Abstract: A system and method for secure data object management system comprising a cloud-based host environment and a local secure container. The cloud-based host environment creates a controlled digital object from a master digital object, and activates a tether associated with the controlled digital object. The tether includes an access permission, and optionally an operation permission (e.g., view, delete, store, edit, and copy) and a command (e.g., timeout, destroy). The controlled digital object is stored to an isolated storage of the secure container. The tether contents control access and manipulation of the controlled digital object. Certain conditions (e.g., timeout period reached, anomalous data access pattern detected), cause the controlled digital object to be destroyed and/or the tether to be inactivated. In accordance with applicable law, the cloud-based host environment utilizes the tether to detect, identify, and/or thwart unauthorized host environments in possession of the controlled digital object.

Abstract: A method of disabling a locking screen of an electronic device is provided. The method includes selecting at least two objects among at least three objects each having a unique color, determining whether at least one of a color order and a rotation direction of the selected at least two objects matches a pre-set color order and a pre-set rotation direction, and disabling a locking screen upon determining the match with at least one of the pre-set color order and the pre-set rotation direction.

Abstract: Systems and methods for identifying a weak stimulus in a stimulus-based authentication system is provided. Counters are associated with each stimulus used in the authentication and a first counter is incremented when the stimulus is used in an authentication session and a second counter is incremented when a successful event occurs with respect to the stimulus during the authentication session, but the authentication session ultimately fails. A ratio of the second counter and the first counter is compared to a threshold and the stimulus is identified as weak when the ratio exceeds the threshold. The stimulus may then be removed and no longer be used in the stimulus-based authentication system.

Abstract: Methods and devices arranged to provide functions for generating a security code are described. These functions include defining a set of locations in the one or more images on the basis of one or more user-selected locations, and generating a security code based on values determined and derived from display parameters associated with imaging elements having locations corresponding to the defined set of locations. This enables a security code to be generated that contains a high level of entropy, and is therefore capable of providing high levels of security, based on user input that is easy for the user to remember.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving an enrollment biometric identifier of a user. Determining a matching threshold based on a characteristic of the enrollment biometric identifier of the user. Storing the matching threshold in an enrollment profile for the use in association with the enrollment biometric identifier.

Abstract: A electronic device and method are disclosed herein. The electronic device includes a display, a fingerprint recognition sensor configured to recognize a fingerprint received through the display, and a processor. The processor is configured to implement the method, which includes detecting a fingerprint using a fingerprint recognition sensor of the electronic device through a display of the electronic device; and controlling the display to display at least one object based on the fingerprint.

Abstract: An information processing device includes: an image acquirer acquiring a shot image of a user; a registered user information holder holding face identification data of a registered user; a face authentication carrying out authentication of a face image in the shot image by using the face identification data held in the registered user information holder; an information processing section executing information processing on a basis of an authentication result by the face authentication section; a face identification data registration section updating the face identification data on a basis of a face image extracted from the shot image; and a provisionally-registered data holder temporarily holding data relating to the face image when the face image satisfies a predetermined condition. The face identification data registration section determines whether or not to update the face identification data on the basis of the face image by evaluating the data.

Abstract: A method and an apparatus of detecting a weak password are disclosed. The method comprises: receiving a password to be detected; acquiring an identity information set of a user of the password to be detected, the identity information set including a plurality of pieces of identity information of the user and associated users thereof; detecting whether identity information associated with the password to be detected exists in the identity information set; and determining that the password to be detected is a weak password if the identity information associated with the password to be detected exists in the identity information set. The technical solution of the present disclosure can detect whether a password to be detected is set up by a user using identity information thereof or identity information of a user who be closely associated therewith, thus determining whether the password to be detected is prone to cracking, and thereby further improving the security of the password of the user.

Abstract: Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Abstract: An information processing apparatus detects a first user and a second user that approaches the information processing apparatus by using a plurality of detection devices including a first detection device and a second detection device which is different from the first detection device. The information processing apparatus includes a second user determination unit configured to determine that a user detected by the first detection device is the second user, in a case where a certain time period has elapsed since the first detection device detects the user, at which the first user has been detected, the second detection device not detecting the user during the certain time period.

Abstract: A method for alerting Internet content providers of the age or other personal information of a computer user, which includes receiving a reverse DNS lookup query from an Internet content provider; and providing the age information of the computer user, in addition to a host name, from a reverse map zone file in response to the request. The personal information may be used by the content provider to select appropriate content for the requesting host, for example for complying with content restrictions. A system of alerting an Internet content provider of the age or other personal information of a computer user is also provided.

Abstract: Time-based configuration profile toggling of a client device can be provided. A computing device in data communication with a client device over a network can be configured to identify an enterprise configuration profile associated with a client device stored in a memory. Further, the computing device can determine whether a current time associated with the client device complies with a compliance rule that specifies at least one time period during which the client device is authorized to enable the enterprise configuration profile. In response to the current time associated with the client device complying with the compliance rule, the computing device can remotely enable the enterprise configuration profile on the client device.

Abstract: A system and computer implemented method for determining compromised passwords is disclosed. The method may include displaying, in a first set of positions, a set of entry keys of a device. The method may include collecting a first set of tracking data including the first set of positions for entry of a first password. The method may also include displaying the set of entry keys of the device in a second set of positions. The method may also include determining a second password based on the second set of positions and entry of the first password. The method may also include determining whether the second password was entered into the device.

Abstract: Systems and methods are described for delegating permissions to enable account access. The systems utilize a delegation profile that can be created within a secured account of at least one user. The delegation profile includes a name, a validation policy that specifies principals which may be external to the account and which are permitted to assume the delegation profile, and an authorization policy that indicates the permitted actions within the account for those principals which are acting within the delegation profile. Once the delegation profile is created, it can be provided to external principals or services. These external principals or services can use the delegation profile to obtain credentials for performing various actions in the account using the credentials of the delegation profile.

Abstract: A computer implemented method and apparatus for automatically aggregating metadata and e-mail attachments from various e-mail providers in a cloud repository. The method comprises accessing account information for one or more related e-mail accounts; accessing one or more e-mails from the one or more e-mail accounts using the received account information, wherein the one or more e-mails comprise one or more documents as one or more attachments; extracting metadata from each e-mail in the one or more e-mails that comprises at least one attachment, wherein the metadata comprises information that identifies the attachment and an associated e-mail; and storing the metadata in a cloud repository.

Abstract: A method and apparatus for device authentication are provided. In the method and apparatus, authentication data for a first device is received. The first device is then authenticated based at least in part on demonstrated access to authentication data prior to broadcast of the authentication data. One or more actions may be taken in response to the authentication of the first device based at least in part on the demonstrated access to the authentication data.

Abstract: An unlocking method for use in a terminal having a touch screen, includes: detecting a touch signal corresponding to a touch movement on the screen in a moving direction; and triggering the terminal to enter into an unlocked state, if the moving direction is the same as a preset reference direction and a number of loops of the touch movement corresponding to the touch signal is the same as a preset reference number of loops, wherein the preset reference direction is one of a clockwise direction or an anticlockwise direction.

Abstract: An active earphone authentication method includes a recognition step of recognizing insertion of an earphone by a terminal control unit; a voltage supply step of transmitting a voltage supply command to the power supply unit by the terminal control unit if insertion of the earphone is recognized at the recognition step; an authentication step of receiving a signal from the earphone and authenticating whether or not the earphone is an active earphone by a reception unit; and a circuit implementation step of implementing a circuit of the terminal equipment according to an authentication result of the authentication step.

Abstract: An information processing apparatus determines whether a device accesses a box region of the information processing apparatus. When it is determined that the box region is accessed, a box ID entry screen is displayed on the device. The information processing apparatus determines whether a box ID is entered by a user of the device. If it is determined that a box ID is entered, then device information about the device is obtained. After the device information is obtained, the information processing apparatus determines whether the device possesses a hardware keyboard. If it is determined that the device possesses a hardware keyboard, a password authentication screen is displayed on the device. If it is determined that the device does not possess a hardware keyboard, an image authentication screen is displayed on the device.

Abstract: An approach for authenticating a device is provided. The approach includes a computer implemented method for receiving a first stage biometric variable verification data for accessing the device. The approach further includes a computer-implemented method for computing a second stage binary authentication data for accessing the device. The approach further includes analyzing the received first stage biometric variable verification data and the second stage binary authentication data. The approach further includes receiving the second binary authentication data for accessing the device.

Abstract: An authentication apparatus includes an electrocardiogram (ECG) signal receiver configured to receive a target ECG signal, and a preprocessor configured to filter the target ECG signal. The apparatus further includes an authenticator configured to process the filtered target ECG signal based on a pattern of a reference ECG signal, and determine whether the target ECG signal corresponds to the reference ECG signal based on the processing.

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract: A method includes a computer device receiving a set of images for at least one user; the computer device receiving unique visual clue inputs from the at least one user for each image of the set of images; the computer device receiving drawing gesture inputs from the at least one user for each image of the set of images; and the computer device using the visual clue and drawing gesture inputs to create passwords to provide a locked access point for at least one device.

Abstract: Embodiments described herein relate to a device operable to process input for a picture password for proof of knowledge. In some embodiments, the device includes a display, an input subsystem, processor(s), and memory containing instructions executable by the processor(s) such that the device is operative to display, on the display of the device, an image for the picture password proof of knowledge. The image is associated with an overlaid grid comprising a plurality of elements, and each element corresponds to a distinct area of the image. The device is further operative to, determine an offset to be used and, in response to receiving an input via the input subsystem at a first location of the display, highlight an element of the overlaid grid at a second location on the first image on the display. The second location is offset from the first location by the offset.

Abstract: An image processing apparatus includes an imaging unit, an authenticating unit, and a controller. The imaging unit acquires a face image of a user. The authenticating unit performs a first authentication process based on the face image and a second authentication process based on information other than the face image. The controller suspends the first authentication process based on the face image while maintaining the imaging unit in an activated state when the authenticating unit performs the second authentication process.

Abstract: An information processing apparatus includes a determination unit, an operator change unit, and an image change unit. The determination unit determines whether or not an image displayed on a display unit of a portable information processing apparatus has been rotated. The operator change unit changes an operator of the information processing apparatus, when the determination unit determines that the image has been rotated. The image change unit changes the image displayed on the display unit of the information processing apparatus on the basis of the operator who has been changed by the operator change unit.

Abstract: Session-specific information stored to a cookie or other secure token can be selected and/or caused to vary over time, such that older copies will become less useful over time. Such an approach reduces the ability of entities obtaining a copy of the cookie from performing unauthorized tasks on a session. A cookie received with a request can contain a timestamp and an operation count for a session that may need to fall within an acceptable range of the current values in order for the request to be processed. A cookie returned with a response can be set to the correct value or incremented from the previous value based on various factors. The allowable bands can decrease with age of the session, and various parameter values such as a badness factor for a session can be updated continually based on the events for the session.

Abstract: An apparatus and method for a two phase password input mechanism are provided. The method includes resetting a password entry, displaying a password entry screen, inputting a password element of a plurality of password elements, determining whether the entered password is complete, determining whether the entered password is correct when the entered password is complete, and if the entered password is correct, unlocking the mobile device. The plurality of password elements include at least two elements that cannot be observed from a same viewpoint.

Abstract: An information processing apparatus includes, a processor configured to execute a process including, determining whether a relationship between biometric information acquired from a living body and biometric information stored in a storage unit satisfies a predetermined standard, creating first authentication information by detecting predetermined operation when the relationship between the biometric information acquired from the living body and the biometric information stored in the storage unit does not satisfy the predetermined standard, comparing the first authentication information and second authentication information stored in the storage unit, and activating the information processing apparatus when the first authentication information and the second authentication information match.

Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of client computers interacting with server computers through supervising instructions defined in a web page and/or web browser. In an embodiment, a computer system comprising one or more processors, coupled to a remote client computer, and configured to send, to the remote client computer, one or more instructions, which when executed by the remote client computer, cause a run-time environment on the remote client computer to: intercept, within the run-time environment, a first call to execute a particular function defined in the run-time environment by a first caller function in the run-time environment; determine a first caller identifier, which corresponds to the first caller function identified in a run-time stack maintained by the run-time environment; determine whether the first caller function is authorized to call the particular function based on the first caller identifier.

Abstract: The present disclosure relates to a method for identity authentication based on face recognition. The method comprises: initiating an interaction authentication request, which includes requested interaction tracks, and sending the interaction authentication request to an authentication client; receiving face interaction information sent by the authentication client; extracting face action tracks from the face interaction information; determining whether the face action tracks are consistent with the requested interaction tracks; if the face action tracks are consistent with the requested interaction tracks, determining that the authentication is passed, otherwise determining that the authentication fails. The above solution could prevent the authentication server from being cheated by face pictures or videos taken previously and could ensure that the face pictures or videos passing the authentication is taken in real time from a real person.

Abstract: A security system and method for authenticating a user's access to a target system is disclosed. The security system receives an authentication request from the user and generates a security matrix which comprises a mapping between each symbol within a symbol set and a code value randomly selected from a distinct code set. The number of elements in the symbol set and in the code set are selected to provide a predetermined level of security against capture of a user-defined keyword by an unauthorized observer. The security system sends the security matrix to the user and awaits a one-time code in response. The user forms the one-time code based on the user keyword and the security matrix. The security system validates the one-time code against the security matrix and the keyword to determine an authentication result, permitting or denying the user access to the target system.

Abstract: Antialiasing for picture passwords and other touch displays is disclosed. In some embodiments a client device for authenticating a user is operable to obtain a sequence of input actions for an image and obtain a partial hash from a Proof of Knowledge (PoK) server where the partial hash is part of a hash used for authentication of the user. The client device is also operable to calculate a hash for the sequence and determine if a part of the hash matches the partial hash. If the part of the hash matches the partial hash, the client device sends a communication to the PoK server to authenticate the user based on the hash for the sequence of the one or more input actions and obtain a response indicating whether the user is authenticated. In this way, sending some hashes to the proof of knowledge server may not be necessary, saving resources.

Abstract: A mobile terminal is disclosed. A mobile terminal according to one embodiment of the preset invention includes a first touch screen including a sub display, a second touch screen including a main display, a touch recognition sensor configured to recognize a first touch input and a second touch input starting on a first position of the first touch screen, a memory configured to store the recognized first touch input and the second touch input as a unlock pattern and if a third touch input and a fourth touch input starting on a second position of the first touch screen are recognized by the touch recognition sensor, a controller configured to compare the unlock pattern stored in the memory with the recognized third touch input and the fourth touch input and execute unlock of the main display according to a result of the comparison.

Abstract: A method for unlocking a screen of a device, including: detecting an inputting operation on the device for inputting an unlock password, the inputting operation causing one character to be inputted to the device; performing, in response to the detecting, a comparison to determine whether all input characters corresponding to a password indicator displayed on the screen match a preset password; and unlocking the screen of the device if it is determined that all the input characters corresponding to the password indicator match the preset password.

Abstract: An electronic camera includes an image pickup device, a memory, a face detecting section, a face recognizing section, and an object specifying section. The image pickup device photo-electrically converts an image of an object into an electric signal and generates an image signal as the electric signal. The memory has recorded registration data representing characterizing points of faces as recognizing targets. The face detecting section detects face areas in a shooting image plane based on the image signal and extracts characterizing points of faces of objects from the face areas. The face recognizing section determines whether or not the face areas are the recognizing targets based on data of the characterizing points corresponding to the face areas and on the registration data. The object specifying section specifies as a main object an object present on nearest side of the electronic camera of objects as the recognizing targets.

Abstract: A method performed by an authentication processor for authenticating an unknown user claiming to be a legitimate user. The method includes comparing a legitimate user response metric to an unknown user response metric and one of preventing access to the computer system and decreasing a level of access to the computer system when the unknown user response metric differs from the legitimate user response metric by more than a predefined degree of acceptable variation. The legitimate user response metric represents observed changes in micro-behaviors of the legitimate user in response to viewing a plurality of prime images. The unknown user response metric represents observed changes in micro-behaviors of the unknown user in response to viewing the plurality of prime images.

Abstract: Technologies are provided in embodiments to manage an authentication confirmation score. Embodiments are configured to identify, in absolute session time, a beginning time and an ending time of an interval of an active user session on a client. Embodiments are also configured to determine a first value representing a first subset of a set of prior user sessions, where the prior user sessions of the first subset were active for at least as long as the beginning time. Embodiments can also determine a second value representing a second subset of the set of prior user sessions, where the prior user sessions of the second subset were active for at least as long as the ending time. Embodiments also determine, based on the first and second values, a decay rate for the authentication confidence score of the active user session. In some embodiments, the set is based on context attributes.

Abstract: A method for outputting sensitive data to a user includes a communication terminal checking to determine whether at least a portion of the sensitive data is to be outputted by determining whether the communication terminal is in one of a plurality of predefined communication configurations for outputting the sensitive data. If the communication terminal is found to be a first configuration, the communication terminal transmits the sensitive data so that at least one of the video data and the audio data is output to the user via at least one peripheral device connected to the communication terminal. If the communication terminal is in a second configuration, the communication terminal performs at least one security action to help further protect the sensitive data.

Abstract: There is provided a method and apparatus for allowing a user of a mobile device to securely access a storage device of a home network of the user. The method and apparatus advantageously allow for the user to share data stored on the home network with other users, or to give full or restricted access to other computing devices. The apparatus consists of a network element residing on the home network of the user, which enables communications between the network storage and the mobile device when the mobile device is in a remote location.

Abstract: A processor of a mobile terminal refers to an app table that stores a reference flag on a per-app basis, the flag indicating whether the operation-unlock app screen is to be displayed in the foreground window of a display. Furthermore, the processor acquires from the app table the flag that corresponds to the current app in response to a lighting-off command. Moreover, the processor determines whether the operation-unlock app screen is to be displayed in the foreground window instead of the current app screen on the basis of the acquired flag. On the basis of the result of the determination, the processor controls the changing of a screen in the foreground window.

Abstract: The present invention relates to a method for control of a video interface (4) associated to a user (12) for use in conference situations and the like, comprising the steps of capturing a frame (11) of a video stream originated from the user (12), recognizing a face (10) of the user (12) within the video frame (11), detecting an orientation of the face (10) of the user (12) within the video frame (11), and providing a control signal indicating the orientation of the face (10). The invention also relates to a method for operation of the video interface (4) comprising the steps of the above control method, mapping the orientation of the face (10) based on the control signal to a focus area (15) of the video interface (4), and highlighting the focus area (15). The invention further relates to a face orientation detector (6) and a video conferencing server (5), which are adapted to perform the above methods.

Abstract: Systems, methods, and computer-readable media are disclosed for generating a baseline use profile that indicates typical patterns of use of a device over time, transitioning the device to a challenge mode when sensor data indicates a deviation from the baseline use profile by more than a permissible tolerance, presenting challenges to the user while in the challenge mode, and determining whether to restrict or allow access to device functionality based on user responses to the challenges.

Abstract: A system, apparatus, method, and machine readable medium are described for non-intrusive privacy-preserving authentication.

Abstract: A network communications method utilizing a network watermark for providing security in the communications includes creating a verifiable network communications path of nodes through a network for the transfer of information from a first end node to a second end node; verifying the network communications path of nodes, by the first end node, before communicating by the first end node information intended for receipt by the second end node; and once the network communications path of nodes is verified by the first end node, communicating by the first end node, via the verified communications path of nodes, the information intended for receipt by the second end node; wherein the network watermark represents the verifiable network communications path of nodes.

Abstract: An electronic device includes an inertial force sensor, a memory unit, and a control unit connected to the inertial force sensor and the memory unit. The control unit includes a characteristic-waveform processor and an authenticator. The characteristic-waveform processor is operable to generate a characteristic waveform based on output waveforms output from the inertial force sensor in response to operations performed by a first user, and to record the characteristic waveform in the memory unit. The authenticator is operable to generate a reference waveform based on one or more output waveforms output from the inertial force sensor in response to respective ones of one or more operations performed by a second user, and to determine whether or not the first user and the second user are identical to each other by comparing the reference waveform with the characteristic waveform. This electronic device performs accurate authentication with a simple structure.

Abstract: A proximity of a second user is sensed while a first user who is a registered user views an iris recognition portable device. Whether the second user is registered is checked according to whether an iris of the second user is recognized. The displayed screen may be altered when the second user is determined to be a non-registered user.

Abstract: A method and an apparatus for dynamically adjusting a viewing angle of a screen are provided. The method is suitable for dynamically adjusting a viewing range of a screen of a handheld electronic device, wherein the viewing angle of the screen is adjustable. The method is as follows. First, a shifting value of a target deviating from the viewing range of the screen is detected by a sensor. Next, the viewing range of the screen is dynamically adjusted according to the shifting value, so as to cover the target within the viewing range of the screen. Accordingly, the snooping for the content of a frame displayed on the screen by others can be prevented and a user can view the frame displayed on the screen more conveniently.

Abstract: Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service.

Abstract: A method and apparatus for device authentication are provided. In the method and apparatus, authentication data for a first device is received. The first device is then authenticated based at least in part on demonstrated access to authentication data prior to broadcast of the authentication data. One or more actions may be taken in response to the authentication of the first device based at least in part on the demonstrated access to the authentication data.