Abstract: A technique is provided that integrates authentication from a mobile device (e.g., using biometrics, social informational data, questions and answers, and more) to allow login to laptops and desktops while they are disconnected from the Internet using a USB cable connection, Bluetooth or local wifi or any other similar protocol and/or connected to Internet without USB. The technique provides a cloud clearinghouse that ties a person's or entity's mobile device(s) to an identity that's used to authenticate a person (could be the same person) on a laptop, desktop, or similar computer system.

Abstract: This disclosure describes techniques for performing enhanced authentication of a device based on physical and logical proximity of the device to one or more other authenticated devices. An example method includes performing, at a first time, a first authentication of a first device or a first user of the first device and determining that the first device is connected to at least one second device in a communication session. The at least one second device or at least one second user of the at least one second device are authenticated. The example method further includes determining a reauthentication interval based on the first device being connected to the at least one second device in the communication session and initiating, at a second time that is after the first time by the reauthentication interval, a second authentication of the first device or the first user of the first device.

Abstract: Methods and systems for a media guidance application that provides advanced parental control features such as allowing parents to establish parental controls in a dynamic and individualized manner and allowing parents to track and/or limit the amount of time that a child views media content of a particular type.

Abstract: Embodiments are directed to credential management for distributed services. A plurality of mesh agents for an overlay network may be provided such that the overlay network may be employed to provide a secure tunnel between a client and a resource server. If client request that requires user credentials is provided to a mesh agent associated with the resource server, credential instructions may be provided to the mesh agent and the credential instructions may be employed to determine credential information that enables access to the resource server. The mesh agent may be employed to communicate the client request and the credential information to the resource server; determining a response to the client request from the resource server; employing the mesh agent to receive a response to the client request from the resource server and forwarded to the client over the overlay network.

Abstract: The presently disclosed technology is directed to combatting data theft, particularly of verified authentication data (or hashes thereof) such as login information, thumbprint data, digital signatures, identification numbers, and any other data that should be known to an accessor of stored data. The verified authentication data is initially saved for later comparison in a new type of memory, write-and-compare-only memory, where the data may be queried as to whether a to-be-verified value matches the stored verified value, but the stored and verified data is not read from the write-and-compare-only memory. This prevents a data breach by preventing the verified authentication data from being read by anyone, including those with access (whether legitimate or illegitimate) to any system connected to the write-and-compare-only memory.

Abstract: Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a first reader-writer system, a first data access request. Based on receiving the first data access request, the computing platform may authenticate the first reader-writer system using a first data container object. After authenticating the first reader-writer system, the computing platform may rotate a first data track comprising a plurality of datasets to align a first dataset of the plurality of datasets with the first data container object. After rotating the first data track, the computing platform may retrieve first information from the first dataset using the first data container object. Subsequently, the computing platform may send, to the first reader-writer system, the first information retrieved from the first dataset using the first data container object.

Abstract: Methods and systems for detecting an electronic intrusion are described. The system receives a notification, over a network, from a first application server that is hosting a first electronic service that is hosting a first user account. The notification reports the detection of a user activity associated with the first user account. The first user account is monitored for user activity. Next, the system may identify the notification reporting the detection of the user activity associated with the first user account as a possible electronic intrusion into the first account.

Abstract: Embodiments provide methods, and computing devices for auto-submission of user authentication credential. A method includes initiating, by a first computing device of a user, a detection of a pre-paired second computing device of the user based at least on an application requiring a credential to be entered. The application is running on the first computing device and the credential is pre-stored in an encrypted form on a companion application running on the second computing device. The method includes generating a communication channel with the second computing device based at least on generating a mutual authentication key by the first and second computing devices. The method includes sending a request to receive the credential to the second computing device. The method includes receiving the credential in the encrypted form. The method includes decrypting the credential. The method includes facilitating the entering of the credential on the application without user intervention.

Abstract: A service computing system receives an API call in which an authorization token, that contains an identifier in the content of the authorization token, is included in a header of the API call. The identifier is also included as a parameter passed in with the API call. The service computing system parses the API call to obtain the authorization token, and the identifier included in the authorization token. It also obtains the identifier passed in as a parameter of the API call. The service computing system compares the identifier obtained from the authorization token to the identifier passed in as a parameter of the API call to determine whether they match. If they do not match, the API call is processed as an unauthorized API call. A security system in the service computing system authorizes the API call based on the comparison.

Abstract: A computing device sends a request for an attestation certificate to an attestation service along with information regarding the hardware and/or software of the device. The attestation service processes the request and verifies the information received from the device. After verifying the information, the attestation service selects a public/private key pair from a collection of reusable public/private key pairs and generates an attestation certificate for the device and public key of the public/private key pair. This attestation certificate is digitally signed by the attestation service and returned to the device. The private key of the selected public/private key pair is also encrypted to a trusted secure component of the device, ensuring that the key cannot be stolen by malware and re-used on another device, and is returned to the device. The device uses this attestation certificate to access relying parties, and optionally generates additional public/private key pairs and attestation certificates.

Abstract: Concepts for defining and processing an expression of an enterprise workspace application are presents. Such concepts may associate an expression of an enterprise workspace application with a modified version of the expression and a state flag which is configured to define whether processing of at least part of the expression is to be based on (i.e. employ) the modified version of the expression. In this way, there may be provided concepts for protecting against malicious users setting triggers or overriding function definitions that cause other users to perform unexpected activities.

Abstract: A system and method for conducting a computerized surveillance in a computerized environment, including: initiating an installation of an agent on an endpoint device (EPD) in response to an indication of a potential malicious activity executed on the EPD; activating the agent to collect data on the EPD; based on the analysis of the collected data, selecting at least one mitigation action to be executed by the agent; and initiating an uninstallation of the agent from the EPD.

Abstract: Systems and methods for fact management are provided. Such system may include a storage repository may hold evidence data that includes citable, digital information. Further, an evidence certification process may be executed to determine veracity of the evidence data. Meanwhile, a credentialing process may be executed to record a history associated with the evidence data. Such history may include a history of one or more users. A source monitoring process may be executed to detect historical changes to evidence data, which may be recorded by the credentialing process.

Abstract: Systems and methods for providing a single sign-on for authenticating a user via multiple client devices is provided. For example, the system includes a processor configured to receive a first connection request from a first client device. The processor processes the first connection request and transmits an access token to the first client. The processor can further receive a second connection request from a second client device and process the second connection request. The processor can transmit a single sign-on response to the second client device in reply to the second connection request. The second client device can be configured to communicated with and transmit the single-sign on response to the first client device for processing. The processor can receive a single sign-on verification from the first client device, process the single sign-on verification, and transmit a copy of the access token to the second client device.

Abstract: Systems and methods are provided for establishing personal connections in a network following secure verification of interested parties. The disclosed embodiments may involve a system comprising a memory and a processor. The disclosed embodiments may require unique sets of identification parameters of each user in order to ensure a user has been properly verified prior to use of the system.

Abstract: Techniques are described herein that are capable of using an authentication package from a primary authentication system to authenticate a principal by a backup authentication system. The authentication package includes an authentication artifact, which is signed with a cryptographic key by the primary authentication system and which includes claim(s) that are usable to authenticate the principal, and further includes metadata. The metadata includes credential verification information that is usable to verify a credential of the principal and a first principal identifier that identifies the principal. A request to authenticate the principal is received at the backup authentication system. The request includes the credential and a second principal identifier that identifies the principal.

Abstract: Bootstrapping trust in decentralized identifiers (DIDs) includes in response to receiving a request from an entity associated with a DID in a decentralized system, obtaining a DID document associated with the DID, and extracting a linked domain that is linked to the DID from the DID document. The DID document contains data associated with the DID that is recorded on the distributed ledger. The request contains the DID and data associated with the DID. Metadata associated with the linked domain is then retrieved from a domain name system (DNS). Based on the metadata associated with the linked domain and the data associated with the DID contained in the request, a trust score, indicating trustworthiness of the DID, is generated.

Abstract: Computer-implemented methods and systems are provided for the detection of software presence remotely through the web browser by detecting the presence of webinjects in a web browser that visits a detection webpage. The methods can include delivering a detection webpage to a web browser, in which the detection webpage has detection code configured to detect a presence of the webinject in the detection webpage; and inspecting, by the detection code, rendering of content of the detection webpage in the browser to detect webinject content in the detection webpage by the webinject, the webinject content including one or more Hypertext Markup Language (HTML) components. The method can further include, if webinject content is detected, generating a fingerprint for each of the one or more HTML components; transmitting the one or more fingerprints to an external server; and classifying, by the external server, the webinject based on the one or more fingerprints.

Abstract: A method and a system of restricting data packet transmission of an apparatus at a network node. The network node, during a first time period, updates a whitelist and does not restrict data packet transmission according to the whitelist. After the first time period, the network node determines corresponding destination address of each of the data packets and allows the data packets to be sent to the corresponding destination address if a criteria is satisfactory. The network node does not allow the data packets to be sent to the corresponding destination address if the criteria is not satisfactory. The whitelist is comprised of at least one destination address. The criteria is based on the at least one destination address. The whitelist list is stored in non-transitory computer readable storage medium in the network node.

Abstract: A method includes: setting up, by a first network device, a MACSec channel to a second network device according to the MACSec protocol; and sending, by the first network device, an ACP packet to the second network device by using the MACSec channel, where the ACP packet is carried in a MACSec frame, and a frame header of the MACSec frame carries identification information used to identify the ACP packet. By means of the packet transmission method, MACSec channel is set up between adjacent nodes in a self-organizing network according to the MACSec protocol, and an ACP packet is transmitted between the adjacent nodes by using the MACSec channel and processed.