Abstract: A full-screen electronic device with a fingerprint sensing function and a fingerprint sensing method are provided. The full-screen electronic device includes a panel module, a plurality of fingerprint sensors and a control unit. The plurality of fingerprint sensors are aligned with the panel module and distributed into a plurality of scan regions in an array. The fingerprint sensing method includes the following steps. Firstly, a concerned information about a concerned position of the display panel is generated. After the control unit receives the concerned information, the control unit defines the scan regions of the concerned position as a first scan set according to the concerned information. Then, the control unit controls the fingerprint sensors corresponding to the first scan set according to a first scan strategy.

Abstract: Password information and password input pattern information for a user may be obtained. The password information may define a password submitted by the user. The password input pattern information may define an input pattern with which the password was inputted by the user. The password may be compared with a predefined password for the user. The input pattern may be compared with a predefined input pattern for the user. The password may be authenticated based on a first match between the password and the predefined password and a second match between the input pattern and the predefined input pattern.

Abstract: A system provides intelligent gallery management for biometrics. A first gallery is obtained that includes biometric and/or other information on a population of people. An application is identified. A subset of the population of people is identified based on the application. A second gallery is derived from the first gallery by pulling the information for the subset of the population of people without pulling the information for the population of people not in the subset. Biometric identification (such as facial recognition) for the application may then be performed using the second gallery rather than the first gallery. In this way, the system is improved as less time is required for biometric identification, fewer device resources are used, and so on.

Abstract: A decision tree based processing system implements a decision tree data structure to process publicly available files, such as websites suspected to contain data generated by a data transaction processing system which may be constantly fluctuating and varying. The data transaction processing system generates the data based on processing electronic data transaction request messages received over a network.

Abstract: An image processing apparatus includes a camera, an image reading unit, and a controller. The camera is configured to capture an image of a face of a person. The image reading unit is configured to read a document and to output a document image. The controller is configured to perform control to permit certain processing on the document image if the image of the face captured by the camera matches a face image extracted from the document image.

Abstract: Systems and methods are disclosed for implementing an educational mode on a portable computing device, such as a tablet computer, that is a single-user system, used serially by multiple users. Each user can have a separate user storage that may be encrypted. The computing device boots as a system user to a login screen. A first student user enters user credentials into the login screen. The computing device can reboot the user-space processes, while leaving the kernel running, rebooting the computing device as the first student user. When the first student user logs out, data to be synchronized to, e.g., the cloud, can be synchronized for the first student user while a second student user is logged into the device.

Abstract: A network monitoring apparatus, and a remote encryption and remote activation method, device and system thereof are provided. The method includes the following steps: receiving an encrypted activation password sent by a client terminal; decrypting the encrypted activation password to obtain an original activation password; determining whether the original activation password meets a predetermined password strength requirement; when the original activation password meets the predetermined password strength requirement, activating the network monitoring apparatus and setting the original activation password as an administrator password; and returning information indicating that the network monitoring apparatus is successfully activated to the client terminal. A network monitoring apparatus, an encryption method of a network monitoring apparatus based on a client terminal, a client terminal, and a remote activation system based on a network monitoring apparatus are also provided.

Abstract: System for authenticating a user's identity and facilitating execution of embedded software and access to specific hardware modules according to an authorization level, comprising: •a communication interface, enabling a user to interface the system; •an authentication module, configured to authenticate user's identity; •an authorization module, configured to determine authorization level and access privileges associated with user; •at least one Software Execution Environment (SEE); and •at least one hardware switch, controllable by said authorization module and configured to physically enable or disable data transfer over a data path between the user and SEE, whereupon successful authentication of the user will cause the authorization module to allocate hardware resources at the SEE for the user, and configure the hardware switch to enable data transfer between the user and the SEE, and enable the user to execute embedded code on the SEE according to the authorization level.

Abstract: A determination apparatus and method for gaze angle are provided. The apparatus analyzes an image to generate a plurality of facial triaxial positioning values and a plurality of facial landmark points. The apparatus obtains a plurality of specific facial landmark points from the facial landmark points to generate a heatmap, and compares the heatmap with a standard heatmap to generate an image compensation value. The apparatus performs a facial correcting process based on the image and the image compensation value to generate a virtual corrected image. The apparatus analyzes the virtual corrected image to obtain a displacement of pupil. The apparatus determines a gaze angle of a user according to a determination model for gaze angle, the facial triaxial positioning values and the displacement of pupil.

Abstract: An authentication process is activated by a processor receiving an access request for user access to a user device. One or more biometric sensor module captures imaging data or other sensor data within a field of view encompassing the head of the user, or encompassing a head region including the head of the user. The processor carries out biometric recognition methods on the captured imaging data. Biometric recognition methods may include head-limb gesture recognition (including hand-to-face, and limb-near-head, gestures); head recognition; ocular recognition; facial recognition; and combinations of these methods. Upon successful match of captured sensor data with one or more user credential records stored for an authorized user of the user device, the processor authorizes the access request, providing access to the operating environment of the user device on start-up, or to one or more of a system setting, an application program, a data, and a hardware resource.

Abstract: A secure medical device includes: a hardware storage; a lock coupled to the hardware storage; a data storage and a medical record residing within the hardware storage, the data storage storing a destination location including a first geophysical location; one or more processors; and a non-transitory computer readable medium comprising programming instructions. When the programming instructions are executed by the one or more processors, the one or more processors: (a) receive an access request from a requester to access the medical record; (b) obtain a current location of the secure medical device, the current location comprising a second geophysical location; (c) compare the first geophysical location to the second geophysical location; and (d) upon determining that the second geophysical location matches the first geophysical location, send a command to unlock the lock to allow access to the medical record residing within the hardware storage.

Abstract: A storage device includes: a controller; a storage medium coupled to the controller; and a data security bridge comprising a security module and a key management module; wherein the security module is configured to perform data encryption and/or data decryption; and wherein the key management module is configured to obtain a first security key stored in the storage device, obtain a second security key received by the storage device, and perform a user authentication based on the first security key and the second security key.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a whitelist; an updater, the updater being an executable object authorized to modify files within the whitelist and to launch one or more child processes; and instructions encoded within the memory to provide a system management agent to: maintain a chain of trust between the one or more child processes and the updater, wherein the one or more child processes inherit whitelist permissions associated with the updater; and track the chain of trust across a system reboot, including granting a child process the chain of trust after a reboot only if the child process has associated with it a valid certificate.

Abstract: Systems and methods for enhancing the security of an account by reducing the ability of an attacker to determine that an account includes multiple passcodes for accessing the account. An example method may comprise: accessing an account that comprises a first passcode providing constrained access to a set of computing resources and a second passcode providing unconstrained access to the set of computing resources; associating the account with a randomized resource limit that restricts a quantity of passcodes associated with the account; receiving a request to create a third passcode for the account; and denying the creation of the third passcode for the account in view of the randomized resource limit.

Abstract: Systems, methods, and devices for managing predetermined functions on a mobile device within a moving vehicle, the mobile device having an operating system (OS) that includes an event API installed therein that is configured for two-way communication with an external control device, the control device being installed within the vehicle and further configured to communicate with a software application installed and running in memory resident on the mobile device. In response to initiation of a predetermined function on the mobile device, a notification message is transmitted by the event API to the control device. The control device then communicates with the software application to determine a desired action for the mobile device to take with respect to the predetermined function. The control device then instructs the mobile device on the action to take on the predetermined function by transmitting an action message to the event API.

Abstract: A key generating method includes obtaining a first error correcting code (ECC) for original data, obtaining read data from a cell array of a memory comprising the original data, generating a second ECC for the read data, obtaining a location of a cell in which an error occurs from the cell array of the memory in response to the second ECC being different from the first ECC, and generating a key for the memory based on the location of the cell in which the error occurs.

Abstract: Embodiments of the invention are directed to a system, method, or computer program product for resource optimization allocation via an interactive resource interface. In this way, the invention provides a comprehensive integrated platform for identification, continual monitoring and optimal allocation of resources on a mobile device. The invention enables identification of existing resources. In one aspect, the system identifies inflow resource transfers associated with a first resource. The system then determines if the inflow resource transfers are required for processing of critical tasks. Consequently, the system initiates a resource transfer, comprising at least a portion of the inflow resource transfer, from the first resource to a second user resource. Typically, the second resource is configured to promote resource accumulation. In another aspect of the invention, the system identifies a third user resource that is configured to foster resource growth, that is then linked with the second resource.

Abstract: An electronic device is provided. The electronic device includes a display device to output a user interface, a memory, a communication interface to support a first wireless communication scheme and a second wireless communication scheme, and a processor electrically connected with the display device, the memory, and the communication interface. The processor outputs a user interface for performing a pairing with the external device, by using at least one of a history of a pairing with the external device, whether the second wireless communication scheme is activated, or user account information.

Abstract: A multi-dimensional approach can be used to verify a password. In addition to requiring the input of the correct password, the timing at which the characters of the password are input can be determined and compared to stored timing values. Even if the correct password is input, authentication can still fail if the characters of the password are not input in accordance with a required timing.

Abstract: A biometric information measurement device intermittently measures biometric information from a living body. The device includes an attachment and detachment determining section which determines whether the device is in an attached state where the device is attached to the living body or an unattached state where the device is detached from the living body, a personal identifying section which, in the attached state, determines whether a user attached with the device is a registered user who is registered in advance and stores a result of the determination, and a storage controller which, when a determination result indicating that the user is the registered user is stored, stores information indicating the registered user while being associated with the measured biometric information. The personal identifying section deletes the determination result when a time period in which the device is determined to be in the unattached state exceeds a predetermined time period.

Abstract: A system includes an intellectual property circuit; a general purpose input/output circuit coupled to the intellectual property circuit via a data path; and a switch coupled to the data path. The switch is activatable via a switch enable signal propagated on a switch enable path having a first end coupled to the intellectual property circuit and a second end coupled to the general purpose input/output circuit. The system further includes a secure link circuit coupled between the intellectual property circuit and the general purpose input/output circuit along the switch enable path. The secure link circuit is sensitive to security statuses of the intellectual property circuit and the general purpose input/output circuit, the secure link circuit being configured to admit propagation of the switch enable signal on the switch enable path in response to the intellectual property circuit and the general purpose input/output circuit having identical security statuses.

Abstract: The present disclosure discloses a virtual reality (VR) scene-based authentication method, a VR device, and a storage medium. The method includes: receiving an authentication request in a VR scene; collecting to-be-authenticated fingerprint information by using a fingerprint collection device in a physical scene; sending the to-be-authenticated fingerprint information to an authenticator in the physical scene; and receiving, in the VR scene, authentication result information sent by the authenticator, where the authentication result information is used to indicate whether the to-be-authenticated fingerprint information has passed the authentication.

Abstract: Techniques for communicating particular information from a user, using a sensing device, to a touch device by way of a touch event is provided. Sensors that are operatively coupled to a sensing device sense an input from the user which conveys particular information. This input is then converted by the sensing device into another signal that is then transmitted from the sensing device to the touch device. When the user uses the sensing device to interact with the touch device, the interaction causes a touch event on the touch device. A touch event occurs when the sensors within the touch device receive a touch-signal from the sensing device. The touch-signal is based, at least in part, on detected biometric information of the user. The touch device then decodes the touch-signal to both (a) determine the location of the touch event on the touch device and (b) obtain the sensing device signal embedded in the touch signal to extract the particular information related to the user.

Abstract: Systems and methods are provided which allow for motion-based authentication of a user using magnified motion. Very small or imperceptible motions of a user may be captured and magnified to determine characteristics of the motions that may be used as a motion-based credential for user authentication. The motions, which may be very small and imperceptible to an observer, may be difficult for potential attackers to observe and copy, but may be useful when magnified.

Abstract: Computer-implemented methods, computer-readable media and apparatuses for testing executable code in sensitive-information domains are provided. A synthetic data set is received, where the synthetic data set includes generated subjects and corresponding information associated with the generated subjects. An active data set is received, where the active data set includes active subjects and corresponding information associated with the active subjects. The corresponding information associated with the active subjects includes sensitive information requiring privacy protection. The synthetic data set and the active data set are compared using an algorithm to identify the generated subjects that produce decisioning outcomes similar to decisioning outcomes of the active data set. A testing data set is generated by selecting the generated subjects identified using the algorithm and corresponding information associated with the identified generated subjects.

Abstract: In accordance with embodiments of the present disclosure, an information handling system may include a processor and a non-transitory computer-readable medium having stored thereon a program of instructions executable by the processor. The program of instructions may be configured to, when read and executed by the processor, receive an initial password, the initial password comprising a string of characters to be entered by a user of the information handling system for accessing the information handling system, separate the initial password into a plurality of compartments, select a random order of the plurality of compartments, generate a key based on the initial password as rearranged in accordance with the random order of the plurality of compartments, and store a key sequence representative of the random order of the plurality of compartments.

Abstract: A device includes a processing component, a user interface component, a locking component, a biometric parameter unlock component, a detecting component and a sleep bypass component. The processing component performs a processing function. The user interface component instructs the processing component to perform the processing function. The locking component prevents the user interface component from instructing the processing component to perform the processing function. The biometric parameter unlock component detects a biometric parameter of the user and disables the locking component to enable the user interface component to instruct the processing component to perform the processing function. The detecting component generates a sleep signal based on a detected sleeping parameter of the user indicating that the user is asleep. The sleep bypass component disables biometric parameter unlock component based on the sleep signal.

Abstract: A method of communicating via a vehicle communication network includes providing an electronic control unit (ECU), the ECU including a main processing unit and a security processing unit, the security processing unit including a symmetric security key, attempting a secure boot of the main processing unit, providing use of the symmetric security key to the main processing unit if the secure boot of the main processing unit is successful, preventing use of the symmetric security key by the main processing unit if the secure boot of the main processing unit is not successful, conducting, via an attestation processing unit, a remote attestation of the main processing unit, and determining, via the attestation processing unit, whether the secure boot of the main processing unit was successful according to the remote attestation.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. In response to a determination that an environment of a first voice assistant device is not private, a first secure communication session between the first voice assistant device and an application server is suspended. In response a determination that one or more other voice assistant devices have been authorized for communication with the application server is made and input to transfer the first secure communication session, a second secure communication session between a second voice assistant device and the application server is initiated. The first secure communication session between the first voice assistant device and the application server is terminated in response to successful initiation of the second secure communication session.

Abstract: A computer-implemented method for cognitive rendering of inputs received by a virtual reality (VR) system includes: receiving sensor data from at least one sensor of the VR system, the sensor data corresponding to one or more behaviors exhibited by a user of the VR system; comparing the sensor data to a predetermined list of expected behaviors; and determining the sensor data identifies an unexpected behavior in response to determining, based on the comparison, the behavior is not one of the expected behaviors. Various embodiments of the general inventive concept described above are presented in the form of methods, systems, and computer program products, all generally relating to real-time detection/anticipation of unexpected behaviors exhibited by a user but not relevant to a VR experience, and avoiding the rendering of movements, speech, etc. that are part of the unexpected behavior in order to improve the immersive nature of the VR experience.

Abstract: Embodiments for implementing intelligent user identification by a processor. A temporary abstraction model may be created. One or more user specific verification queries may be generated according to the temporary abstraction model. A user identify may be asserted for accessing an application upon validating one or more user responses in relation to the one or more user specific verification queries.

Abstract: An application miming in the foreground of the mobile device is run in the background when the mobile device enters a screen locked state. A display may be activated while the mobile device remains in the screen locked state, and an image is rendered over a lock screen of the mobile device, where the image providing a glimpse into the application running in the background while the mobile device remains in the screen locked state. The image displayed over the lock screen is iteratively updated to provide a continuous glimpse into the application running in the background of the mobile device that is in the screen locked state, without having to unlock the mobile device.

Abstract: A system, device and method for enforcing privacy during a communication session with a voice assistant are disclosed. A user is authenticated via one or more first criteria in response to a request to initiate a communication session with a voice assistant. Periodically during the communication session with the voice assistant, sensor data is acquired. The sensor data is processed to determine a number of persons present in an environment of the voice assistant via one or more second criteria. The communication of private data by the voice assistant is enabled when one person is in the environment and that person is the authenticated user. The communication of private data by the voice assistant is disabled when one person is in the environment and that person is not the authenticated user.

Abstract: An electronic device equipped with an anti-theft function may include a touch-sensitive panel and a processing circuit. The touch-sensitive panel may perform sensing of a first electrode of an input device and multiple fingers of a user, to detect a first detection point corresponding to the first electrode and multiple other detection points respectively corresponding to the multiple fingers, wherein when the input device is put on the touch-sensitive panel, the first detection point corresponds to a first location of the first electrode on the touch-sensitive panel, and when the multiple fingers touch the touch-sensitive panel, the multiple other detection points correspond to multiple other locations of the multiple fingers on the touch-sensitive panel, respectively. When at least one predetermined condition is satisfied, the processing circuit enables the anti-theft function. When at least one release condition is satisfied, the processing circuit disables the anti-theft function.

Abstract: An embedded subscriber identity module (2) includes: a first memory zone (Z1) for storing an operating system (OS1); a second memory zone (Z2) for storing user data (DT) in memory that is accessible by the operating system (OS1); and a third memory zone (Z3) for storing a data model (MD) defining at least one criterion (CT) that is to be complied with by the user data (DT) contained in the second memory zone (Z2). The embedded subscriber identity module (2) further includes a determination module (8) configured to determine whether the user data (DT) complies with the at least one criterion; and a processor module (10) configured to cause at least one first predetermined action as defined in the data model (MD) to be executed if the user data (DT) is not in compliance with the at least one criterion.

Abstract: Multiple image verification challenges can be used to identify the location of an object within an initial image. For instance, a first set of tiles is generated using the initial image. This first set is provided to a client computing device for display in a first verification challenge requesting that the user select tiles including the object. In response, a user selection of tiles of the first set is received. These selected tiles are then used to generate a second set of tiles corresponding to a sub-portion of the initial image. The second set of tiles is provided to a client computing device for display in a second verification challenge. In response to the second verification challenge, a user selection of tiles of the second set is received. This user selection of tiles of the second set is then used to determine a location of the object in the image.

Abstract: A method and system for improving location detection and presentation is provided. The method includes receiving a request for access to a secure Website and retrieving an automated challenge response test for determining that a user is a living being. A location of the user is detected and analyzed with respect to images of the automated challenge response test. Local entities associated with the images are determined and correct images and incorrect images are identified for executing the automated challenge response test. First actions for enabling the user to execute functions associated with the correct images with respect to the local entities are added to the correct images. Second actions for enabling the user to execute functions associated with the incorrect images with respect to the local entities are added to the correct images and a resulting modified automated challenge response test is presented to the user.

Abstract: An appliance is capable of storing and processing data related to details surrounding its ownership, behavior, and history within itself in a secure and unalterable way. The appliance may experience multiple transfers in ownership during its lifetime. Certain data stored in the appliance may be encrypted such that only qualifying parties (e.g., owners) may be able to access the data. Some data may remain private to an individual owner while other data may be made available to subsequent owners by passing a shared secret that can be utilized to decrypt the other data. Data may be stored in the appliance in chronological order and may be signed by appropriate parties such that it is not possible to alter the data without detection.

Abstract: Systems, methods, and computer-readable storage media for authenticating a user account with a synchronized content management system are disclosed. A synchronized online content management system may receive a request from a client device to access content in the content management system via a web browser that is running on the client device. The system may identify that a client-side application for the content management system has been installed on the client device and that the client-side application is already logged into a user account with the content management system. The system can cause the web browser to open a local host connection to the client-side application such that the web browser may be able to obtain from the client application some user account identifying information for the user account. The system can then cause the web browser to log into the user account by using the user account identifying information.

Abstract: Different security changes are applied based on the user status, such as emotional state, level of attention and biometrics. A security change can be applied that will automatically logoff the user from the system or from applications of the device, depending of the user's detected status, applying different security profiles at a software level, without disabling hardware.

Abstract: Embodiments of the present disclosure relate to copy protection. A request to copy a file from a requestor with one or more privileges sufficient to access the file may be received. The file may be determined to be subject to copy protection. In response to determining that the file is subject to copy protection, a notification of the copy attempt may be transmitted. Copy protection may then be applied to the file.

Abstract: A person is automatically identified by a detection device of an observation apparatus. The identified person is shown a personalized symbol. A control action by the person causes data to be retrieved from a personal data source associated with the person and presented on a display panel. The presentation is stopped at the latest when the person leaves a sensing range of the detection device. This allows a particularly convenient and simple data use.

Abstract: According to at least one example embodiment of the present invention, provided is a face authentication system including: a criterion setting unit that sets a criterion of face authentication performed on a user so as to be different in accordance with a state of an access target system accessed by the user; and a face authentication unit that performs face authentication of the user based on the criterion.

Abstract: A method for providing a brain computer interface that includes detecting a neural signal of a user in response to a calibration session having a time-locked component and a spontaneous component; generating a user-specific calibration model based on the neural signal; prompting the user to undergo a verification session, the verification session having a time-locked component and a spontaneous component; detecting a neural signal contemporaneously with delivery of the verification session; generating an output of the user-specific calibration model from the neural signal; based upon a comparison operation between processed outputs, determining an authentication status of the user; and performing an authenticated action.

Abstract: An electronic device shifts between a locked state in which use of a function is restricted and an unlocked state in which the function is usable. The electronic device includes a touch panel and a controller. The touch panel displays a pattern entry screen including first grid points and a second grid point having the same shape and color as the first grid points. The controller acquires a movement path of a detection target on the pattern entry screen and sequentially specifies first grid points passed by the movement path among the first grid points. The controller acquires entry pattern information based on the specified first grid points. The controller determines whether or not the entry pattern information matches registered pattern information. When the controller determines that the entry pattern information matches the registered pattern information, the electronic device shifts from the locked state to the unlocked state.

Abstract: A secure hardware-based module or Security Electronic Control Unit (SECU) for a Controller Area Network (CAN) prevents an attacker from sending malicious messages through the CAN bus to take over control of a vehicle. The SECU shares a unique key and counter with each ECU on the CAN bus. When a legitimate ECU sends a message, it first compresses the message and then generates a MAC of the counter and a secret key. The counter is increased by one for each transmitted message. The ECU then fits the compressed message and the MAC into one CAN frame and sends it onto the CAN bus. The SECU performs the message verification on behalf of the intended receiver(s) of the message. If the verification passes, the receiver(s) simply decompress the message and use it as a normal CAN message. If the verification fails, the SECU will corrupt the CAN frame before it is fully received by the intended receiver(s). The corrupted CAN frame will be ignored by the intended receiver(s) as if it was never received.

Abstract: Methods, devices, and systems for fire control panel configuration are described herein. In some examples, one or more embodiments include a memory, and a processor to execute executable instructions stored in the memory to receive configuration information for a fire control system of a facility, create a spatial asset model of the fire control system using the configuration information for the fire control system, and transmit, in response to detecting a replacement of a fire control panel in the fire control system with a new fire control panel, the spatial asset model to the new fire control panel.

Abstract: An access control system is described in which a primary credential device has a master key and a secondary credential device has a key derived from the master key. Both the master key and the derivative key are required to gain access to the resource protected by the access control system. If the secondary credential device is lost, misplaced, or stolen, it cannot be used to gain illicit access to the protected resource, and it can be easily replaced by providing a different secondary credential device with another key derived from the master key.

Abstract: The present image processing apparatus stores setting information for whether to force setting of authentication information for each user. Furthermore, upon accepting a login request from a user, in a case where the stored setting information indicates forcing setting of authentication information, the image processing apparatus displays on a display unit a setting screen for setting authentication information to allow the user to set authentication information. In addition, the image processing apparatus executes login processing in accordance with a setting status of authentication information for the user.

Abstract: A software widget running on a user device may be designed to operate in a locked or an unlocked mode. In unlocked mode, the user has full interactivity with the widget. In locked mode, however, at least some of the interactivity with the widget is restricted, despite the fact that the widget still operates normally otherwise while in the locked mode. While in locked mode, user input may be compared against a predefined unlocking sequence to determine if the widget should be unlocked.