Abstract: A computer device may include a memory configured to store instructions and a processor configured to execute the instructions to receive a request from a user equipment (UE) device to resolve a Domain Name System (DNS) query for a Uniform Resource Locator (URL) and determine that the URL corresponds to a malicious URL. The processor may be further configured to select to not resolve the DNS query in response to determining that the URL corresponds to a malicious URL and send an indication to the UE device that the URL corresponds to a malicious URL.

Abstract: The invention relates to a method for a secure transmission of electronic data packets in a network comprising network components.

Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

Abstract: In a method for providing provisioning information, a central data processing system receives from a transaction data processing system, an encrypted user datum associated with a client user of the transaction data processing system; receives from at least one of a plurality of account administrator data processing systems, a response comprising a notification that a user account administrated by that account administrator data processing system is associated with the client user; receives an account administrator selection message including identification of a user-selected account administrator from an account administrator list; transmits to the account administrator data processing system associated with the user-selected account administrator, a provisioning request for client user account provisioning information; receives from the account administrator data processing system associated with the user-selected account administrator, the client user account provisioning information; and transmits to the t

Abstract: An approach is disclosed on a blockchain platform for authenticating clients. A public and private key is created at a client device. The private key into is split two or more parts. The split private key part is split into to two or more client devices including a first client device and a remaining client devices. Signing to authenticate a challenge to login using a partial key part occurs at the first client device. The challenge is sent to the remaining client devices wherein the remaining client devices that sequentially sign using short range wireless network connection and respond back to the challenge to login without a password.

Abstract: This invention provides a method and system for secure messaging on a mobile network, leveraging public/private key encryption. The method includes steps for deploying a trusted application by a mobile carrier on a device with a Trusted Execution Environment (TEE). A wireless Software Development Kit (SDK) on the subscriber device interacts with the trusted application and a wireless original equipment manufacturer (OEM) cloud service for mutual attestation, confirming the identity and trustworthiness of the device. A pair of public and private keys are generated, with the private key secured on the device. Messages are encrypted with the public key at a cloud messaging application, and decrypted with the private key at the device, enabling secure, viewable messages. The system can support secure transmission of one-time-passwords (OTPs) from an enterprise application, as well as encrypted chat functionality for device responses to the enterprise application.

Abstract: The present disclosure relates to a device for supporting Input/Output (I/O) channel protection. The device maintains one or more channel protection enclaves (CPEs), wherein each CPE is associated with a different I/O channel, wherein each I/O channel is associated with a different address space of a memory, and wherein each CPE is allocated verification information comprising the address space associated with its associated I/O channel. The device further receives a transaction on a given I/O channel, the transaction comprising access information including one or more target addresses. Moreover, the device determines a correlation of the transaction's access information and the verification information of the CPE associated with the given I/O channel, and allows or aborts execution of the transaction, based on whether the determined correlation meets a predefined criterion.

Abstract: Apparatus and methods for integrating data from multiple computer-based communication platforms and dynamically adjusting search results for search queries received from each of the computer-based communication platforms in response to unique security settings is provided. The methods may include a system. The system may include a centralized database for receive indicators of concern (“IOCs”) from the communication platforms and tag each IOC with an identifier associated with a communication platform from which the IOC was received. The system may also include an API for modifying search queries received from the communication platforms and applying the modified search queries to the centralized database. The system may further include a dynamic filter for dynamically adjusting search results based at least in part on an originator of a search query.

Abstract: In some examples, an electronic device includes a component comprising information, a secure storage, and a controller to generate a digital signature based on the information of the component, and detect a modification of the component based on the digital signature. The controller can also detect a receipt of an invalid credential, and log, to the secure storage, an indication of the modification of the component and an indication of the receipt of the invalid credential.

Abstract: The present disclosure provides a system for generation and verification of signatures via user specific tokens. This system allows a user to create a token to include with or use instead of a signature, with the token generally called a “Signature Token.” The Signature Token may be a numeric token, alphanumeric token, or other appropriate character set. The system may additionally determine or assign a signature level to a signature token based on the user device information, signature information, or some combination thereof. A Signature Token can be verified by a third party, thereby authenticating the user's signature. The system provides easy access for the creation of signature tokens and verifying the tokens.

Abstract: A nonce is sent to a user communication device. Obfuscated biometric data is received from the user communication device. The obfuscated biometric data is generated by an obfuscation process that uses the nonce and first biometric data. The first biometric data is generated from a biometric of a user at the user communication device. For example, the first biometric data may be biometric data from a fingerprint scan. The obfuscation process is reversed by using the first nonce to produce the first biometric data. The first biometric data is compared to known biometric data of the user. In response to the first biometric data being within a threshold of the known biometric data, the user is authenticated.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: A Third Generation Partnership Project (3GPP) based network, such as an enterprise private 3GPP network, is operative to provide a guest onboarding of a device using a realm-based discovery of an identity provider and a mutual authentication of identity federation peers. A secure connection may be established between the peers so that the device may be authenticated based on credentials associated with a Subscriber Identity Module (SIM) provided by its Mobile Network Operator (MNO). Credentials may be extended to those associated with embedded SIMs (eSIMs), digital certificates from private enterprises, login and passwords, and identities from a wide range of identity providers. After device authentication, the 3GPP-based network is operative to select and enforce access policies according to an identity or other attribute of the device.

Abstract: The present invention relates to a method and system for monitoring webpages for detecting malicious contents. According to a preferred embodiment the method comprises A) providing a plurality of URLs provided by a subscriber, employing a crawler to visit a URL webpage of said plurality of URLs; B) retrieving an object from said URL webpage by said crawler; C) analyzing said object retrieved by said crawler from said URL webpage, and determining whether said object retrieved is malicious or not; and D) alerting the subscriber, when said retrieved object is deemed malicious. According to one embodiment, the method further comprises E) employing a crawler to visit a URL webpage of a following URL of the plurality of URLs, when the determination of step C) is deemed not malicious; and F) returning to step B).

Abstract: The invention relates to the domain of biometric based identity authentication of an individual. In particular, the invention provides methods, systems and computer program products for convenient and secure biometric authentication of a user of a service, at a point-of-service. The invention relies on network interactions between a user communication device, a point-of-service terminal and a service-access-control system.

Abstract: Examples disclosed herein relate to source entities of security indicators. Some examples disclosed herein enable identifying, in a security information sharing platform, a security indicator that is originated from a source entity where the security indicator comprises an observable. Some examples further enable determining a reliability level of the source entity based on at least one of: security events, sightings of the observable, a first set of user feedback information that is submitted for the security indicator by users of the security information sharing platform, or a second set of user feedback information that is collected from external resources that are external to the security information sharing platform.

Abstract: An example system places control and choice of managing the usage of private data into the hands of the users themselves. In some examples, the disclosed data privacy management system allows users to select preferences on how their private data is used by the business, both internally and externally. For example, the system may present users with one or more selectable options regarding how the user's private data is used. The system may then use the user's data for purposes that are in line with the user's selected preferences.

Abstract: Embodiments of a cyberattack monitoring system are disclosed to identify successful attacks on a service based on benign activities of the attacker performed after the initial attack attempt. In embodiments, the system identifies the initial attack by matching client actions to known attack patterns. Clients observed with attempted attacks are remembered as suspected attackers. The system will then monitor subsequent actions of suspected attackers for signs that the initial attack attempt was successful. In embodiments, a successful attack is recognized when the system observes one or more subsequent benign actions by the suspected attacker. In embodiments, the presence of follow-on benign actions is used as a filter to filter out unsuccessful attacks and false positives detected by the system. The filtering enables the system to better focus system resources and human attention on a small set of client activities that are likely successful attacks.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: A method for managing the use of the functions of a watch including a step of authenticating the wearer of the watch in order to authorize access to the functions, and a step of controlling the identity of the wearer of the watch at a determined period by verifying the validity of a digital identification element determined from at least one biometric information element of the wearer, and a step of unlocking access to the functions of the watch when this access has been locked, the step including the following sub steps: presentation of a graphic representation on an interface for broadcasting a visual piece of information of the watch; selection within a limited time interval of a sequence of at least two identification portions comprised in the graphic representation aiming at identifying the wearer, the sequence corresponding to an identification code of the wearer, and validation of the selected sequence.