiable faces without anonymizing the identifiable faces. When the detected viewing faces also include unauthorized individuals, the surveillance monitoring system may continue to display the video surveillance footage, but the surveillance monitoring system may automatically anonymize one or more of the identifiable faces seen in the video surveillance footage.

Abstract: Aspects of the present invention disclose a method for dynamic password inducing techniques for security configuration and validation of a user. The method includes one or more processors identifying textual data of a user. The method further includes generating a set of password parameters for a password. The method further includes identifying one or more password dynamisms of the user from one or more sources, where the one or more password dynamisms are dynamic inputs, from the user, to an authentication device. The method further includes modifying the textual data to include a text placeholder, wherein the text placeholder includes a replacement parameter that induces the user to provide a password dynamism. The method further includes configuring the set of password parameters for the password of the user based at least in part on the one or more password dynamisms of the user from the one or more sources.

Abstract: A method of training a gesture-based access control system includes repetitiously performing an intentional gesture indicative of an intentional gesture type by a user of a mobile device. The intentional gesture is representative of an intent of the user to gain access. The application then forms a model of the selected intentional gesture type from the repetitious performances of the intentional gesture. The model is configured to be applied by the software-based application to confirm future performances of the intentional gesture.

Abstract: A system includes a memory and a processor in communication with the memory. The processor is programmed to receive a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime; compare the runtime measurement of the physical attribute to a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an evaluation period of the system, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows a device to be used in different classification levels by powering the device down and booting to a different classified level without the need to switch hard drives. The disclosed software shield and persona switcher (Shielder) module provides independent application environments (personas) for separate security domains while allowing fast transition between personas. Shielder module supports multiple security classification via a minimal system storage partitioning. Shielder module allows efficient collection and reallocation of memory and persistent storage according to need and priority. Shielder module provides secure management of communication media by directing the system communication according to the security profile of the active persona.

Abstract: A method and a system for managing sub-tenants (in a cloud computing environment. In one embodiment, the method includes receiving a request to access sub-set of data of an asset from the cloud computing system from a sub-tenant device associated with a sub-tenant of a tenant. The sub-tenant is associated with an asset. The request includes a sub-tenant identifier, a tenant identifier, and an asset identifier. The method includes determining whether the sub-tenant is authorized to access the requested sub-set of data of the asset using the sub-tenant identifier, the tenant identifier, and the asset identifier based on at least one role and associated permissions to access the requested sub-set data of the asset. If the sub-tenant is authorized to access the requested sub-set data of the asset, the method includes providing access to the requested sub-set data of the asset to the sub-tenant.

Abstract: A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.

Abstract: A computer-implemented method includes receiving permission data from an application server. The permission data is for an account to access a software application of a plurality of software applications, and the application server is configured to provide the software application. Responsive to receiving the permission data from the application server, storing the permission data in a native database. Receiving a request to grant the account access to the software application. Determining whether the database stores the permission data for the account to access the software application. In response to determining that the database stores the permission data, granting access to the account to access the software application.

Abstract: An aspect of the disclosure relates to a navigation system configured to use GPS or Wi-Fi to navigate users within a structure as well as on roadways. A mapping system may be configured to generate maps and transmit the maps to user devices in association with turn-by-turn instructions. A given user's current position may be monitored and corrective navigation instructions may be provided. A given user may be navigated to a position of a second user.

Abstract: A system and method that assigns a portable personal rating based on data verification. The decentralized system and methods operate with algorithms, software, devices, and databases allowing a decentralized distribution of token rewards based on the trust rating of the user. The system uses blockchain technology and is directed to a decentralized trust rating assignment wherein the verified information is saved in a blockchain ecosystem.

Abstract: One embodiment provides a method, including: identifying a biometric pattern present in a wireless signal associated with an information handling device; determining, using a processor, whether the biometric pattern corresponds to an authorized biometric pattern; and authenticating, responsive to determining that the biometric pattern corresponds to the authorized biometric pattern, a user of the information handling device. Other aspects are described and claimed.

Abstract: The present disclosure provides for a system ensuring the integrity of received data. The system includes a processor, a trusted platform module, and a memory storing instructions. Upon a request from the processor, the trusted platform module generates an asymmetric key pair including a private key and a public key. The trusted platform module provides the public key and an encrypted private key to the processor. The processor generates a checksum of received content data and sends the checksum to the trusted platform module. The processor also loads the encrypted private key into the trusted platform module. The trusted platform module decrypts the encrypted private key, encrypts the checksum with the private key, and provides the encrypted checksum to the processor. The processor sends the content data together with the encrypted checksum to an external device. The external device may decrypt the encrypted checksum with the public key.

Abstract: A system includes an interface and a processor. The interface is configured to receive, at an application routing platform, an API call for an application platform comprising a signed tenant token. The processor is configured to determine that the signed tenant token is valid; determine an application platform token for the application platform; associate a root certificate with the application platform token; determine routing information to the application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.

Abstract: An authorization policy defines permissions that are exposed by a microservice. When a call is made to the microservice, it includes an access token. An application identifier uniquely identifying the calling application is extracted from the token. An access pattern, used by the calling application to obtain the access token and make the call to the microservice, is identified. Permissions that may be granted to the calling application are identified in the authorization policy based upon the application identifier and the access pattern that is identified. An authorization decision is made as to whether to authorize the call, based upon the granted permissions.

Abstract: There is provided an information processing apparatus that includes a first processor configured to verify a validity of a program, a control circuit configured to issue a system reset signal in a case where there is no access from outside for a predetermined period, and a second processor configured to execute the program that has been determined as valid by the first processor, and to become accessible to the control circuit after the program is initiated. The first processor is configured to access the control circuit before the second processor becomes accessible to the control circuit.

Abstract: Techniques for protecting passwords and/or password entry by a user are provided. User identification data for a user can be received from a remote computing device. An identity of the user can be determined based on the user identification data. A password for the user can be determined. A modified keyboard configuration associated with the user can be determined. A request can be transmitted to the remote computing device for the password for the user based on the modified keyboard configuration. A modified password from the remote computing device can be received. A converted password based on the modified password and the modified keyboard configuration can be determined. The converted password can be compared to the password for the user. The user can be authorized when the converted password matches the password for the user.

Abstract: In an embodiment, an NFC controller of an NFC device is configured to transmit, after the detection, by the NFC controller, of an NFC reader in relation with a first NFC transaction and prior to receiving an application selection command from the NFC reader, an application selection message to a transaction handling element of the NFC device.

Abstract: In some implementations, an authentication system may receive, from a client device, a credential associated with a user account and a request to access a resource. The authentication system may transmit, to the client device, a request for an image of a customized physical security token associated with the user account. The authentication system may receive, from the client device, a first image. The authentication system may compare the first image with a representation of a second image of the customized physical security token associated with the user account. The authentication system may grant or denying access to the resource based on comparing the first image with the representation of the second image.

Abstract: A computing device is configured to verify a user's identity, intent to authenticate, and/or possession of secret knowledge by evaluating biometric and/or environmental data. In embodiments, such verification is performed by evaluating a user's reaction to a stimulus based on such data. Biometric data may comprise eye tracking data, and a computing device may be configured to use such data to verify that the person has gazed through objects in a predetermined order. In embodiments, the user's intent to authenticate is verified by combining such eye tracking data with other biometric data. Physiological and other types of biometric data may be used to evaluate the user for indicia of duress. Embodiments may be configured to provide modified access to the computing device or resources stored thereon where indicia of duress have been detected. Such modified access may comprise hiding information stored on the device.

Abstract: The techniques utilize an authentication process to authenticate the user to view protected data and an image monitoring process to monitor the field of view of the image detection component. When a user requests access to the protected data, the authentication process is activated. After a user is authenticated, the data may be displayed and an image monitoring process is activated and may use the image detection component to monitor the field of view to determine whether the user is actively viewing the data or that an additional person is in the field of view. When either event is detected, the protected data is concealed at the display of the user device.

Abstract: Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

Abstract: Embodiments of this application provide an input method. The input method may be implemented in an electronic device that has a fingerprint collection device, and the method includes: when a text input application runs, obtaining, by the electronic device, a fingerprint of a user on a touchscreen; determining, by the electronic device when the fingerprint is a prestored registered fingerprint, a target lexicon associated with the fingerprint; and providing, by the electronic device by using the target lexicon, at least one candidate word corresponding to a current input event.

Abstract: Aspects of the disclosure relate to dynamic crypto key management for mobility in a cloud environment. A computing platform may receive a request to generate a new tenant master key and a new server recovery key. Subsequently, the computing platform may send to a cloud-based key vault server, the new tenant master key and the new server recovery key. The computing platform may send to a tenant database, the encrypted server recovery key. As a result, the computing platform may provision the enrollment servers with the encrypted server recovery key. In some embodiments, the enrollment servers are configured to manage enrollment of policy-managed devices in a policy enforcement scheme and to authenticate with the key update service based on the encrypted server recovery key.

Abstract: An electronic circuit adapted to drive a display panel including touch sensors and fingerprint sensors is provided. The electronic circuit includes a first circuit, a second circuit, a first switch circuit and a control circuit. The first circuit generates display driving signals for driving the display panel. The second circuit receives fingerprint sensing signals from the fingerprint sensors. The first switch circuit is coupled to a second switch circuit on the display panel. The control circuit generates control signals for controlling the first switch circuit and the second switch circuit, so as to control the electronic circuit to transmit the display driving signals from the first circuit to the data lines through the first and the second switch circuits in a first time interval, and control the electronic circuit to receive the fingerprint sensing signals from the fingerprint sensors through the first and the second switch circuits in a second time interval.

Abstract: A method for preventing data overlays in a data storage system is disclosed. In one embodiment, such a method detects a write operation directed to a storage area of a data storage system. The write operation includes one or more of a format write operation and a full-track write operation. Upon detecting the write operation, the method determines a data set that is associated with the storage area. The method analyzes metadata associated with the data set to determine whether the storage area contains valid data. In the event the storage area contains valid data, the method performs a data protection operation that prevents execution of the write operation and/or logs details of the write operation. A corresponding system and computer program product are also disclosed.

Abstract: A method comprises detecting a removable media device being coupled to an external device port of a digital device having an operating system and a file system, authenticating a password to access the removable media device, causing redirection code to be temporarily generated on the digital device, intercepting with the redirection code a data request, determining to allow the data request based on a security policy, allowing the operating system or file system to provide the data based on the determination, detecting the removable media device being removed from the digital device; and terminating the at least a portion of the redirection code.

Abstract: Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.

Abstract: Various embodiments relate generally to computer science, data science, application architecture, and computer data security. More specifically, techniques for credential and authentication management in scalable data networks is described, including, but not limited to, multiplexed data exchanges in a scalable data network. For example, a method may include receiving a subset of requests to access a data network. The requests each may originate from an associated computing device having a source identifier. The method also may include data to cause modification of data representing presentation of a hosted page via the data network, monitoring data traffic from the data network and managing actions initiated via a request based on the data traffic. Optionally, data traffic received via an aggregation port may be filtered to origination of a request associated with a source identifier.

Abstract: Resegmenting chunks of data for load balancing is disclosed. A plurality of first chunks of data is received. The plurality of first chunks of data includes one or more entries that include raw data produced by a component of an information technology environment and that reflects activity in the information technology environment. The plurality of first chunks of data is resegmented into a plurality of second chunks of data based on a source type of the plurality of first chunks. A first subset of the plurality of second chunks of data is distributed to a first indexer of a set of indexers. An occurrence of a trigger event is determined, and in response to the trigger event, a second subset of the plurality of second chunks of data is distributed to a second indexer of the set of indexers.

Abstract: A baseband processor of a communication device, the baseband processor comprising a multiple encryption manager that utilizes a transmit data stream as an input data stream in the case that the transmit data stream is determined not to already have encryption applied by a higher layer component, and that utilizes a known unencrypted dataset as an input data stream in the case that the transmit data stream is determined to already have encryption applied by a higher layer component, an encryptor block that encrypts the input data stream into an encrypted data stream, and a randomness inspector that is in communication with the encryptor block, the randomness inspector unit accessing the input data stream and the encrypted data stream from the encryptor block and determining a randomness gain by comparing a first randomness measurement associated with the input data stream to a second randomness measurement associated with the encrypted data stream.

Abstract: The disclosed technology teaches confirming proper deployment of sensors, with an authorization server (AS) issuing to a first client a Macaroon access token (MAT), optionally with caveats, including a root signature, and providing the MAT to a client. The client modifies the MAT to produce multiple instances by appending caveats that add a deployment location to each of the instances, and applies a message authentication code (MAC) chaining algorithm to generate updated signatures to include in the instances of a MAT with caveats (MATwC). The first client forwards the multiple instances of the MATwC to respective sensor instances, and a second client receives, from the sensor instances, sensed data and location indicative data, accompanied by respective MATwC instances. The second client verifies that the location indicative data is consistent with the deployment location caveat in the respective MATwC and utilizes instances of the sensed data that are verified as consistent.

Abstract: A method implemented on a visual computing device to authenticate one or more users includes receiving a first three-dimensional pattern from a user. The first three-dimensional pattern is sent to a server computer. At a time of user authentication, a second three-dimensional pattern is received from the user. The second three-dimensional pattern is sent to the server computer. An indication is received from the server computer as to whether the first three-dimensional pattern matches the second three-dimensional pattern within a margin of error. When the first three-dimensional pattern matches the second three-dimensional pattern within the margin of error, the user is authenticated at the server computer. When the first three-dimensional pattern does not match the second three-dimensional pattern within the margin of error, user is prevented from being authenticated at the server computer.

Abstract: Embodiments of the present invention relate to password authentication. According to an embodiment of the present invention, a password associated with a user identification is received from a user device. The password is authenticated based on a preset relationship between a seed password and a graphical password associated with the user identification. The seed password consists of a string of characters. The graphical password is a directed path traversing all keys of a keypad in an order. Each of the keys represents one of the characters and is associated with an order number according to the order of the keys being traversed. The preset relationship is that the password consists of respective order numbers associated with respective keys representing corresponding characters of the seed password.

Abstract: Systems and methods for authenticating identification information are disclosed. For example, a system may include an Automated Teller Machine (ATM). An ATM may comprise a user interface. The user interface may comprise a joystick. The user interface may be configured to receive joystick input from a user. The ATM may comprise at least one memory storing instructions. The ATM may comprise at least one processor configured to execute the instructions to perform operations. The operations may comprise receiving identification information from the user. The operations may comprise receiving the joystick input. The operations may comprise extracting a joystick sequence from the joystick input. When the joystick sequence is within a predetermined threshold from a stored joystick sequence corresponding to the identification information, the operations may comprise authenticating the user for an ATM operation.

Abstract: Concepts and technologies are disclosed herein for managing access based on activities of entities. A computing device can collect data that comprises an image. The computing device can identify an entity that is located in a range of a sensor. The computing device can determine an identity that is associated with the entity and an activity associated with the entity. The computing device can obtain a trust indicator associated with the entity. The computing device can determine, based on the trust indicator, if the activity should be allowed. If the computing device determines that the activity should be allowed, the computing device can initiate allowing of the activity. If the computing device determines that the activity should not be allowed, the computing device can initiate blocking of the activity.

Abstract: A license authentication device includes a memory that stores a license file including a license expiration date of an application that adjusts a parameter of a semiconductor manufacturing apparatus in a semiconductor factory; and a processor coupled to the memory. The processor acquires log data when the semiconductor manufacturing apparatus executes a processing; and determines whether or not a time included in the log data has passed the license expiration date stored in the license information storage.

Abstract: Systems and methods of the present invention provide for: storing a correlation table including images and associated strings, and a secure password table; generating a GUI, displayed on a client computer and including GUI components for visual authentication; receiving a selection of a component; updating the GUI with a menu of images associated with the selected component; receiving a selection of one of the images; identifying an associated string as an authentication string; and storing the authentication string as a secure password in the password table.

Abstract: A computer-implemented method for authentication is provided. The method includes displaying, on a display device and while in a locked state, a set of color wheels, each color wheel having a plurality of segments with each segment being a different color. User input is received via an input device on the set of color wheels. The user input is converted to a string. The string is communicated to an authentication server. In response to communicating the string, a response is received from the authentication server and the response is processed.

Abstract: Methods and related systems for operating a climate control system for an indoor space are disclosed. In an embodiment, the method includes establishing a connection between a device and a hub of the climate control system along a first signal pathway, wherein at least a portion of the first signal pathway comprises a short-range radio connection between the device and a first component of the system. In addition, the method includes monitoring one or more parameters of the first signal pathway and one or more parameters of a second signal pathway extending between the device and the hub, wherein at least a portion of the second signal pathway comprises a short-range radio connection between the device and a second component of the system. Further, the method includes re-routing the connection between the portable device and the system hub from the first signal pathway to the second signal pathway.

Abstract: A user requesting authentication is presented a keypad that includes multiple keys and respective keys include a character that is associated with a shape. Responsive to selection of a key, a first set of attributes is activated for selection. Responsive to determining a selection of an attribute from the first set of attributes, activating one or more additional sets of attributes associated with the first key. Responsive to determining a selection from the one or more additional sets of attributes, determining whether a selection of an additional key is made. Responsive to determining the selection of the additional key, activating for selection a first set of attributes and one or more additional sets of attributes of the additional key, and responsive to determining selections of keys and corresponding attributes associated with the selection of respective keys, determining the validity of the authentication code.

Abstract: A first connected message broadcast from a first vehicle and a second connected message broadcast from a second vehicle is received, each of the first and second connected messages including proof-of-work computed from connected vehicle data regarding a third vehicle. The first and second connected messages are authenticated, responsive to a comparison of the proof-of-work for the third vehicle included in the first connected message and the proof-of-work for the third vehicle included in the second connected message. The connected vehicle data in the first connected message broadcast or second connected message broadcast is utilized for autonomous vehicle operations or driver-assistance vehicle operations, responsive to the proof-of-work being a match.

Abstract: Authentication translation is disclosed. A request to access a resource is received at an authentication translator, as is an authentication input. The authentication input corresponds to at least one stored record. The stored record is associated at least with the resource. In response to the receiving, a previously stored credential associated with the resource is accessed. The credential is provided to the resource.

Abstract: A computer-implemented method, computer system, and computer program product for generation of a password with increased password strength. Embodiments of the present invention may include receiving one or more alphanumeric characters. Embodiments of the present invention may include receiving one or more images. Embodiments of the present invention may include hashing the received one or more images. Embodiments of the present invention may include hashing the one or more alphanumeric characters and the hashed one or more images to generate the password. Embodiments of the present invention may include replacing the one or more alphanumeric characters with the one or more images and sending the generated password to a server. Embodiments of the present invention may include sequencing the one or more images between the one or more alphanumeric characters. The one or more images may be personal photos of a user.

Abstract: A baseband processor of a communication device, the baseband processor including an encryptor block that encrypts a transmit data stream into an encrypted data stream, at least one transmit chain block that transforms the encrypted data stream into an analog transmit signal, and a randomness inspector unit that is in communication with the encryptor block, the randomness inspector unit accessing the transmit data stream and the encrypted data stream from the encryptor block as first and second input streams, respectively, to the randomness inspector unit, and determining a randomness gain by comparing a first randomness measurement associated with the first input stream to a second randomness measurement associated with the second input stream.

Abstract: An example authentication device disclosed herein is to access a message received via a wireless interface from an adapter, the message to indicate that a host device has connected to the adapter, the host device different from the authentication device. The disclosed example authentication device is also to determine whether to allow the host device to access a storage device. The disclosed example authentication device is further to transmit authentication data to the adapter via the wireless interface, the authentication data to specify whether the host device is allowed to access the storage device.

Abstract: A device for displaying AR markings comprising a top and a base, with the top rotatably attached to the base, and the base configured to be held by a hand or placed on a fixed surface. The AR markings are positioned on the top such that when the top rotates with respect to the base, so do the AR markings. When the AR markings are scanned by an appropriate scanning and display device, such as a smart phone, a 3d image associated with the AR markings will be displayed on the display device as an augmented reality projection. When the top rotates with respect to the base, so too does the augmented reality projection.

Abstract: An information processing apparatus is provided. The apparatus comprises a verification unit configured to verify an application program; and a control unit configured to, in a case where the verification by the verification unit fails, determine whether or not to restore the application program based on a type of the application program, restore the application program in a case where the control unit determined that the application program is to be restored, not permit execution of the application program in a case where the control unit determined that the application program is not to be restored, and permit execution of an application program successfully verified by the verification unit or the restored application program.