Abstract: A method including determining, by a virtual private network (VPN) server providing VPN services to one or more user devices, an average threshold level associated with an aggregate amount of VPN data communicated with a host device during a reference period; determining, by the VPN server, an observed average aggregate amount of VPN data communicated with the host device during an operation period; comparing, by the VPN server, the observed average aggregate amount with the average threshold level; and selectively transmitting, by the VPN server, a notification to the one or more devices indicating that the one or more user devices is to manage transmission of data from the one or more user devices based at least in part on a result of comparing the observed average aggregate amount with the average threshold level. Various other aspects are contemplated.

Abstract: A solution is proposed for controlling access to computing resources. A corresponding method comprises receiving and verifying an access request for accessing the computing resources by a secondary computing environment (isolated from the computing resources). A main computing environment (isolated from the secondary computing environment) detects an indication of a positive result of the verification of the access request; in response thereto, the main computing environment verifies an integrity condition of the secondary computing environment and then authorizes the secondary computing environment to access the computing resources accordingly. A computer program and a computer program product for performing the method are also proposed. Moreover, a system for implementing the method is proposed.

Abstract: A system has an evaluation server that includes at least one database storing a plurality of cybersecurity awareness evaluations, the database connected to the server, a plurality of clients connected to the server and configured to run at least one of the cybersecurity awareness evaluations for play by users on user devices, the users performing actions in the evaluation including offensive actions and defensive actions, and an evaluation dashboard including an interface configured to display scoring results of the cybersecurity awareness evaluations as determined by the server, the scoring results including a plurality of offensive component scores for at least one of the users, a plurality of defensive component scores for at least one of the users, at least one composite offensive score for at least one of the users and at least one composite defensive score for at least one of the users, the composite offensive score being determined based on a plurality of the component offensive scores and the composit

Abstract: Cooperative session orchestration includes devising a crypt for pre-distribution of tokens, distributing the tokens to member nodes of the network, based on a request from a delegate node of the network for brokerage of a session between the delegate node and a supplier node of the network, creating and sending, for each of a plurality of potential supplier nodes of the network, a respective individual puzzle, receiving, from each of one or more potential supplier nodes of the plurality of potential supplier nodes, a respective result obtained by the potential supplier node from solving the individual puzzle using the token distributed to the potential supplier, identifying, based on the receiving, candidate supplier node(s) of the one or more potential supplier nodes as a potential supplier for the session with the delegate node, and identifying to the delegate node the candidate supplier node(s) for the session with the delegate node.

Abstract: A network interface device comprises a first area of trust comprising a first part of the network interface device, the first part comprising one or more first kernels. A second area of trust comprising a second part of the network interface device different to said first part is provided, the second part comprising one or more second kernels. A communication link is provided between the first area of trust and the second area of trust. At least one of the first and second areas of trust is provided with isolation circuitry configured to control which data which is passed to the other of the first and second areas via the communication link.

Abstract: A device includes a processor, a machine-readable memory, and an optical capture device coupled to the processor. The processor generates a unique identifier of an object in view of the capture device. The unique identifier includes encoded information to locate a region of interest on the object, and a digital fingerprint extracted from the region of interest, locally encoding intrinsic authentication data of the object in the unique identifier. A reverse process for identification and or authentication of an object may be implement by locating an identifier on an object, recovering encoded information from the identifier, using that information to locate a region of interest, digital fingerprinting the located region of interest, and comparing the digital fingerprint to the digital fingerprint encoded in the unique identifier to obtain and present a result, without reliance on any exogenous database.

Abstract: A system and method for improving network performance of DNS queries. The system includes a terminal which receives DNS queries from a customer premise equipment (CPE), and supplies matching DNS records in response to the queries. The terminal monitors all traffic from the CPE and generates a preload list containing domains and a time schedule at which name resolution should be requested for the domains. A DNS preload client in the CPE receives the preload list from the terminal, and submits preload DNS queries for name resolution of domains contained in the preload list at times specified in the time schedule. Preload records supplied in response to the preload DNS queries are stored by the CPE and used to resolve DNS queries from applications installed on the CPE.

Abstract: A server may include at least one server processor configured to execute an application. A desktop virtualization system may include at least one desktop virtualization processor. The desktop virtualization processor may be configured to instantiate a virtual desktop; authenticate a user of a client device; in response to authenticating the user of the client device, place the client device in communication with the virtual desktop through at least one network; launch a secure browser in the virtual desktop; and using the secure browser, place the client device in communication with the server through the at least one network. The application may be configured to perform processing in response to at least one command from the client device sent through the secure browser of the virtual desktop.

Abstract: Devices, systems, and methods with behavioral one-time-passcode (OTP) generation. In one example, a server includes a memory and an electronic processor communicatively connected to the memory. The memory includes a behavioral one-time-passcode (OTP) program and a user profile repository. The electronic processor, when executing the behavioral OTP program, is configured to receive a one-time-passcode (OTP) request, generate a behavioral one-time-passcode (OTP) based on a user profile stored in the user profile repository in response to receiving the OTP request, and output the behavioral OTP that is generated.

Abstract: Disclosed are systems and methods for managing online identity authentication risk in a nuanced identity system. For example, a method may include receiving a request by a user for a transaction on an electronic platform; determining a risk associated with the requested transaction; determining a current level of assurance associated with the user on the electronic platform; determining that the risk exceeds the current level of assurance; adjusting the current level of assurance such that the adjusted level of assurance exceeds the risk; and executing the requested transaction on the electronic platform after adjusting the current level of assurance.

Abstract: Provided are methods and systems for performing a secure machine learning analysis over an instance of data. An example method includes acquiring, by a client, a homomorphic encryption scheme, and at least one machine learning model data structure. The method further includes generating, using the encryption scheme, at least one homomorphically encrypted data structure, and sending the encrypted data structure to at least one server. The method includes executing a machine learning model, by the at least one server based on the encrypted data structure to obtain an encrypted result. The method further includes sending, by the server, the encrypted result to the client where the encrypted result is decrypted. The machine learning model includes neural networks and decision trees.

Abstract: A modular biometric station system is used to form one or more modular biometric stations with cohesive form factors. Such biometric stations include a core unit, one or more end caps, and one or more modules. The modules may be configured to communicably and electrically couple to one or more of the end caps. The end caps may be configured to communicably and electrically couple to the core unit and/or one or more of the modules and may communicably and electrically couple one or more of the modules to the core unit. The core unit, end caps, and/or the modules may be able to communicably interact when coupled together. The core unit, end caps, and modules may all share a form factor. The core unit may include hardware and/or software that satisfies common requirements, and the modules may include peripherals and/or other components that can be coupled to the core unit to adapt the modular biometric station to a variety of different needs of different applications.

Abstract: Blockchain-controlled and location-validated locking systems and methods are described. A method includes maintaining state information for a lock, where the first state of the lock corresponds to an open state and the second to a locked state. The method further includes receiving a current location of a device associated with a person, authorized to change a state of the lock, attempting to change a state of the lock and a current location of the lock. The method further includes receiving a digital signature from the device. The method further includes automatically transmitting a control signal to the lock to change the state of the lock only when the current location of the person is determined to be the same as the current location of the lock and a valid proof of work is performed by a miner associated with a blockchain configured to manage transactions corresponding to the lock.

Abstract: Provided are embodiments of systems, devices and methods for multi-factor identity verification, which may include utilization of automated picture ID to Selfie matching, cross-reference address information, biometrics and geo-location information and unique smartphone device identifiers, especially in the context of healthcare industry.

Abstract: A method of providing at least one communications service provider a connection to an Internet Protocol, IP, server in a perimeter network, the IP server providing a service over a public IP network, the method comprising the steps of detecting, in the perimeter network, an irregularity in IP traffic arriving at the perimeter network over the public IP network, disregarding, in the perimeter network, IP traffic arriving at the perimeter network over the public IP network, and enabling, in the perimeter network, a connection between the IP server and the at least one communications service provider for the service provided by the IP server over at least one private IP network.

Abstract: A method including configuring a virtual private network (VPN) server, having established VPN connections with one or more user devices, aggregate amounts of VPN data communicated with a host device; configuring the VPN server to determine difference amounts indicating differences in the aggregate amounts of VPN data; configuring the VPN server to determine average aggregate amounts of VPN data; configuring the VPN server to determine a largest average aggregate amount, from among the average aggregate amounts, as an average threshold level; and configuring the VPN server to selectively transmit a notification to the one or more devices indicating that the one or more user devices is to manage transmission of data from the one or more user devices based at least in part on a result of comparing the average threshold level with an observed average aggregate amount. Various other aspects are contemplated.

Abstract: A method including receiving, by a device from a virtual private network (VPN) server, a notification indicating that the device is to manage transmission of data from the device to the VPN server, the notification being received based at least in part on a determination that an observed average aggregate amount of VPN data communicated with a host device satisfies an average threshold level associated with an aggregate amount of VPN data communicated with the host device; and managing, by the device, transmission of the data from the device to the VPN server based at least in part on receiving the notification. Various other aspects are contemplated.

Abstract: Multi-RAT UEs currently have 2 independent paths to authenticate with HSS (e.g., via the MME or the 3GPP AAA Server causing repeated authentication messages to HSS). The use of one unified authentication path between the UE and HSS for Small Cell and Wi-Fi authentication is described. First, a new 3GPP EPC-TWAN interworking architecture has the MME manage all the authentication requests from multi-RAT UEs. Second, new unified authentication procedures are added, which allow the ISWN-based multi-RAT UE to be authenticated directly with the HSS, irrespective of its current access network (TWAN or HeNB). Third, new fast re-authentication procedures for Inter-RAT handover scenarios are done. Finally, the needed extensions to the various standard protocol messages to execute the authentication procedures are described.

Abstract: Mutual authentication techniques are described in this patent document. For example, when a first person calls a second person, neither of them know that the other person is who he or she says he or she is. Thus, after a second person receives the call, the second person is asked to authenticate himself or herself using a user device. After the second person logs into his or her account, the second person can input on the user device a one-time passcode to authenticate the first person. The user device sends the passcode to an authentication server that allows the first person to send back the inputted one-time passcode to the second person. Upon receiving the inputted one-time passcode, the second person can use his or her user device to indicate that the one-time passcode is correct so that the second person can be authenticated to access the first person's account.

Abstract: The present invention relates to a biometric-based identity authentication method and system.