Abstract: A method including registering an authority device for an account on an auth platform; receiving transaction request from an initiator to the auth platform; messaging the authority device with the transaction request; receiving an authority agent response from the authority device to the auth platform; if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator; and if the authority agent response denies the transaction, communicating a denied transaction to the initiator.

Abstract: The disclosure provides a method and an apparatus for acquiring an electronic file. The method for acquiring an electronic file includes: generating a first encryption key according to login information of a user of a terminal device at the time of logging in to a platform server and a first identifier corresponding to an information providing server that provides the electronic file; sending a first request message for acquiring the electronic file to the platform server; receiving the electronic file encrypted using a second encryption key and returned by the platform server according to the login information and the first request message; and generating a first decryption key according to the first encryption key, and decrypting, using the first decryption key, the electronic file encrypted using the second encryption key, so as to obtain the decrypted electronic file. By means of the disclosed embodiments, private information concerning a user in an electronic file is not leaked by a platform server.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for modifying a prohibited list. The method includes one or more processors determining a trend in usage of a command based on an analysis of aggregated usage information of the command from a plurality of listening devices, wherein the determined trend indicates an amount of usage of the command over a period of time. The method further includes determining whether the determined trend in usage of the command deviates from a usage threshold for the command. The method further includes in response to determining that the determined trend in usage of the command does deviate from the usage threshold for the command, modifying a prohibited list based on an amount of deviation from the usage threshold usage of the command.

Abstract: Systems for managing multiple shared content objects using access tokens that cover the multiple shared content objects are disclosed. A method commences upon assigning the shared content objects to have individual permissions grantable to two or more users. A user configures a shareable unit to include attributes that describe a plurality of constituent shared content objects stored on one or more storage devices in the cloud-based storage system. An administrator or other user configures allow/deny access privileges to the shareable unit. Upon receiving a request from a user to access the shareable unit, a single access token is generated to provide access to the shared content objects that comprise the shareable unit. Ongoing access to the shareable unit is accomplished using the single access token, without the need to provision an access token or tokens pertaining to individual ones of the constituent shared content objects of the shareable unit.

Abstract: In particular embodiments, a consent conversion optimization system is configured to test two or more test consent interfaces against one another to determine which of the two or more consent interfaces results in a higher conversion percentage (e.g., to determine which of the two or more interfaces lead to a higher number of end users and/or data subjects providing a requested level of consent for the creation, storage and use or cookies by a particular website). The system may, for example, analyze end user interaction with each particular test consent interface to determine which of the two or more user interfaces: (1) result in a higher incidence of a desired level of provided consent; (2) are easier to use by the end users and/or data subjects (e.g., take less time to complete, require a fewer number of clicks, etc.); (3) etc.

Abstract: In an example, a non-transitory machine-readable medium has instructions, which, when executed by a processor of a machine, cause the machine to perform operations including: (i) receiving a plurality of network messages transmitted within a communication network, (ii) analyzing the network messages to determine network traffic information, and (iii) determining, based on the network traffic information, a current system context from among a plurality of system contexts. Each system context indicates a respective aggregate status of devices in the communication network. The operations also include (iv) selecting, based on the current system context, a set of filtering rules from among a plurality of sets of filtering rules, (v) applying the selected set of filtering rules to the network messages to determine a subset of network messages that are acceptable for the current system context, and (vi) forwarding each network message of the subset to a destination of the network message.

Abstract: An approach is disclosed that transmits a command from an initiating device, the command being directed to a target device and the initiating device is disconnected from the target device. The command is sent through any number of receiving devices to eventually be received by the target device with the other receiving devices being intermediate devices. The approach identifies a set of connectivity conduits between the receiving devices where at least one of the connectivity conduits is between one of the intermediate devices and the target device. The initiating device receives a confirmation from one of the intermediate device that the command was transmitted to the target device by the intermediate device.

Abstract: Credentialing systems, methods, and mediums. A method includes receiving, by a credentialing system, an access code and a device location from a mobile device. The device location indicates the current geographic location of the mobile device. The method includes comparing the received access code to a stored site code. The method includes, when the received access code matches a stored site code, determining whether the device location corresponds to a site location of a target system associated with the site code, and determining whether the access code is received during a valid access period associated with the site code. The method includes, when the received access code matches the stored site code, the device location corresponds to the site location, and the access code is received during the valid access period, then granting access for the mobile device to the target system.

Abstract: Security of computers, data storage devices, and servers can be improved with a multiple key access system. In some embodiments, a local key management device can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a computer or server system and can have a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The first secure area can store a key to access a second secure area, which may function as a local key management server (LKMS) and store access information to securely communicate with and unlock another data storage device coupled to the computer. For example, the LKMS may store an access key to provide the computer with access to another data storage device. Communications between the LKMS and the other data storage device may be encrypted using a communication key.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing blockchain data based on error correction code. One of the methods includes determining, by a blockchain node, block data associated with a current block of a blockchain; performing error correction coding of the block data to generate encoded data; dividing, based on one or more predetermined rules, the encoded data into a plurality of data sets; storing, based on the one or more predetermined rules, one or more data sets of the plurality of data sets; hashing each data set of remaining data sets of the plurality of data sets to generate one or more hash values corresponding to the remaining data sets; and storing the one or more hash values.

Abstract: The present disclosure involves systems and methods for identity authentication across multiple institutions using a trusted mobile device as a proxy for a user login. In one example, the operations include identifying a request to trust a particular user associated with a first entity in a digital ID network. A set of personally identifiable information (PII) associated with the user is obtained via the first entity and an identity verification (IDV)/fraud risk analysis is performed. In response to satisfying the analysis, instructions are transmitted to the user to verify the identity via a mobile trust application on an associated mobile device. Upon verification, the mobile device is bound to the user within the digital ID network along with a digital ID associated with the particular user. The digital ID can be used by other entities registered within the digital ID network to authenticate the user.

Abstract: A honeypot file is cryptographically secured with a cryptographic key. The key, or related key material, is then placed on a central keystore and the file is placed on a data store within the enterprise network. Unauthorized access to the honeypot file can then be detecting by monitoring use of the associated key material, which usefully facilitates detection of file access at any time when, and from any location where, cryptographic access to the file is initiated.

Abstract: In an approach to securing data using alternative value identification schemes, one or more computer processors receive user registration data, wherein the user registration data includes one or more authentication parameters, wherein the one or more authentication parameters includes one or more physical pressure-based inputs by a user. The one or more computer processors receive an access request requiring an authentication from the user, wherein the access request includes the one or more physical pressure-based inputs by the user associated with the one or more authentication parameters. The one or more computer processors determine whether the one or more authentication parameters match the user registration data. Responsive to determining that the authentication data matches the registration data, the one or more computer processors authenticate access for the user.

Abstract: A system and method for encrypting metadata in a communication system, including defining paths from a source node to a destination node through intermediate nodes and anchor nodes; dividing messages and sending a portion in each path by: dividing the path into sub-paths, where each two contiguous sub-paths are connected by an anchor node; calculating a secret value including a list of nodes of a first sub-path and an encrypted form of a remaining portion of the path; calculating a first random point on a linear line connecting a first metadata share of a symmetric key of the source node and a first intermediate node, and a metadata share including a second x-value of the symmetric key of the source node and the first intermediate node in the path and the secret value; and sending the portion together with the first random point to the first intermediate node.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.

Abstract: A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Abstract: Information stored in a Hypertext Transfer Protocol (HTTP) session is monitored. Based on the monitoring, authentication information in the information stored in the HTTP session is identified.

Abstract: A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.

Abstract: A biometric token is generated for a user and provided to a user-operated device. A pre-staged transaction is defined by a user and the user supplies the token for association with the pre-staged transaction. Subsequently, a user visits a transaction terminal and a new candidate token is generated from biometric attributes of the user. The candidate token is matched to the token associated with pre-staged transaction to authenticate the user and the pre-staged transaction is processed at the transaction terminal as a completed transaction.

Abstract: A data processing apparatus has processing circuitry for executing first software at a first privilege level and second software at a second privilege level higher than the first privilege level. Attributes may be set by the first and second software to indicate whether execution of the data access instruction can be interrupted. For a predetermined type of data access instruction for which the second attribute set by the second software specifies that the instruction can be interrupted, the instruction may be set as interruptable even if the first attribute set by the first software specifies that the execution of the instruction cannot be interrupted.