An access control system which relies at least in part on a non-networked path for permitting an entity access to a secured location; the entity identified by the system by means of a unique entity identifier accorded the entity; entry to said secured location secured by a barrier; said barrier identified by the system by means of a unique barrier identifier accorded the barrier; said system including a local access unit located local to the barrier; said system including a barrier controller for actuation of the barrier; said local access unit issuing an open signal to the barrier controller whereby the barrier permits the entity access to the secured location if and only if data contained in a token communicated from an un-trusted communications device to the local access unit is verified by the local access unit with respect to at least a first parameter by the local access unit.

A certificate-based methodology is used to establish the trustworthy relationship between source codes and produced binary files for a given software build. The trustworthy relationship between the source code and binary files is generated by recording build information during building of the source code. The build information may include build environment information, framework information, source files identification, intermediately generated files information, final binary files information, file operations during building of the source code, and/or commands/operations during building of the source code. A certificate is generated using the build information for establishing a relationship between the source code and a binary file created from the source code, and the certificate is signed with a public cryptographic key. A software release package is provided to the recipient including at least the source code, final binary files generated from the source code, and the certificate.

Aspects described herein relate to methods, devices and systems that allow for a client device, as part of a remote access or cloud-based network environment, to map external user identities to desktops and applications. Local user accounts can be dynamically generated on a virtual delivery agent. A mapping of the local user account to an external identity can be secured using signed tokens and maintained by a broker machine that allocates resources for the deployment of particular applications to the client device from the virtual delivery agent. This allows for the removal of any dependency on an Active Directory for maintaining user identities or federated sign-on services, greatly simplifying the management of user identities within the system and allowing for greater compatibility across client devices.

A method and system for temporarily gaining access to a system is disclosed, The method includes: receiving biometric data from a first biometric device of a first user on a computer processor; generating a temporary code on the computer processor in response to receipt of the biometric data from the first biometric device of the first user; sending the temporary code from the computer processor to the first biometric device of the first user; receiving biometric data from a second biometric device of a second user on the first biometric device of the first user; generating an access code on the first biometric device, the access code including one or more of the biometric data of the first user, the temporary code from the computer processor, and the biometric data of the second user; and sending the access code to the biometric device of the second user.

A method and system for temporarily gaining access to a system is disclosed, The method includes: receiving biometric data from a first biometric device of a first user on a computer processor; generating a temporary code on the computer processor in response to receipt of the biometric data from the first biometric device of the first user; sending the temporary code from the computer processor to the first biometric device of the first user; receiving biometric data from a second biometric device of a second user on the first biometric device of the first user; generating an access code on the first biometric device, the access code including one or more of the biometric data of the first user, the temporary code from the computer processor, and the biometric data of the second user; and sending the access code to the biometric device of the second user.

A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.

A method for provisioning an electronic device includes providing a semiconductor wafer on which multiple integrated circuit (IC) chips have been fabricated. Each chip includes a secure memory and programmable logic, which is configured to store at least two keys in the secure memory and to compute digital signatures over data using the at least two keys. A respective first key is provisioned into the secure memory of each of the chips via electrical probes applied to contact pads on the semiconductor wafer. After dicing of the wafer, a respective second key is provisioned into the secure memory of each of the chips via contact pins of the chips. A respective provisioning report is received from each of the chips with a digital signature computed by the logic using both of the respective first and second keys. The provisioning is verified based on the digital signature.

An information processing system includes a first external apparatus, a second external apparatus, an information processing apparatus, and an image forming apparatus. The information processing system further includes an issuance unit configured to issue, in the first external apparatus, an access token for accessing a cloud service, a first registration unit configured to receive the access token and register the access token in the second external apparatus in association with an identifier, a display unit configured to display a reauthorization instruction object on a browser of the information processing apparatus, and a second registration unit configured to, in a case where the reauthorization instruction object is pressed and the access token is issued again, register the reissued access token in the second external apparatus in association with the identifier.

A method for binding applications to a platform root of trust includes pre-provisioning application binding components in an information handling system. An application requesting OS access sends its access control list (ACL)and application metadata to the BIOS, which performs initial checks. The BIOS responds with platform metadata and a first nonce. The application communicates the metadata, the first nonce and a second nonce to a server. The server checks the nonces and metadata, creates a third nonce and an application binding object (ABO). The application checks the nonces and sends a binding certificate to the BIOS. The BIOS checks the nonces, creates a binding certificate, verifies the binding certificate and sends a binding session credential (BSC) to the application. The application binds the BSC with platform credentials.

A certificate credential and an associated signature is received. The certificate credential and the associated signature are authenticated at an operating system level. Whether the certificate credential has expired is validated at an application level via an external certificate authority. Access to encrypted data is allowed based at least in part on the authentication and the validation of the certificate credential.