This security feature was introduced in Omnicept 1.12. In Omnicept 1.12 and later runtimes, the runtime will notify the user that an unknown client is attempting to connect to the Omnicept service. The request comes through as a Windows desktop notification (aka a Windows toast notification). Only authorized clients will be sent sensor data, meaning no Omnicept data will be sent to your client app until the user approves. The request can also be found via the tray app under Clients. Once a client is authorized, the user will no longer be prompted to accept/deny sensor data unless the identifier of the application changes or the license subscription changes (i.e. Trial license then transistioning to Core). A user can also manually deny an application by going into Omnicept Tray and deleting the authorized client of interest.
The application is launched (with Windows Task Scheduler) automatically when a user logged on to Windows. In your Windows system tray, you will see this Omnicept icon that represent the Omnicept Tray app
Clicking on the icon brings up the HP Omnicept Tray user interface. The user interface consists of three pages and provides the following functionalities. A user can navigate to different pages by clicking entries in the navigation pane on the left.
- General – General information on HP Omnicept Runtime
- Clients – Omnicept client subscriptions management
- Sensor Privacy – Sensor privacy settings
On the main page, there is the possibility to change the Omnicept Client Approval Settings. The Approval Settings will toggle whether a new app connecting to Omnicept will require to be manually authorized or not.
In addition to the user interface, the HP Omnicept Tray also shows toast notification when an Omnicept client subscribes to biometric data and requires subscriptions approval from the user.
This page shows the status and version of HP Omnicept Runtime. It also shows whether HP Omnicept Tray, which is an Omnicept client as well, is connected to HP Omnicept Runtime or not.
This page shows the subscriptions approval status of Omnicept clients. It consists of three tables. The first table lists authorized Omnicept clients. The second table lists incoming subscriptions requests from Omnicept clients. And the third table lists forbidden Omnicept clients.
Click on each entry in the tables shows details of the Omnicept client. Details include:
- Executable name
- Publisher name of the digital certificate (if the executable is digitally signed)
- Executable location
- Thumbprint of the digital certificate (if the executable is digitally signed)
- Executable file hash
- Message types subscribed by this Omnicept client
To delete an entry in the authorized or forbidden tables, click on the trash can button on the right.
When an Omnicept client connects to the HP Omnicept Runtime for the first time, the HP Omnicept Tray shows a toast notification prompting the user to accept or deny the subscriptions request. The HP Omnicept Tray also adds the same request to the incoming subscriptions request table in this page. The user can click the accept button in toast notification or the checkmark button in the incoming subscriptions request table to accept the request. Once accepted, the request is removed from the table and a new entry is added to the authorized table. Same for the deny button in toast notification or the X mark button in the incoming subscriptions request table to deny the request.
If the incoming subscriptions request and/or toast notification is not accepted or denied within 5 minutes, it will expire and disappear.
Note that toast notifications are silenced when "Focus assist" is activated in Windows. For example, "Focus assist" is automatically activated when training with VR content and playing games in full-screen mode. In this case, silenced toast notifications show up in Windows Action Center directly.
Finally, depending on the digital signature of the executable of the Omnicept client, or the lack thereof, toast notification uses a different logo.
The executable is signed, and the digital signature is valid
The executable is signed but the digital signature is invalid (e.g., expired, or self-signed)
The executable is not signed
Sensor Privacy Page
This page shows toggles to enable or disable sensors to collect biometric data. This provides similar functionality to the checkbox at the end of the installer, except sensors can be enabled or disabled individually.
The user needs to accept the EULA to unlock this page.
Note that HP Reverb G2 Omnicept Edition Headset Setup App (device companion app for HP Reverb G2 Omnicept Edition) currently provides this functionality as well. It will be removed from the Headset Setup App in later release.
Caveats and Limitations
The HP Omnicept Tray does its best keeping information (e.g., connectivity, authorized Omnicept clients, etc.) synced with HP Omnicept Runtime automatically. However, a user can also force synchronization by switching to another page and switch back.