Abstract: Systems and methods are provided for establishing personal connections between blinded secure non-random interested users. In an embodiment, at least one processor may be configured to execute instructions to perform operations comprising: receiving a first input from a first user comprising first identification parameters associated with a second user; receiving a second input from the second user comprising second identification parameters associated with the first user; determining a match based on the first and second inputs; and based on the determined match, notifying at least one of the first or second users of the determined match.

Abstract: An apparatus and methods for training an educational machine-learning model, the apparatus includes a sensory device configured to capture an external datum pertaining to a user, at least a processor in communication with the sensory device, and a memory containing instructions configuring the at least a processor to receive the user data, wherein the user data includes the external datum captured by the sensory device, and a user input accepted through a visual interface, authenticate the user as a function of the external datum using a user authentication module, generate educational training data as a function of the user data, train an educational machine-learning model using the educational training data, and determine a user input modifier as a function of the trained educational machine-learning model.

Abstract: Techniques and systems are provided for authenticating a user of a device. For example, input biometric data associated with a person can be obtained. A similarity score for the input biometric data can be determined by comparing the input biometric data to a set of templates that include reference biometric data associated with the user. The similarity score can be compared to an authentication threshold. The person is authenticated as the user when the similarity score is greater than the authentication threshold. The similarity score can also be compared to a learning threshold that is greater than the authentication threshold. A new template including features of the input biometric data is saved for the user when the similarity score is less than the learning threshold and greater than the authentication threshold.

Abstract: In response to determining that the authentication function operating on the authentication node on a network is not responsive, a re-direct message may be communicated to at least one edge device on the network that requests of the authentication function on the authentication node be re-directed to a different authentication node.

Abstract: According to one embodiment, a system for detecting an email campaign includes feature extraction logic, pre-processing logic, campaign analysis logic and a reporting engine. The feature extraction logic obtains features from each of a plurality of malicious email messages received for analysis while the pre-processing logic generates a plurality of email representations that are arranged in an ordered sequence and correspond to the plurality of malicious email message. The campaign analysis logic determines the presence of an email campaign in response to a prescribed number of successive email representations being correlated to each other, where the results of the email campaign detection are provided to a security administrator via the reporting engine.

Abstract: A computer-implemented method includes: receiving, by an authentication device, from a client device and via a network device, a plurality of passcode packets as part of a request to be authenticated by the authentication device; recording, by the authentication device, a sequence of port identifiers corresponding to respective ports of the network device via which the plurality of passcode packets are received; and authenticating, by the authentication device, the client device based on the sequence of port identifiers.

Abstract: Provided herein are systems and methods for global data objects on a data platform where the global data objects are accessible at an organization level. In particular, an organization-level global data object provided by various embodiments can be used as a generic organization object that is owned by a specific organization, and can be managed (e.g., created, deleted, or modified) by use of a leader-based model.

Abstract: Securely storing data includes encrypting the data using a random key to provide obfuscated data, scrambling the obfuscated data to provide scrambled obfuscated data, generating a scramble schema indicating how to unscramble the scrambled obfuscated data, encrypting the scrambled obfuscated data to provide encrypted scrambled obfuscated data, splitting the scramble schema, and distributing separate portions of the scramble schema and separate portions of the encrypted scrambled obfuscated data to separate entities. The data may be private key data. Securely storing data may also include concatenating the random key on to the obfuscated data prior to scrambling the obfuscated data, wherein the random key is scrambled together with the obfuscated data. Scrambling the obfuscated data may use a Fisher Yates Shuffle mechanism. Securely storing data may also include generating and distributing a symmetric authentication key that is used to authenticate a first entity to a second entity.

Abstract: Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.

Abstract: Systems and methods for implementing multi-factor system-to-system authentication using secure execution environments. An example method comprises: determining, by a first computing system, using a secure execution environment, a measure of one or more computing processes running on the first computing system; presenting, to a second computing system, a first authentication factor derived from the measure; computing, using the secure execution environment, a second authentication factor derived from at least one of: one or more first data items received from the second computing system, one or more confidential second data items received from one or more third computing systems, or one or more public data items received from one or more fourth computing systems; and presenting the second authentication factor to the second computing system.

Abstract: Computer implemented systems and methods are provided for securing data. In some embodiments, a system for securing data may comprise one or more processors configured to receive a request for data over a network. The one or more processors may be configured to identify one or more confidential portions of data within the requested data. The one or more processors may be further configured to transmit the confidential portions of data to a hardware device configured to secure the confidential portions of data, and receive the secured data from the hardware device.

Abstract: In various embodiments, once the client registers onto the system, a third party (a “requestor”) may transmit a request to the client for the client to provide the requestor with access to the client data. In at least one embodiment, a requestor may be an entity or person that desires to utilize client data for the requestor's business purposes. In one embodiment, upon registration with the application, the system generates and assigns the requestor a requestor key. In one or more embodiments, the system transmits the requestor key along with each requestor request. In some embodiments, the client may accept or reject the requestor's request. In many embodiments, if the client accepts the requestor's request, the system grants the requestor access to the client data.

Abstract: Representative embodiments of operating a secured device requiring user authentication include receiving a request from a user for operating the device without prior authentication; granting the user temporary access to the device in accordance with a security policy that specifies a predetermined time interval and/or a predetermined number of device operations within which authentication must occur to continue at least some operations of the device; computationally storing an audit trail identifying the temporary access and actions performed during the temporary access; and upon determining that authentication has not been provided within the predetermined time interval or number of device operations, preventing at least some operations of the device and updating the audit trail to specify expiration of the temporary access.

Abstract: The present methods and systems relate to using and accessing data stored in a blockchain, and in particular, interacting with the blockchain and users via smart contracts to handle account funding and distribution methods. The methods and systems include receiving a transaction from a participant, and verifying the transaction, such as by accessing a smart contract stored on the blockchain and checking a set of parameters against a set of conditions stored in the smart contract. Depending on whether the set of parameters satisfy the conditions, the results may be communicated to participants about the success or failure of the transaction.

Abstract: Disclosed is a fault event detector configured to detect a fault injection event in an area of a chip that includes a vulnerable digital circuit. Such a fault event detector may include a bistable device that changes state at least partially in response to a presence of a fault injection event in a surrounding area of the fault event detector. Such a fault event detector may be arranged relative to a vulnerable digital circuit such that the vulnerable digital circuit is substantially located within the surrounding area of the first fault event detector.

Abstract: A relay service can relay messages between controllers and electronically controllable accessory devices that may be located remotely from the controllers. Relaying of messages by the relay service can be decoupled from any knowledge of the functionality of the accessory or the content of the messages. Device identification and relaying of messages can be managed using “relay aliases” that are meaningful only to the relay service and the endpoint devices (the controller and accessory). The endpoint devices can implement end-to-end security for messages transported by the relay service.

Abstract: A device detects a communication involving a user associated with an account and a service representative, and sends, to a user device associated with the account, an authentication notification that causes the user device to display an authentication field for the user. The device sends, to a service representative device associated with the service representative, a message that indicates that the service representative is to request, via the communication, the user to enter personal information associated with the user into the authentication field, where the user device is configured to generate a first authentication code based on a user input received from the user device in the authentication field. The device generates a second authentication code based on personal information associated with the account from a data structure, receives the first authentication code, and performs an action based on the first authentication code and the second authentication code.

Abstract: Embodiments of the present disclosure relate to methods, apparatuses and computer readable storage media for inter-network communication. A first edge protection proxy in a first network receives a request for an access token from a network repository function in the first network. The access token is to be used by a first network function in the first network to request a service from a second network function in a second network. The first edge protection proxy validates the request based on configurations allowed to access services provided by networks different from the first network. If the validation of the request is successful, the first edge protection proxy transmits the request to a second edge protection proxy in the second network. The transmitted request comprises verified information concerning the first network function.

Abstract: Systems and methods for using JavaScript Object Notation (JSON) Web Tokens for information security for a particular software-controlled application are disclosed. Exemplary implementations may: store information electronically, including different types of client-provided information, hardware information, key information, and permission information; provide individual JWTs that include individual expiration dates to individual users; receive a user request for continued access and/or use of the particular software-controlled application; perform different types of (automated) verification based on the client-provided information in the user request; and, responsive to particular results from the different types of verification, perform some combination of transferring a response to the user request and accepting or denying continued access and/or use of the particular software-controlled application.

Abstract: Various embodiments of the present disclosure provide techniques for facilitating a credential-less exchange over a network using a plurality of identifier mapping and member interfaces. The techniques may include initiating the presentation of an enrollment user interface via a client device of a user and receiving selection data indicative of a selection of a service provider instrument from the enrollment user interface. The techniques include generating a matching code for authenticating the user, providing the matching code to a service provider platform, and receiving the matching code from a partner platform. In response to an authentication of the user based on the matching code, the techniques may include generating an UUEK for the user that may be used to replace persistent credentials.