Abstract: A networked infrastructure is described that includes a set of programmed computing nodes, each node being configured with a processor and non-transitory computer readable media including computer-executable instructions that, when executed by the processor, facilitate a social security number registry server carrying out a method that provides an individual with the ability to remotely approve or disapprove, in real-time, the use of his/her social security number (SSN) by a relying party server.

Abstract: An industrial control system module and methods are described for self-destruction or the destruction and/or erasure of sensitive data within the industrial control system module upon an indication of an unauthorized module access event. In an implementation, a secure industrial control system module includes a circuit board including electrical circuitry; a sealed encasement that houses the circuit board, where the sealed encasement includes a housing having a first housing side and a second housing side, where the housing is configured to house the circuit board when the first housing side and the second housing side are coupled together; and a first sensor component integrated with the sealed encasement, where the first sensor component is communicably coupled to the circuit board and electrical circuitry and is configured to provide an indication of an unauthorized access event.

Abstract: A multi-user computing device, such a communal computing device like an interactive digital whiteboard, can execute single user aware (“SUA”) applications and multi-user aware (“MUA”) applications. Instances of SUA applications execute in the context of a single user. MUA applications can execute in the contexts of multiple authenticated users simultaneously. A multi-user aware OS platform authenticates and de-authenticates users of the multi-user computing device. The multi-user aware OS platform provides notifications to MUA applications when users are authenticated and de-authenticated. When a new user is authenticated, MUA applications begin executing in the context of the newly authenticated user and any other previously authenticated users. When users are de-authenticated, MUA applications stop executing in the context of the de-authenticated user but continue executing in the context of the remaining authenticated users of the multi-user computing device.

Abstract: A device, system, and method gives temporary control of a user device using location based grants. The method performed by a control server of a third party is performed when the user device is in a predetermined area. The method includes transmitting authentication data to the user device, the authentication data configured to authenticate the third party to the user device, the predetermined area being associated with the third party. The method includes receiving a request from the user device for command data, the command data configured to be executed on the user device to provide the third party with a limited control over the user device while the user device remains in the predetermined area. The method includes transmitting the command data to the user device.

Abstract: Systems and methods may be used for providing more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions selected, for example by a user. These systems and methods secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols. Some systems and methods may use a subset of a credential with the interspersed noise symbols.

Abstract: A network authentication system comprises user equipment (UE), a service network (SN) and a home network (HN). The HN generates an expected user response (XRES) based on an identifier of the UE and generate an indicator, and sends the part of XRES and the indicator to the SN. The SN receives the part of XRES and indicator, and receives a user response (RES) from the UE. The SN then compares the RES with the XRES base on the indicator, and sends a confirmation message to the HN when the comparison succeeds.

Abstract: Systems, methods, and computer-readable media for assurance of rules in a network. An example method can include creating a compliance requirement including a first endpoint group (EPG) selector, a second EPG selector, a traffic selector, and a communication operator, the first and second EPG selectors representing sets of EPGs and the communication operator defining a communication condition for traffic associated with the first and second EPG selectors and the traffic selector. The method can include creating, for each distinct pair of EPGs, a first respective data structure representing the distinct pair of EPGs, the communication operator, and the traffic selector; creating a second respective data structure representing a logical model of the network; determining whether the first respective data structure is contained in the second respective data structure to yield a containment check; and determining whether policies on the network comply with the compliance requirement based on the containment check.

Abstract: A method includes receiving, at an access point, an access request from a first device after an expiration of a first passcode. The access request is encrypted based on the first passcode. The method includes making a determination by the access point before an expiration of a usage time of a first passcode usage list that an identifier of the first device is included in the first passcode usage list. The method also includes, in response to making the determination, generating, at the access point, data representing a second passcode by encrypting the second passcode using the first passcode; and sending the data representing the second passcode from the access point to the first device.

Abstract: In an example of this disclosure, a method may include storing, by a first database server, first call session information in a data structure in a memory of the first database server. The first call session information may correspond to a unique identifier that corresponds to a caller. The method may include replicating the first call session information stored in the data structure in the memory of the first database server to a data structure in a memory of a second database server.

Abstract: A user account access management system includes a computing platform having a hardware processor and a system memory storing a user account access software code. The hardware processor executes the user account access software code to receive, from a first user device, a secondary account profile data for generating a secondary account associated with a primary user account registered with a web based service, and to receive, from a second user device, a sign up request for using the web based service. The hardware processor further executes the user account access software code to transmit an authentication token to one of the first user device and the second user device, receive the authentication token from the other of the first user device and the second user device, and link the secondary account with the second user device based on receiving the authentication code.

Abstract: A technique for managing a right of access to a service for a communicating device. A security element of the device authenticates a security element of an electrical power supply module subsequent to a detection of a start of distribution of electrical energy to the device so as to power it electrically. These security elements are then associated. The security element of the power supply module then configures the security element of the device, the latter having, once configured, a right of access to a valid service allowing it to access the service and this right of access remaining valid as long as the device is powered by this electrical power supply module.

Abstract: An information processing apparatus for use by a plurality of users is provided. The information processing apparatus includes a memory; and a processor coupled to the memory and configured to authenticate logins of the plurality of users, register, on a list of participants, the plurality of users whose logins have been authenticated, perform recognition of each of the plurality of users registered on the list of participants, and restrict access to a resource owned by a given user while keeping the given user registered on the list of participants, in response to determining that the given user satisfies a predetermined condition based on a result of the recognition.

Abstract: Methods and systems for starting a node without a default password are provided. Exemplary methods include: creating a node responsive to indicia received from a user; checking for an existing keystore in the node; when no existing keystore is in the node: generating a seed password for a predefined user of the node; non-persistently providing the seed password to the user; creating an encrypted keystore in the node; and storing the seed password in the encrypted keystore; and allowing access to the node using the built-in user and seed password.

Abstract: An electronic apparatus is provided. The electronic apparatus according to an exemplary embodiment includes a communicator, a storage, a display, and a processor configured to: based on a connection request signal being received from a user terminal device through the communicator, control to store in the storage a first image output through the display, based on a second image being received from the user terminal device through the communicator, identify a first object included in the stored first image that is same as second object included in the received second image, and based on a determination that a first feature of the first object is same as a second feature of the second object, control the communicator to transmit authentication information corresponding to the connection request signal to the user terminal device.

Abstract: Embodiments of the present disclosure relate to systems and methods for capturing information. In addition, embodiments of the present disclosure relate to solutions for capturing information using a web browser extension. Embodiments of the present disclosure further relate to securely transmitting captured information to a server for association with an application or form being completed by an individual.

Abstract: Centralized monitoring of plural file systems that operate within or in association with an enterprise computing environment is provided. Each of the plural file systems are provided with a security policy, wherein the security policy defines one or more file system access activities to be monitored at the file system. Each file system is instrumented with a software agent that intercepts the relevant file system access activity. A centralized collector component is operative to receive from each of the plural file systems audit trail data, wherein the audit trail data is data that has been generated locally as file system access activity is intercepted at the file system by the local software agent in accordance with the applicable security policy. The collector applies the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, takes a given action.

Abstract: An exemplary geolocation authentication system receives user input representative of customized authentication settings that designate a location corroboration factor from a plurality of location corroboration factors that correspond to independent ways of determining geolocations of mobile devices. The system receives, from a mobile device located at a true geolocation, a reported geolocation of the mobile device. Then, in response to the receiving of the reported geolocation, the system accesses a datapoint that characterizes a correlation between the reported geolocation of the mobile device and the true geolocation of the mobile device. The datapoint characterizes the correlation based on the location corroboration factor designated by the customized authentication settings. The system further determines, based on the datapoint, a custom confidence metric representative of a likelihood that the reported geolocation is the true geolocation. Corresponding methods and systems are also disclosed.

Abstract: In certain embodiments, resource allocation related to records may be facilitated by generating and using modified instances of such records. In some embodiments, a set of records associated with a user may be stored in a memory area, where each such record includes a record identifier. In response to obtaining one or more commands related to a resource transfer from a user device associated with the user, a new set of records associated with the user may be generated such that each record of the new set is (i) a modified instance of a corresponding record of the record set and (ii) includes a record identifier different from the record identifier of the corresponding record. In one use case, the new records and its data may then be utilized to perform operations related to the user commands. In another use case, the new records may replace its older corresponding records.

Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.

Abstract: The disclosure provides a method and an apparatus for acquiring an electronic file. The method for acquiring an electronic file includes: generating a first encryption key according to login information of a user of a terminal device at the time of logging in to a platform server and a first identifier corresponding to an information providing server that provides the electronic file; sending a first request message for acquiring the electronic file to the platform server; receiving the electronic file encrypted using a second encryption key and returned by the platform server according to the login information and the first request message; and generating a first decryption key according to the first encryption key, and decrypting, using the first decryption key, the electronic file encrypted using the second encryption key, so as to obtain the decrypted electronic file. By means of the disclosed embodiments, private information concerning a user in an electronic file is not leaked by a platform server.