Abstract: Systems and methods are provided in the field of online advertising and malicious software. In some embodiments, an apparatus for determining a degree of deceptiveness associated with a session presenting at least one online advertisement includes means for capturing electronic interactions among at least two entities involved in the session, the captured interactions including interaction-related properties and time, means for processing to filter a plurality of attributes for the one or more relations from the captured electronic interactions, each attribute defining a data type and corresponding data value, wherein the extraction is performed by integration with the two or more entities, apply one or more models to each of the one or more relations, and determine a degree of deceptiveness for each of the one or more relations based on the one or more applied models.

Abstract: A hub apparatus (20) is designated to be used in a video communication system comprising the hub apparatus (20) and a plurality of mobile terminals (10a-10d) configured to be wirelessly connectable to the hub apparatus (20).

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for identifying accounts having shared credentials. In some implementations, a content management system can collect user login context data when a user logs in to or accesses a user account of the content management system. For example, the content management system can collect client device data, client application data, internet protocol (IP) address data, and/or other data from the user's device when the user logs in to the user account. The content management system can analyze the login context data to determine patterns that indicate that the user account login credentials are being shared among multiple users.

Abstract: Disclosed herein are systems and methods executing a server that perform various processes for generating alerts containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Analyst computers may query and fetch alerts from a database, and then present the alerts to be addressed by an analyst according to the priority level of the respective alerts.

Abstract: A method for identifying a fraudulent phone number is provided. The method includes receiving a user report dataset indicating fraudulent activity corresponding to a phone number, and responsive to receiving the user report dataset, identifying a record in a database corresponding to the phone number. The method further includes tagging the record to identify the phone number as being associated with fraudulent activity.

Abstract: Systems, methods, devices, and computer readable media related to fraud detection. Fraud detection is achieved using a flexible scripting language and syntax that simplifies the generation of fraud detection rules. The rules are structured as conditional IF-THEN statements that include data objects referred to as Anchors and Add-Ons. The Anchors and Add-Ons used to generate the rules also correspond to a distinct data path for the retrieval data from any of a variety of data sources. The generated rules with distinct data paths are then converted using a transpiler from the scripting language into native language source code (e.g., PHP, Java, etc.) for deployment in a particular environment. The rules are then executed in real-time in the environment to detect potential fraudulent activity.

Abstract: Embodiments described herein provide for passive caller verification and/or passive fraud risk assessments for calls to customer call centers. Systems and methods may be used in real time as a call is coming into a call center. An analytics server of an analytics service looks at the purported Caller ID of the call, as well as the unaltered carrier metadata, which the analytics server then uses to generate or retrieve one or more probability scores using one or more lookup tables and/or a machine-learning model. A probability score indicates the likelihood that information derived using the Caller ID information has occurred or should occur given the carrier metadata received with the inbound call. The one or more probability scores be used to generate a risk score for the current call that indicates the probability of the call being valid (e.g., originated from a verified caller or calling device, non-fraudulent).

Abstract: Systems and methods are disclosed for identifying human users on a network.

Abstract: A method may include determining that a digit pattern has been input on a user device to initiate a call; transmitting the digit pattern to a device that stores a list of digit patterns to which calls are not to be completed; receiving, from the device, data that indicates whether the digit pattern is on the list of digit patterns; prohibiting the call from being initiated with a network when the data indicates that the digit pattern is on the list of digit patterns; and initiating the call with the network when the data indicates that the digit pattern is not on the list of digit patterns.

Abstract: A method, computer program product, and computing system for receiving input information concerning a conversation between a caller and a recipient; processing the input information to assess a fraud-threat-level; defining a targeted response based, at least in part, upon the fraud-threat-level assessed, wherein the targeted response is intended to refine the assessed fraud-threat-level; and effectuating the targeted response.

Abstract: Novel tools and techniques are provided for implementing web-based monitoring and detection of fraudulent or unauthorized use of voice calling service. In various embodiments, a computing system might receive, from a user device associated with an originating party, a request to initiate a call session with a destination party, the request comprising user information associated with the originating party and a destination number associated with the destination party; might query a database with session data (including user information) to access permission data and configuration data; and might configure fraud logic using received configuration data from the database. The computing system might analyze the session data and permission data using the configured fraud logic to determine whether the originating party is permitted to establish the requested call session with the destination party; if so, might initiate one or more first actions; and, if not, might initiate one or more second actions.

Abstract: A method, executed by a processor, is used to determine presence of a viewer at a media device. The method includes receiving viewer biometric data captured by a biometric capture device associated with the media device; determining a category of the viewer based on the captured viewer biometric data; comparing the captured viewer biometric data to a reference to determine a possible identity of the viewer, by: determining a presence probability for the viewer based on a match between the biometric data and the reference, and determining a confidence level for the probability; and when the probability and confidence level equal or exceed a threshold, determining the viewer is present at the media device.

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract: Novel tools and techniques are provided for implementing monitoring and detection of fraudulent or unauthorized use in telephone conferencing systems or voice networks. In various embodiments, a computing system might monitor call activity through telephone conferencing system or voice network. In response to detecting use of the telephone conferencing system or voice network by at least one party based on the monitored call activity, the computing system might identify incoming and/or outgoing associated with a call initiated by the at least one party. The computing system might analyze the identified incoming and/or outgoing call data to determine whether the call initiated by the at least one party constitutes at least one of fraudulent use or unauthorized use of the telephone conferencing system or voice network. If so, the computing system might initiate one or more first actions.

Abstract: One example method of operation may include collecting call metric data over a predefined period of time for identified calls, querying the call metric data to identify whether one or more call filtering criteria parameters require changes, determining one or more call filtering criteria parameters require changes based on a deviation from one or more expected call metric data values included in the call metric data, modifying one or more of the call filtering criteria parameters, and updating an active call scam model stored on a call processing server based on the one or more call filtering parameters.

Abstract: A hub apparatus (20) is designated to be used in a video communication system comprising the hub apparatus (20) and a plurality of mobile terminals (10a-10d) configured to be wirelessly connectable to the hub apparatus (20).

Abstract: In one embodiment, a network assurance system that monitors a network forms a cluster of similarly behaving wireless access points (APs). The cluster includes APs associated with different software versions. The network assurance system trains a machine learning-based failure prediction model for the cluster based on a set of features of the APs in the cluster. The network assurance system proactively triggers a client in the network to roam from a first AP to a second AP, based on the failure prediction model predicting a failure of the first AP. The network assurance system quarantines the failure prediction model when a new software version is associated with one or more of the APs.

Abstract: A method of adapting customer care handling automated workflows. The method comprises creating records of calls by a subscriber to a customer care handling system, analyzing the records of calls by a customer care handling adaptation application, comparing by the application a frequency of calls to customer care and a frequency of account credits granted to the subscriber to a correlation threshold, where the correlation threshold is randomly varied within predefined correlation values, tagging the wireless communication service account of the subscriber by the application as manipulative of customer care, receiving a call from the subscriber to the customer care handling system, determining by the customer care handling system that the subscriber is tagged as manipulative of customer care, and adapting the handling automated workflow for the subscriber by the customer care handling system based on the determination that the subscriber is tagged as manipulative of customer care.

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract: Disclosed herein are systems and methods executing a server that perform various processes for generating alerts containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Analyst computers may query and fetch alerts from a database, and then present the alerts to be addressed by an analyst according to the priority level of the respective alerts.

Abstract: Techniques for authenticating pending communication sessions between user devices are disclosed herein. In an example, a data store performs operations to: store device authentication information for an initiating device specific to a pending communication session between the initiating device and a receiving device, wherein the first authentication information comprises at least a timestamp and identifier for the initiating device; store second authentication information from a service provider of the initiating device; provide the second authentication information to a service provider of the receiving device to authenticate the pending communication session prior to routing the pending communication to the receiving device; and provide the first authentication information to the receiving device to verify authenticity of the pending communication session.

Abstract: One embodiment provides a method comprising intercepting an incoming communication for a user, and determining whether to classify the incoming communication as a suspicious incoming communication based on content of the incoming communication and a learned classification model or learned signatures. The method further comprises monitoring one or more outgoing communications from the user, and invoking an action relating to scam prevention in response to determining an outgoing communication from the user is linked to a suspicious incoming communication.

Abstract: One example method of operation may include extracting a calling device telephone number from a received call message, querying a verification table for the calling device telephone number, identifying the calling device telephone number and a corresponding service provider network identifier from the verification table, querying a mapping table for the service provider network identifier, and identifying whether a match between the service provider network identifier and a service provider code exists as an entry in the mapping table.

Abstract: A method of reading machine-readable labels on sample receptacles held by a sample rack. In the method, an absolute position of the sample rack is measured as the sample rack moves between first and second positions in a housing. During movement between the first and second positions, an image is acquired of a machine-readable label associated with each sample receptacle held by the sample rack. The image of each machine-readable label is thereafter decoded.

Abstract: A computer system is described that is configured to enable customers of an organization to self-monitor account activity and modify account access settings via a contact center of the organization. The contact center control system is configured to provide an interactive call history associated with the customer's accounts with the organization. Using the call history, the customer may perform self-monitoring of calls into the contact center that access the customer's accounts, and notify the organization if any of the calls appear suspicious. The contact center control system is configured provide a user interface through which the customer may modify account access settings including changing which types of authentication methods are enabled to access the customer's accounts, and blocking account access by callers from certain phone numbers. The contact center control system may allow the customer to turn off all access to the customer's accounts via the contact center.

Abstract: A fraud analysis computing system is provided. The system includes a network interface configured to communicate data over a network and a processing circuit including one or more processors coupled to non-transitory memory. The processing circuit is configured to monitor incoming call data generated during an incoming call between a user and an incoming caller, detect a fraud trigger within the incoming call data, and complete a fraud interception activity in response to detection of the fraud trigger.

Abstract: Disclosed herein are systems and methods executing a security server that perform various processes using alert elements containing various data fields indicating threats of fraud or attempts to penetrate an enterprise network. Using alert elements, the security server generate integrated alerts that are associated with customers of the system and assign a risk score for the integrated alerts, which the security server uses to store and sort the integrated alerts according to a priority, based on the relative risk scores. Analyst computers may query and fetch integrated alerts from an integrate alert database, and then present the integrate alerts to be addressed by an analyst according to the priority level of the respective integrated alerts. This allows to ensure that the right customer, is worked by the right analyst, at the right time, to maximize fraud prevention and minimize customer impact.

Abstract: A system and method for monitoring a medical procedure performed in a clinical environment is provided. An audio recorder is configured to produce a verbal data signal that is representative of a verbal communication occurring in the clinical environment, and a data analyzer is configured to detect an adverse condition based upon the verbal data signal. An alert module is configured to alert an operator upon the detection of an adverse condition.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: A processing device in one embodiment comprises a processor coupled to a memory and is configured to obtain data characterizing a plurality of network sessions for a given user identifier. The network sessions are initiated from one or more user devices over at least one network and may comprise respective virtual private network (VPN) sessions. The processing device is further configured to extract features from the obtained data, to detect at least one potentially anomalous network session among the plurality of network sessions for the given user identifier by applying the extracted features to a support vector machine model, and to apply a rules-based verification process to the detected potentially anomalous network session in order to verify that the detected potentially anomalous network session is an anomalous network session. An alert is generated based on a result of the rules-based verification process and transmitted to a security agent.

Abstract: A predetermined event occurring on a client device is detected. The predetermined event can be in the form of a user-initiated action, an audio command, geolocation information, a breaking of a wireless connection, or exceeding a relative distance. The detection of the predetermined event triggers a switch of the current access mode of the client device to a more secure access mode. Access mode switches on other client devices may also be triggered. Additional actions may be executed on the client device and the other associated client devices to further secure these devices.

Abstract: A method and system are configured to assess a fee for communication facilitation. An electronic publication system includes a publication module configured to generate a user interface. The user interface includes search result information associated with a first entity and communication initiation information associated with the first entity. The communication initiation information includes identification information configured to identify a contact module of the first entity. The communication initiation information may be selectable to facilitate communication with the first entity. The publication system also includes a receiving module configured to receive a lead data record from a communication system for communication between the first entity and a second entity via the contact module. The publication system also includes a fee assessment module configured to receive the lead data record and to assess a fee to the first entity.

Abstract: A system and method for triggering on platform usage can include at a platform, receiving and storing a trigger configuration of an account; operating a platform comprising internally executing a process on behalf of an account and publishing at least one event when executing the process; at the platform, incrementing a counter in response to the at least one event and if the stored trigger configuration species a usage key associated with a category of counted events of the at least one event; monitoring counters in a context of an associated trigger; and processing the trigger upon the counter satisfying condition of an associated trigger.

Abstract: For mitigating potential fraud, a processor detects potential fraud in a communication from a caller through a communication device. The processor further generates a fraud alert in response to the potential fraud. In addition, the processor mitigates the potential fraud in response to a fraud policy being satisfied.

Abstract: A method and an apparatus for classifying a telephone dialing test audio based on AI is provided. Data of a telephone dialing test audio is acquired first, then the data of the telephone dialing test audio is processed via a preset classifier so as to obtain similarities among the data of the telephone dialing test audio and telephone types in the preset classifier, in which the preset classifier is a deep-learning model determined by historical data of telephone dialing test audios and their corresponding telephone types; finally, the telephone type corresponding to the telephone dialing test audio is determined according to the similarities. With the method and apparatus, the telephone dialing test audio is classified via machine learning to determine whether a user is a normal user, thus human costs is saved and an efficiency of dialing test is increased.

Abstract: Techniques are provided for performing automated operations to construct XML documents from source data based on user annotations of source data. A document received from a user includes source data and one or more annotations by the user regarding at least one subset of the source data. The received annotated document is parsed based on the user annotations. Parsing the received document includes generating data structures corresponding to the subsets of the source data based on the user annotations, and constructing a target XML document based on the generated data structures that includes information extracted from the annotated subsets of source data.

Abstract: Systems for reading machine-readable labels, for example, two-dimensional barcodes, include a housing, a reader configured to read the machine-readable labels on sample receptacles as a sample rack holding the sample receptacles move between a first position and a second position within the housing. The system includes a processing and control unit configured to decode a read image of the machine-readable labels on each sample receptacle, and configured to associate a decoded read images with the corresponding sample receptacles based on measured positions of the sample rack when the machine-readable label was read.

Abstract: An internal network can include a plurality of linked internal nodes, each internal node being configured to communicate with other internal nodes or with one or more external servers over an external network. The internal network can analyze the configuration of the internal nodes and the network traffic between internal nodes of the internal network and external servers. Based on the analysis, a network vulnerability score measuring the vulnerability of the internal network to attack can be determined. If the vulnerability score is below a threshold, the internal network can be isolated from the external network, for example by preventing internal nodes from communicating with or over the external network.

Abstract: Methods, program products, and systems for proactively securing mobile devices are described. A mobile device can proactively determine whether the mobile device is associated with a security risk and the level of the security risk. Upon determining a security risk, the mobile device can transmit coordinates of its current geographic location to a server. To protect privacy of authorized users, the transmission can be disabled by entering a password. If multiple failed password attempts are detected, the mobile device can proactively increase a security level of the device, and selectively protect files or other content stored on the mobile device. In some implementations, the mobile device can be transitioned into a surveillance mode where the mobile device records or captures information associated with one or more of user actions, ambient sound, images, a trajectory of the device, and transmits the recorded or captured information to the network resource.

Abstract: A system and method for monitoring telephone calls to detect fraudulent activity and take corrective action is described. The system receives a group of telephone calls having associated call characteristics and analyzes the group of telephone calls to identify and store a first set of distributions of call characteristics that are indicative of normal activity, fraudulent activity, or indeterminate activity. The system receives one or more subsequent telephone calls to be analyzed. The system analyzes the received one or more telephone calls to identify a second set of distributions of call characteristics associated with the received telephone call. The system then compares the second set of distributions of call characteristics to the stored first set of distributions of call characteristics to assess a probability that the one or more received telephone calls represents normal, fraudulent, or indeterminate activity.

Abstract: Embodiments of techniques or systems for fraud detection are provided herein. A communication may be received where the communication includes one or more voice signals from an individual. Frequency responses associated with these voice signals may be determined and analyzed and utilized to determine whether or not potential fraudulent activity is occurring. For example, if a frequency response is greater than a frequency threshold, potential fraudulent activity may be determined. Further, frequency responses may be cross referenced with voice biometrics, voice printing, or fraud pathway detection results. In this way, voice stress or frequency responses may be utilized to build other databases related to other types of fraud detection, thereby enhancing one or more aspects of fraud detection. For example, a database may include a voice library, a pathway library, or a frequency library which include characteristics associated with fraudulent activity, thereby facilitating identification of such activity.

Abstract: A system and method for fraud detection for a telephony platform based on an analysis of call detail records (CDRs) that are generated by the telephony platform. The analysis is based on collecting, organizing, transforming, analyzing, and quantifying the CDR data into a plurality of data analytics and data correlations and then applying fuzzy logic to the data analytics to generate a fraud risk rating for each incoming call into the platform.

Abstract: Embodiments of techniques or systems for fraud detection are provided herein. A communication may be received where the communication includes one or more voice signals from an individual. Frequency responses associated with these voice signals may be determined and analyzed and utilized to determine whether or not potential fraudulent activity is occurring. For example, if a frequency response is greater than a frequency threshold, potential fraudulent activity may be determined. Further, frequency responses may be cross referenced with voice biometrics, voice printing, or fraud pathway detection results. In this way, voice stress or frequency responses may be utilized to build other databases related to other types of fraud detection, thereby enhancing one or more aspects of fraud detection. For example, a database may include a voice library, a pathway library, or a frequency library which include characteristics associated with fraudulent activity, thereby facilitating identification of such activity.

Abstract: Embodiments of techniques or systems for fraud detection are provided herein. A communication may be received where the communication includes one or more voice signals from an individual. Frequency responses associated with these voice signals may be determined and analyzed and utilized to determine whether or not potential fraudulent activity is occurring. For example, if a frequency response is greater than a frequency threshold, potential fraudulent activity may be determined. Further, frequency responses may be cross referenced with voice biometrics, voice printing, or fraud pathway detection results. In this way, voice stress or frequency responses may be utilized to build other databases related to other types of fraud detection, thereby enhancing one or more aspects of fraud detection. For example, a database may include a voice library, a pathway library, or a frequency library which include characteristics associated with fraudulent activity, thereby facilitating identification of such activity.

Abstract: Various systems and methods for a collaborative phone reputation system are described herein. A system for implementing a collaborative phone reputation system includes a compute device comprising: a call handling module to detect, at the compute device, an incoming call for a user of the compute device; a scoring module to determine a local probabilistic score that the incoming call is desirable for the user; and an execution module to perform an action at the compute device based on the local probabilistic score.

Abstract: Methods and systems for providing a rating system that allow for customers to create a database of toll-free numbers that are abused by malicious consumers which may be cloud-based and allow for service providers to dip prior to completing or accepting calls.

Abstract: The present invention discloses a centralized, digital, computer-based telephone call management system for authenticating users of a telephone system in an institutional facility. The system includes the capacity to allow an institution to control, record, monitor, and bill and report usage and access to a telephone network. The telephone call management system further includes both accounting and management software for use in controlling, monitoring, billing, recording, and reporting usage and access. Also, it can operate over both a Public Switch Telephone Network (PSTN) and a Voice over Internet Protocol (VOIP) infrastructure.

Abstract: Embodiments of the present invention provide methods, computer program products, and systems for automatically generating a display to present different terms. Embodiments of the present invention can be used to identify a first and a second user using applications in a software as a service (SaaS) environment and store, for the first and the second user, a first term associated with the first user and a second term associated with the second user in the SaaS environment. Responsive to identifying the first term associated with the first user and the second term associated with the second user have functionally equivalent definitions, embodiments of the present invention can replace the second term associated with the second user with the first term associated with the first user and generate a display for the first term associated with the first user that replaced the second term associated with the second user.

Abstract: Disclosed is a secure telephone call management system for authenticating users of a telephone system in an institutional facility. Authentication of the users is accomplished by using a personal identification number, preferably in conjunction with speaker independent voice recognition and speaker dependent voice identification. When a user first enters the system, the user speaks his or her name which is used as a sample voice print. During each subsequent use of the system, the user is required to speak his or her name. Voice identification software is used to verify that the provided speech matches the sample voice print. The secure system includes accounting software to limit access based on funds in a user's account or other related limitations. Management software implements widespread or local changes to the system and can modify or set any number of user account parameters.

Abstract: A computer system access feed data belonging to a particular feed, and executes a dynamic server statement to create a relational dataset with data type fields from the feed data in an in-memory table of the server. The dynamic server statement is stored within metadata associated with the feed. The computer system also applies a second dynamic server statement to the data feed which applies one or more data processing conditions indicated in the metadata. The second dynamic server statement is also stored within the metadata associated with the feed. Upon determining that one or more feed data rows match the data processing conditions, the computer system places feed data row information about the matching data rows into an alert table that includes references to a regional blob table with blob data, thereby triggering an alert.