BACKGROUND

[0001 ] "Logging in" is a term frequently used to describe a process that controls user access to a computer resource by identifying and authenticating the user through login credentials presented by the user. Users may provide login credentials to access a computing device, a software application, a memory device, a database, a network, or any other computer resource.

DRAWINGS

[0002] FIG. 1 is a block diagram depicting an example environment in which various examples of the disclosure may be implemented.

[0003] FIGS. 2A and 2B are block diagrams depicting examples of a system to report computer resource accesses.

[0004] FIGS. 3A and 3B are block diagrams depicting a memory resource and a processing resource to implement examples of reporting computer resource accesses.

[0005] FIGS. 4 and 5 illustrate an example of a system for sending computer resource access reports with captured images of accessor users.

[0006] FIG. 6 is a flow diagram depicting implementation of an example of a method for reporting accesses to a computer resource.

[0007] FIG. 7 is a flow diagram depicting implementation of an example of a method for sending computer resource access reports with captured images of accessor users.

DETAILED DESCRIPTION

[0008] INTRODUCTION: In many examples, the login credentials to be provided to access a computer resource will include a user name and a password. The login credentials are typically meant to be personal, with expectations that the user will safeguard the login credentials by not revealing them to others, and promptly alter the login credentials (e.g., changing a password) when a security breach is recognized. However, login credentials may be compromised in various manners. For example, there may be a security breach by an intruder to gain login credentials. And, despite the expectation of keeping user name and password combinations personal, users will sometimes find it necessary or expedient to share user names and passwords with another users (e.g., in an emergency, of if a child needs access to a home computer to print homework, and the parent is away). In either case, the authorized user may not suspect or recall that another other person has the ability to access the authorized user's device or other computer resource, and thus may not recognize a need to change login credentials.

[0009] To address these issues, various examples described in more detail below provide a system and a method for reporting user computer resources accesses. In an example, login credentials for a computer resource and a login time are obtained. The login credentials are credentials that were provided by an accessor user at a subject computing device. In one example, the computer resource for which the login credentials are obtained may be the subject computing device at which the user provides the login credentials. In another example, the computer resource for which the login credentials are obtained may be an operating system included within the subject computing device. In another example, the computer resource may be a software application to execute at the subject computing device. In yet another example, the computer resource may be a software application (e.g., a web application) that is user accessible at, or via, the subject computing device, but which is executed at another computing device that is distinct from the subject computing device. A captured image of the accessor user is obtained, the captured image having been captured at the subject computing device concurrent with the user's provision of the login credentials. The captured image is compared to a validation image associated with the login credentials. Responsive to determination that the accessor user and an authorized user depicted in the validation image are not a same person, a report indicative that the computer resource was accessed by the accessor user is sent. In examples, the report may include some or all of the captured image, and may be sent to an address that is stored in associated with the authorized user or with the validation image, e.g., an email address, a SMS address, or an address for a computing device other than the subject computing device.

[0010] In this manner, the disclosed examples enable an authorized user of a computing device, software application, database, network, or other computer resource to easily identify an occasion where an intruder user has used the authorized user's login credentials to access the computer resource without consent. Examples disclosed herein can be useful for identifying such security breaches even in cases where the authorized user revealed a password to the intruder for a single or limited use and does not suspect the intruder of thereafter using the computer resource in the authorized user's absence. Examples disclosed herein can cause sending of a report indicative that the computer resource was accessed by the accessor user upon determination of non-availability of a human face in the capture image. Other examples disclosed herein can cause sending of report indicative that the computer resource was accessed by the accessor user upon determination that the non-availability of a human face in the capture image is the result of an intentional act by the accessing user to prevent capture of the image. Accordingly, user satisfaction with products and services that incorporate the disclosed examples of reporting computer resource accesses, and with physical and virtual devices that host or otherwise facilitate such products and services, should increase.

[001 1 ] The following description is broken into sections. The first, labeled

"Environment," describes an environment in which various examples may be implemented. The second section, labeled "Components," describes examples of various physical and logical components for implementing various examples. The third section, labeled "Illustrative Example," presents an example of reporting computer resource accesses. The fourth section, labeled "Operation," describes implementation of various examples.

[0012] ENVIRONMENT: FIG. 1 depicts an example environment 100 in which examples may be implemented as a system 102 for reporting computer resource accesses. Environment 100 is shown to include computing device 104, client devices 106, 108, and 1 10, server device 1 12, and server devices 1 14. Components 104-1 14 are interconnected via link 1 16.

[0013] Link 1 16 represents generally any infrastructure or combination of

infrastructures to enable an electronic connection, wireless connection, other connection, or combination thereof, to enable data communication between components 104-1 14. Such infrastructure or infrastructures may include, but are not limited to, a cable, wireless, fiber optic, or remote connections via telecommunication link, an infrared link, or a radio frequency link. For example, link 1 16 may represent the internet, intranets, and any intermediate routers, switches, and other interfaces. As used herein an "electronic connection" refers generally to a transfer of data between components, e.g., between two computing devices, that are connected by an electrical conductor. A "wireless connection" refers generally to a transfer of data between two components, e.g., between two computing devices, that are not directly connected by an electrical conductor. A wireless connection may be via a wireless communication protocol or wireless standard for exchanging data.

[0014] Client devices 106, 108, and 1 10 represent generally any computing device with which a user may interact to communicate with other client devices, server device 1 12, and/or server devices 1 14 via link 1 16. Server device 1 12 represents generally any computing device to serve an application and corresponding data for consumption by components 104-1 10 and 1 14. Server devices 1 14 represent generally a group of computing devices collectively to serve an application and corresponding data for consumption by components 104-1 10 and 1 12.

[0015] Computing device 104 represents generally any computing device with which a user may interact to communicate with client devices 106-1 10, server device 1 12, and/or server devices 1 14 via link 1 16. Computing device 104 is shown to include core device components 1 18. Core device components 1 18 represent generally the hardware and programming for providing the computing functions for which device 104 is designed. Such hardware can include a processor and memory, a display apparatus 120, and a user interface 122. The programming can include an operating system and applications. Display apparatus 120 represents generally any combination of hardware and programming to exhibit or present a message, image, view, or other presentation for perception by a user, and can include, but is not limited to, a visual, tactile or auditory display. In examples, the display apparatus 120 may be or include a monitor, a touchscreen, a projection device, a

touch/sensory display device, or a speaker. User interface 122 represents generally any combination of hardware and programming to enable interaction between a user and device 104 such that the user may effect operation or control of device 104. In examples, user interface 122 may be, or include, a keyboard, keypad, or a mouse. In some examples, the functionality of display apparatus 120 and user interface 122 may be combined, as in the case of a touchscreen apparatus that may enable presentation of images at device 104, and that also may enable a user to operate or control functionality of device 104. [0016] System 102, discussed in more detail below, represents generally a combination of hardware and programming to enable reporting of computer resource accesses. In some examples, system 102 may be wholly integrated within core device components 1 18. In other examples, system 102 may be implemented as a component of any of computing device 104, client devices 106-1 10, server device 1 12, or server devices 1 14 where it may take action based in part on data received from core device components 1 18 via link 1 16. In other examples, system 102 may be distributed across computing device 104, and any of client devices 106-1 10, server device 1 12, or server devices 1 14.

[0017] COMPONENTS: FIGS. 2A, 2B, 3A and 3B depict examples of physical and logical components for implementing various examples. In FIGS. 2A and 2B various components are identified as engines 202, 204, 206, 208, 210, 212, and 214. In describing engines 202-214 focus is on each engine's designated function.

However, the term engine, as used herein, refers generally to a combination of hardware and programming to perform a designated function. As is illustrated later with respect to FIGS. 3A and 3B, the hardware of each engine, for example, may include one or both of a processor and a memory, while the programming may be code stored on that memory and executable by the processor to perform the designated function.

[0018] FIG. 2A is a block diagram depicting components of a system 102 to report computer resource accesses. In this example, system 102 includes credentials engine 202, image capture engine 204, comparison engine 206, and report engine 208. In performing their respective functions, engines 202-208 may access a data repository, e.g., any memory accessible to system 102 that can be used to store and retrieve data. In an example, credentials engine 202 represents generally a combination of hardware and programming to obtain login credentials for a computer resource, wherein the login credentials provided at a computing device by an accessor user. As used herein, a "login credential" refers generally to any

information or item a user is to provide to gain access to a computer resource. In examples, the login credentials to be provided to access a computer resource may include information such as a user identifier, a user name, a password, and/or answers to presented questions (e.g., answers to personal questions such as "what was the make of your first car" or "what was the name of your first pet"). In examples, login credentials to be provided to access a computer resource may include a digital certificate, or a digital or physical token. As used herein, a

"computer resource" refers generally to any physical component, virtual component, or software application may be included within, or may be accessible, to a computing device. In another example, a computer resource may be a software application, e.g. an application installed upon, or accessible via, a computing device. In another example, a "computer resource" may be a web application that is provided via a server computing device and accessible at a client computing device. In other examples, a "computer resource" may be a memory device, a database, or a network. As used herein, a "computing device" may be a server, computer networking device, chip set, desktop computer, notebook computer, workstation, mobile computing device, tablet computer, smartphone or any other processing device or equipment.

[0019] In an example, the login credentials may be provided at a computing device by the accessor user having interacted, e.g., via a keyboard, mouse, touchpad or voice interaction, with a login screen or other GUI displayed at the computing device. As used herein, "display" refers generally to exhibition or presentation caused by a computer for the purpose of perception by a user. In examples, a display may be a display to be presented at a computer monitor, touchscreen, projection device, or other electronic display device. As used herein, a "display device" refers generally to any combination of hardware and programming configured to exhibit or present the message or other information for perception by a user, and can include, but is not limited to, a visual, tactile or auditory display.

[0020] Continuing with the example of FIG. 2A, credentials engine 202 is to obtain a login time that correlates with the accessor user's provision of the login credentials at the computing device. In a particular example, the credentials engine 202 may receive from the computing device, e.g., via link 1 16, the login time that is, or includes, a timestamp generated by an internal software clock or other system software at the computing device. As used herein, a "timestamp" refers generally to a sequence of characters or encoded information identifying when a certain event, e.g., a login, occurs. In an example, a timestamp may include a year, date, and time of day.

[0021] Image capture engine 204 represents generally a combination of hardware and programming to obtain a captured image of the accessor user. In an example, the captured image is an image captured by a camera included within the computing device or electronically connected to the computing device. As used herein, a "camera" refers generally to any combination of hardware and programming configured to record visual images in a digital format that can be stored, accessed, edited, displayed or printed by certain computing device. In examples, the capture of an image of an accessor user at a computing device may be via an integrated camera (e.g., a tablet computer or smartphone computing device with an included camera), or detection using an attached camera (e.g., a camera that is electronically or wirelessly connected to the computing device).

[0022] Continuing with the example of FIG. 2A, comparison engine 206 represents generally a combination of hardware and programming to compare the obtained captured image to a validation image that is associated with the login credentials. In examples, comparison engine 206 may utilize a facial recognition application in comparing the captured image to the validation image. As used herein, a "facial recognition application" refers generally to a computer application or software for identifying or verifying a person from or via analysis of a digital image. In examples the digital image may be, but is not limited to, a digital or digitized snapshot, or a video frame from a digital video source. In examples, the facial recognition application operates to compare selected facial features from the person in the captured image compare such features to features of the person portrayed in the validation image. In examples, the facial recognition application may identify facial features by identifying landmarks, or features, from an image of the subjects' faces, and analyzing the relative position, size, and/or shape of the eyes, nose,

cheekbones, and jaw. In one example, the facial recognition application may take a geometric approach of analyzing facial features. In another example, the facial recognition application may take a photometric/statistical approach of analyzing facial features that distills an image into values and compares the values to determine matches.

[0023] Report engine 208 represents generally a combination of hardware and programming to responsive to a determination that the accessor user and an authorized user depicted in the validation image are not the same person, send a report indicative that the computer resource was accessed by the accessor user. In an example, report engine 208 may make the determination that the accessor user and an authorized user depicted in the validation image are not the same person based up on data received from comparison engine 206. In another example, report engine 208 may receive the determination that the accessor user and an authorized user depicted in the validation image are not the same person from comparison engine 206.

[0024] Continuing with the example of FIG. 2A, in an example, report engine 208 may send a report that includes some or all of the captured image of the accessor user. In this manner, an authorized user that views the sent report can easily spot any unauthorized or unexpected accessor user images within the report, and draw conclusions regarding unauthorized accesses of the computer resource. In some instances the conclusion may be an easy one, as where the image of the accessor user is an image that is unfamiliar to the authorized user. In other instances the conclusion may be drawn based on a combination of the image of the accessor user and the login time. For instance, an image of a son or daughter might not be completely unexpected to an authorized user as the child may be allowed to utilize the computer resource (e.g., a computing device or web application) for schoolwork or during designated timeframes. However, a login with the image of the child accessor user that occurred outside the expected or boundary timeframes may be interpreted by the authorized user as a breach of the computer resource.

[0025] In an example, report engine 208 may, responsive to a determination that the captured image is not usable to determine whether the accessor user and the authorized user are a same person, send a report indicative that the computer resource was accessed by the accessor user. In an example, report engine 208 may make the determination that the captured image is not usable to determine whether the accessor user and the authorized user are a same person based up on data received from comparison engine 206. In another example, report engine 208 may receive the determination that the captured image is not usable from

comparison engine 206. In this manner, an authorized user is alerted that no captured image is available for the login, such that the authorized user can follow up and investigate as the authorized user deems appropriate or necessary.

[0026] Continuing with the example of FIG. 2A, in another example of the disclosure, report engine 208 may, responsive to a determination that the accessor user took action to render the captured image unusable, send a report indicative that the accessor user sought to avoid detection. Examples of an attempt to make the captured image unusable include, but are not limited to, the accessor user completely or partially blocking the lens of the camera or otherwise impairing use of the camera. In an example, report engine 208 may make the determination that the accessor user took action to render the captured image unusable based up on data received from comparison engine 206. In another example, report engine 208 may receive the determination that the accessor user took action to render the captured unusable from comparison engine 206. In this manner, an authorized user may be alerted of apparent accessor user attempts to block a camera at the computing device to avoid detection, without a requirement that every incidence of lack of a useful image being deemed a security breach. After an authorized user is alerted that an accessor user took action to render the captured unusable, the authorized user can utilize this information to follow up and investigate.

[0027] In another example of the disclosure, report engine 208 may, responsive to a determination that the captured image is of an image of a photograph or effigy of the authorized user, send a report indicative that the computing device was accessed by the accessor user. As used herein, a "photograph" of a subject refers to any print, picture, drawing, painting, snapshot, or other two dimensional physical

representation of the subject or a feature or features of the subject. As used herein, an "effigy" of a subject refers generally to a sculpture, model, or other three dimensional representation of the subject or a feature or features of the subject. For instance, the accessor user may have attempted to gain access to the computer resource by placing a photograph or effigy in front of the computing device's camera in an attempt to trick or spoof the security system's 102 facial recognition software into interpreting detection of the photograph or effigy as a detection of a real-time presence of the authorized user. In an example, report engine 208 may determine the captured image is an image taken of a photograph, versus an image of the authorized user, by recognizing the underlying media of the photograph. In examples, report engine 208 may determine the captured image is an image taken of a photograph or effigy, versus an image of the authorized user, by recognizing an ink, marking material, building material, or media of the photograph or effigy.

[0028] Continuing at FIG. 2A, in an example the validation image that the

comparison engine 206 compares to the captured image is associated with an address, and report engine 208 is to send the report to the address. In another example the validation image is associated with an address, and report engine 208 is to send the report to the address. As used herein, an "address" refers generally to a character string, text, image, graphic, or other element that identifies a destination to which electronic messages can be sent or delivered. In examples, the address may be, but is not limited to, an email address, a SMS or other text message service address, or an IP address or other network address. In a particular example, report engine 208 may send the report to an address for a receiver computing device that is distinct from the computing device accessed by the accessor user. In examples, the report may be sent over a link 1 16 via a networking protocol, including but not limited to Transmission Control Protocol/Internet Protocol ("TCP/IP"), HyperText Transfer Protocol ("HTTP"), and/or Session Initiation Protocol ("SIP").

[0029] FIG. 2B is a block diagram depicting components of a system 102 to report computer resource accesses. In this example, system 102 includes login engine 210, capture engine 212, and sending engine 214. In performing their respective functions, engines 210-214 may access a data repository, e.g., any memory accessible to system 102 that can be used to store and retrieve data. In an example, login engine 210 represents generally a combination of hardware and programming to receive, from an accessor user and at a computing device login credentials for a computer resource. In a particular example, the computer resource may be the first computing device. In another example, the computer resource may be a software application accessible at or via the computing device.

[0030] Capture engine 212 represents generally a combination of hardware and programming to, utilizing a camera included within or electronically connected to the computing device, capture an image of the accessor user concurrent with receipt of the login credentials. Capture engine 212 additionally captures a login time at which the login credentials were received at the computing device.

[0031] Continuing with the example of FIG. 2B, sending engine 214 represents generally a combination of hardware and programming to send the captured image and the login time to a second computing device distinct from the first computing device. The second computing device is to compare the captured image and a validation image associated with the login credentials. Responsive to a

determination that the accessor user and an authorized user depicted in the validation image are not the same person, the second computing device is to send a report indicative that the computer resource was accessed by the accessor user.

[0032] With reference back to FIG. 1 in view of FIGS. 2A and 2B, in one example system 102 may include a reporting service component 216 that includes engines 202-208 operating on server device 1 16 (or one or more other devices shown or not shown in FIG.1 ) and/or a client component 218 that includes engines 210-214 operating on client device 1 12 (or one or more other devices not shown in FIG. 1 ). In other examples, system 102 may include engines 202-208 and/or engines 210- 214 included within, or distributed across, any one or several of computing device 104, client devices 106-1 10, server device 1 12, or server devices 1 14.

[0033] In the foregoing discussion of FIGS. 2A and 2B, engines 202-214 were described as combinations of hardware and programming. Engines 202-214 may be implemented in a number of fashions. Looking at FIGS. 3A and 3B the programming may be processor executable instructions stored on a tangible memory resource 320 and the hardware may include a processing resource 322 for executing those instructions. Thus memory resource 320 can be said to store program instructions that when executed by processing resource 322 implement system 102 of FIGS. 2A and 2B.

[0034] Memory resource 320 represents generally any number of memory

components capable of storing instructions that can be executed by processing resource 322. Memory resource 320 is non-transitory in the sense that it does not encompass a transitory signal but instead is made up of more or more memory components to store the relevant instructions. Memory resource 320 may be implemented in a single device or distributed across devices. Likewise, processing resource 322 represents any number of processors capable of executing instructions stored by memory resource 320. Processing resource 322 may be integrated in a single device or distributed across devices. Further, memory resource 320 may be fully or partially integrated in the same device as processing resource 322, or it may be separate but accessible to that device and processing resource 322.

[0035] In one example, the program instructions can be part of an installation package that when installed can be executed by processing resource 322 to implement system 102. In this case, memory resource 320 may be a portable medium such as a CD, DVD, or flash drive or a memory maintained by a server from which the installation package can be downloaded and installed. In another example, the program instructions may be part of an application or applications already installed. Here, memory resource 320 can include integrated memory such as a hard drive, solid state drive, or the like.

[0036] In FIG. 3A, the executable program instructions stored in memory resource 320 are depicted as credentials module 302, image capture module 304, comparison module 306, and report module 308. Credentials module 302 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to credentials engine 202 of FIG. 2A. Image capture module 304 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to image capture engine 204 of FIG. 2A. Comparison module 306 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to comparison engine 206 of FIG. 2A. Report module 308 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to report engine 208 of FIG. 2A.

[0037] In FIG. 3B, the executable program instructions stored in memory resource 320 are depicted as login module 310, capture module 312, and sending module 314. Login module 310 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to login engine 210 of FIG. 2B. Capture module 312 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to capture engine 212 of FIG. 2B. Sending module 314 represents program instructions that when executed by processing resource 322 may perform any of the functionalities described above in relation to sending engine 214 of FIG. 2B.

[0038] ILLUSTRATIVE EXAMPLE: FIGS. 4 and 5, in view of FIGS. 1 , 2A, and 2B, illustrate an example of system 102 for sending computer resource access reports with captured images of accessor users. Beginning at FIG. 4, in this example, system 102, hosted at a computing device such as server device 1 12 (FIG. 1 ) or distributed over a set of computing devices such as server system 1 14 (FIG. 1 ), obtains, e.g., via a network 1 16, login credentials 402 for a first computing device 404. The login credentials 402 are provided by an accessor user 406 via the accessor user's interaction with a login graphic user interface 428 at the first computing device 404. System 102 also obtains a login time 408 indicative of a time the accessor user 406 provides the login credentials 402 at the first computing device 404.

[0039] Continuing at FIG. 4, system 102 obtains a captured image 412 of the accessor user 406, the captured image 412 having been captured by a camera 426 included within first computing device 404. The image capture occurred concurrent with accessor user's 406 provision of the login credentials 402 at the first computing device 404. System 102 compares the captured image 412 to a validation image 414 associated with the login credentials 402. In this example, system 102 accesses a database 424 via a network 1 16 to identify and obtain the validation image 414 stored in association with the login credentials 402.

[0040] Continuing at FIG. 4, responsive to determination that the accessor user 406 and an authorized user 416 depicted in the validation image 414 are not a same person, system 102 sends to a network address 422 for the second computing device 420, an access report 418 that includes some or all of the captured image 412. In this example, system 102 accesses database 424 to identify the network address 422, wherein the network address was stored at the database 424 in association with the validation image 414 for the authorized user 416. In other examples, the address may be stored in association with a user name or other identifier for the authorized user, rather than in association with the validation image 414. Further, in other examples, system 102 might send the access report 418 via an address other than a network address, e.g., via an email address or a SMS address.

[0041] Moving to FIG. 5 in view of FIG. 4, in this example the access report 418 sent by system 102 to the network address 422 for second computing device 420 includes a set of login times 408S and a corresponding set of captured images 412S for the first computing device 404. In this example the access report 418 also includes the validation image 414 that system 102 compares with the captured images 412S to determine whether the validation image 414 and the captured image depict the same person. In this example, the access report 418 includes a "Match" column 502 wherein a "Yes" entry indicates that the applicable captured image 412 and the validation image 414 depict a same person.

[0042] Continuing at FIG. 5, in this example, a "Yes" entry 506 in the "Match" column 502 is to indicate that the applicable captured image 412S and the validation image 414 depict a same person. For instance, the first row of the access report 418 indicates an accessor user logged in to first computing device 404 with the login ID "AmyN1234" 504 at 06:55 March 1 , 2015, and that the captured image 412A matches the validation image 414 that is associated with the login ID "AmyN1234" 504. [0043] Continuing at FIG. 5, a "No" entry 508 in the "Match" column 502 is to indicate that the applicable captured image 412S and the validation image 414 do not depict a same person. For instance, the second row of the report indicates an accessor user logged in to first computing device 404 with the login ID "AmyN1234" 504 at 18:07 March 1 , 2015, and that the captured image 412B does not match the validation image 414 that is associated with the login ID "AmyN1234" 504.

[0044] Continuing at FIG. 5, row five of the access report 418 indicates that at 21 :01 March 4, 2015 the first computing device 404 was accessed by an accessor user for whom no usable captured image is available. In this example the access report 418 includes a "No" entry 510 in the "Match" column 502 responsive to system 102 having determined the captured image 412C to be blurred and unusable for a comparison with the validation image 414. In another example, the access report may include information that an accessor user sought to avoid detection, responsive to system 102 determining from the details of the accessor image 412C that the accessor user took deliberate action to render the captured image unusable,

[0045] Continuing at FIG. 5, in this example the authorized user 416 that has the user ID "AmyN1234" 504 can thus receive or access the access report 418 at the second computing device 420, and in turn review the access report 418 to identify potential security breaches. In examples, the authorized user may, in identifying potential security breaches, scan the access report 418 for images of unfamiliar accessor users. In other examples, the authorized user 416 may scan the access report 418 to identify familiar accessor users that have accessed the first computing device without permission from the authorized user.

[0046] OPERATION: FIG. 6 is a flow diagram of implementation of a method for reporting accesses to a computer resource. In discussing FIG. 6, reference may be made to the components depicted in FIGS. 2A and 3A. Such reference is made to provide contextual examples and not to limit the manner in which the method depicted by FIG. 6 may be implemented. A login time and login credentials for a computer resource are obtained. The login credentials were provided at a computing device by an accessor user (block 602). Referring back to FIGS. 2A and 3A, credentials engine 202 (FIG. 2A) or credentials module 302 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 602. [0047] A captured image of the accessor user is obtained, the captured image having been captured at the computing device concurrent with provision of the login credentials (block 604). Referring back to FIGS. 2A and 3A, image capture engine 204 (FIG. 2A) or image capture module 304 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 604.

[0048] The captured image is compared to a validation image associated with the login credentials (block 606). Referring back to FIGS. 2A and 3A, comparison engine 206 (FIG. 2A) or comparison module 306 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 606.

[0049] Responsive to determination that the accessor user and an authorized user depicted in the validation image are not a same person, a report indicative that the computer resource was accessed by the accessor user is sent (block 608).

Referring back to FIGS. 2A and 3A, report engine 208 (FIG. 2A) or report module 308 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 608.

[0050] FIG. 7 is a flow diagram of implementation of a method for sending computing device access reports that include a captured images of accessor users. In discussing FIG. 7, reference may be made to the components depicted in FIGS. 2A and 3A. Such reference is made to provide contextual examples and not to limit the manner in which the method depicted by FIG. 7 may be implemented. Login credentials are obtained, the login credentials having been provided at a computing device by an accessor user. A login time is obtained (block 702). Referring back to FIGS. 2A and 3A, credentials engine 202 (FIG. 2A) or credentials module 302 (FIG. 3A), when executed by processing resource 322, may be responsible for

implementing block 702.

[0051] A captured image of the accessor user is obtained. The captured image was captured at the computing device concurrent with provision of the login credentials (block 704). Referring back to FIGS. 2A and 3A, image capture engine 204 (FIG. 2A) or image capture module 304 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 704.

[0052] The captured image is compared to a validation image associated with the login credentials (block 706). Referring back to FIGS. 2A and 3A, comparison engine 206 (FIG. 2A) or comparison module 306 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 706. [0053] Responsive to determination that the accessor user and an authorized user depicted in the validation image are not a same person, a report is sent to an address associated with the validation image or with the authorized user. The report includes some or all of the captured image and is indicative that the computing device was accessed by the accessor user (block 708). Referring back to FIGS. 2A and 3A, report engine 208 (FIG. 2A) or report module 308 (FIG. 3A), when executed by processing resource 322, may be responsible for implementing block 708.

[0054] CONCLUSION: FIGS. 1 -7 aid in depicting the architecture, functionality, and operation of various examples. In particular, FIGS. 1 , 2A, 2B, 3A, and 3B depict various physical and logical components. Various components are defined at least in part as programs or programming. Each such component, portion thereof, or various combinations thereof may represent in whole or in part a module, segment, or portion of code that comprises executable instructions to implement any specified logical function(s). Each component or various combinations thereof may represent a circuit or a number of interconnected circuits to implement the specified logical function(s). Examples can be realized in any memory resource for use by or in connection with processing resource. A "processing resource" is an instruction execution system such as a computer/processor based system or an ASIC

(Application Specific Integrated Circuit) or other system that can fetch or obtain instructions and data from computer-readable media and execute the instructions contained therein. A "memory resource" is any non-transitory storage media that can contain, store, or maintain programs and data for use by or in connection with the instruction execution system. The term "non-transitory" is used only to clarify that the term media, as used herein, does not encompass a signal. Thus, the memory resource can comprise any one of many physical media such as, for example, electronic, magnetic, optical, electromagnetic, or semiconductor media. More specific examples of suitable computer-readable media include, but are not limited to, hard drives, solid state drives, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory, flash drives, and portable compact discs.

[0055] Although the flow diagrams of FIGS. 6 and 7 show specific orders of execution, the order of execution may differ from that which is depicted. For example, the order of execution of two or more blocks or arrows may be scrambled relative to the order shown. Also, two or more blocks shown in succession may be executed concurrently or with partial concurrence. All such variations are within the scope of the present disclosure.

[0056] The present disclosure has been shown and described with reference to the foregoing examples. It is to be understood, however, that other forms, details and examples may be made without departing from the spirit and scope of the invention that is defined in the following claims. All of the features disclosed in this

specification (including any accompanying claims, abstract and drawings), and/or all of the blocks or stages of any method or process so disclosed, may be combined in any combination, except combinations where at least some of such features, blocks and/or stages are mutually exclusive.