Abstract: A system may receive first level authentication data from a first user, authorize first level access to a secure device, and transmit a push notification including a second factor authentication key to a first user device responsive to first factor authentication data matching stored authentication data for the first user. The system may receive a wireless communication from the first user device attenuated by one or more beam attenuating materials to form a first attenuated beam profile. In response to a match of the first attenuated beam profile to a stored beam profile beyond a predetermined threshold, the system may associate the second factor authentication key as an authorized login credential for the first user. The system may receive the second factor authentication key from the first user and authorize the second factor authentication data to grant the first user second level access to the secure device.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: Row-level security (RLS) may provide fine-grained access control based on flexible, user-defined access policies to databases, tables, objects, and other data structures. A RLS policy may be an entity or object that defines rules for row access. A RLS policy may be decoupled or independent from any specific table. This allows more robust and flexible control. A RLS policy may then be attached to one or more tables. The RLS policy may include a Boolean-valued expression.

Abstract: Systems and methods providing authentication in a microservice system. In some embodiments, the method comprises receiving, from the user interface application, a user interface response corresponding to the user interface request; and sending the user interface response to the client computer. Some embodiments comprise when no cache entry corresponding to the user interface session token is present in the user interface session cache, directing the user interface request to a login service. Some embodiments comprise when the login service receives valid login credentials from the client computer, sending a new user interface session token to the client computer. Some embodiments comprise invalidating the cache entries in the user interface session cache according to a cache expiry policy; and determining whether the cache entry corresponding to the particular user interface session token is valid. In some embodiments, the user interface request session token consists of a single value.

Abstract: Various embodiments of the present application set forth a computer-implemented method for accessing data comprising determining a manifest associated with a given user of an application, where the manifest identifies one or more assets that are accessible by the given user, for each of the one or more assets, one of a plurality of endpoint stores that stores data associated with the asset, and for each of the one or more assets, one of the plurality of endpoint stores that stores metadata associated with the asset, generating, based on the manifest, a user namespace that includes a unique reference for each of the one or more assets, and presenting the user namespace to the user.

Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.

Abstract: The present disclosure relates to a method and system for enabling TOT security using a decentralized TOT security platform that leverages the advanced communication and blockchain security thread model to protect TOT eco-systems. The platform uses a multi-chain data schema including a device chain and an event chain. The multi-chain data schema uses a time-envelope mechanism to generate an event to connect different device chains and enforce a set of security rules through smart contracts. The method comprising receiving an encrypted block from TOT device with event data and verifying the device signature and identity based on certain rules within the device chain. Further, the method comprising determining access to event chain using previous token, current token and timestamp of the encrypted block and updating the event chain upon access determination. The event chain protects data integrity and confidentiality against malicious packets, unauthorized devices, weak encryption and man-in-the-middle attacks.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable media for determining a trust score associated with a user, comprising detecting entities near a user device operated by the user; calculating the trust score for the user based on a policy that incorporates data about the entities near the user device, the trust score being a score that is indicative of a trust worthiness of data received from the user device, wherein trusted entities near the user device result in an increased trust score, and untrusted entities near the user device result in a decreased trust score; and permitting access to a resource when the trust score is above a threshold.

Abstract: An authentication system is provided with: a first input unit and a second input unit into which authentication information can be input; a first computing unit which performs computation on the basis of the authentication information input into the first input unit and a communication counterpart-side authentication parameter registered in a communication counterpart; a second computing unit which performs computation on the basis of the authentication information input into the second input unit and a portable terminal-side authentication parameter registered in a portable terminal; and authentication units which, if the authentication information has been input into the first or the second input unit, perform authentication on the basis of the result of computation by corresponding computing unit and the portable terminal-side authentication parameter.

Abstract: A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.

Abstract: Methods and systems for starting a node without a default password are provided. Exemplary methods include: creating a node responsive to indicia received from a user; checking for an existing keystore in the node; when no existing keystore is in the node: generating a seed password for a predefined user of the node; non-persistently providing the seed password to the user; creating an encrypted keystore in the node; and storing the seed password in the encrypted keystore; and allowing access to the node using the built-in user and seed password.

Abstract: Aspects of the disclosure relate to authorizing an event by utilizing a high generation cellular network to authenticate a device associated with the event. A computing platform may receive, from a first device, a request to authorize an event. Subsequently, the computing platform may identify, based on an analysis of location data, that a second device is proximate to the first device. The computing platform may then prompt the second device to authenticate the first device. Then, the computing platform may receive, from the second device, an authentication token indicating whether the first device is authenticated. Based on the authentication token, the computing platform may respond to the request to authorize the event.

Abstract: Presented herein are techniques to facilitate delivering standalone non-public network (SNPN) credentials from an enterprise authentication server to a user equipment (UE) using an Extensible Authentication Protocol (EAP) process. In one example, a method may include determining, by an authentication server of an enterprise, that a UE for the enterprise is to receive credentials to enable the UE to connect to a SNPN of the enterprise in which the determining is performed based, at least in part, on connection of the UE to an access network that is different than the SNPN for the enterprise; and performing an authentication process with the UE by the authentication server in which the authentication process includes providing the credentials to the UE via a first authentication message and obtaining confirmation from the UE via a second authentication message that indicates successful provisioning of the credentials for the UE.

Abstract: System and method of detecting malicious interactions in a computer network, the method including generating, by a processor, at least one decoy segment, broadcasting, by the processor, the generated at least one decoy segment in a public database, monitoring, by the processor, communication within the computer network to identify interactions associated with the generated at least one decoy segment, determining, by the processor, at least one indicator of compromise (IOC) for the identified interactions, and blocking communication between the computer network and any computer associated with the determined at least one IOC.

Abstract: Disclosed are a security authentication method and an apparatus thereof, and an electronic device.

Abstract: An example computing platform is configured to detect a request on behalf of a given user, the request comprising a parameter of a given type; determine that the parameter requires a permission verification; apply to the request a verification status indicator that indicates whether or not a permission verification has been successfully performed for the given user with respect to the parameter; perform a permission verification for the given user with respect to the parameter; either (i) leave the verification status indicator set to a first value if the given user does not have permission to embed scripts into the given type of parameter, or (ii) update the verification status indicator from the first value to a second value if the given user has permission to embed scripts into the given type of parameter; and grant or deny the request based at least in part on the verification status indicator.

Abstract: An illustrative geolocation authentication system designates a movement feasibility corroboration factor as a location corroboration factor for the geolocation authentication system to authenticate geolocations of mobile devices. Based on the designating of the movement feasibility corroboration factor, the geolocation authentication system determines a first reported geolocation of a mobile device associated with a first time and a second reported geolocation of the mobile device associated with a second time. Given that the mobile device is located at a true geolocation at the second time, the geolocation authentication system then determines, based on the first and second reported geolocations of the mobile device, a feasibility metric indicative of a likelihood that the second reported geolocation of the mobile device is the true geolocation at the second time. Corresponding methods and systems are also disclosed.

Abstract: A biometric token is generated for a user and provided to a user-operated device. A pre-staged transaction is defined by a user and the user supplies the token for association with the pre-staged transaction. Subsequently, a user visits a transaction terminal and a new candidate token is generated from biometric attributes of the user. The candidate token is matched to the token associated with pre-staged transaction to authenticate the user and the pre-staged transaction is processed at the transaction terminal as a completed transaction.

Abstract: The exemplary embodiments provide real-time data capture and processing which improves data processing performance and speed and facilitate passing of the processed data to various analytical sources, while maintaining superior data quality checks, particularly with respect to data elements associated with multiple data types. The proposed system and process can be used to continuously consume and listen to multiple events while mapping the events to appropriate schemas provided in a separate schema stream. The schema stream is provided once and cached to minimize bandwidth consumed by the transaction stream. The schema information is then further enriched with information from a metadata registry. The event data may then be compressed and aligned in memory tables based on the enriched schema. Once events are decoded and sorted into memory tables in accordance to the identified schema, each memory table can be processed in parallel.

Abstract: An apparatus for releasing received command data includes a processor unit with a code generator, a cryptography module, and a comparison module. The code generator generates a transaction code. The apparatus has a transmitting unit which provides the transaction code via an unsecured data connection, a receiving unit which receives an external authentication code and command data via the unsecured data connection, and a memory unit which stores data of a predefined private key. Also disclosed is a transmission apparatus for command data. The transmission apparatus has a basic receiving unit which receives the transaction code, an input unit which receives the command data, a basic memory unit which stores the data of the predefined private key, a basic processor unit which has a basic cryptography module, and a basic transmitting unit which provides the external authentication code and the command data via the unsecured data connection.