Abstract: After a host client establishes a multimedia stream with a guest client, host data is received from a host application. A state machine is updated using the host data. The host application executes on the host client. Guest data is received from a guest application. The state machine is updated using the guest data. The guest application executes on the guest client. Transaction data is propagated between the host application and the guest application. The transaction data is presented with the multimedia stream. The transaction data includes the host data and the guest data. Provider data is generated responsive to updating the state machine with the host data and the guest data. The provider data is sent to the guest client. The provider data is presented with the multimedia stream by the guest application on the guest client.

Abstract: A device configured to receive an access request for a website from an augmented reality device. The device is further configured to determine a user associated with the augmented reality device is authorized to access the website based on user credentials and to identify a user profile for the user associated with the user credentials. The device is further configured to identify information for flagged web pages that are associated with the website within the user profile and to generate a virtual environment with virtual objects that represent the flagged web pages. The device is further configured to provide access to the virtual environment for the augmented reality device.

Abstract: A system and method for connecting a processing device to a functional device connected to or in a base unit of a communications network, the base unit having a transmitter and the processing device having a memory, a display and an operating system. A first peripheral device is adapted to be coupled to the processing device via a generic communications protocol, the first peripheral device having a receiver and at least one fixed or configurable endpoint of the functional device exposed on the first peripheral device. The base unit and the first peripheral device is adapted to transmit and receive data respectively over the communications network from the functional device to the processing device via the at least one fixed or configurable endpoint using the generic communications protocol for communication between the processing device and the first peripheral device.

Abstract: Embodiments of the invention are directed to an automated account restoration system. In some embodiments, the system determines a state of an account based on a likelihood that the account has been compromised. If the account is determined to be in a low-risk state, then upon an successful login to that account, a verification cookie may be generated which is unique to a user device used to access the account. If the account is determined to be in a high-risk state, then system may prevent access to the account except by user devices that include a valid verification cookie.

Abstract: In some examples, a computing device may implement a method that includes receiving microservice profile information at a microservice profiler, performing lexical analysis of the microservice profile information (where the lexical analysis produces tokenized information), generating microservice modification information by performing machine learning analysis of one or more inputs (where the one or more inputs comprise the tokenized information), and outputting the microservice modification information from the microservice profiler. The microservice profile information describes one or more characteristics of a microservice. The lexical analysis is performed by a lexical analysis engine of the microservice profiler, and the machine learning analysis is performed by a machine learning system of the microservice profiler.

Abstract: A dual-mode mobile device and a method for coordinating calls for the dual-mode mobile device over a first and second connection within a controlled environment is disclosed. The method includes communications between a monitoring server and the dual-mode mobile device over the first connection while the dual-mode mobile device conducts the call over the second connection. The monitoring server transmits control messages to the dual-mode mobile device to control operations of the dual-mode mobile device and establishment of the call and also monitors operations of the dual-mode mobile device as well as the communications transmitted and received by the dual-mode mobile device during the call.

Abstract: Disclosed herein are system, method, and computer program product embodiments for categorizing customer complaints on social media using a model trained on customer voice calls or chats with agents. Additionally, users interested in monitoring regulatory compliance issues based on customer complaints can receive notifications regarding complaints that are linked to regulatory topic areas, without the need to manually scan vast numbers of social media postings.

Abstract: A method of coordinating engagement with a laundry appliance may include receiving one or more table conditions from an owner account for a notification table. The method may also include receiving a communication request from a remote user device of a guest user and recording a guest account to the notification table based on the received communication request. The method may still further include receiving a status signal from the laundry appliance and transmitting a notice signal to the guest account based on the status signal and the one or more table conditions.

Abstract: Embodiments are provided for a dropsite. In some embodiments, information is received on a creation location and a date and time of creation of a content item, and a determination is made if (i) the date and time of creation is within a predefined span of time, and (ii) the creation location is within a predefined geographical area to permit association of the content item with a shared folder whose inclusion criteria match said date and time and geographic location.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to provide authenticated and authorized communication, node protection, and prevention of a compromised node from contaminating other nodes.

Abstract: The present disclosure provides methods and devices for key management. In one example, a method of key management comprises: obtaining, at a user device, a number of users in a group of users and a minimum number of users for restoring a transaction key; randomly generating the transaction key; splitting the transaction key into a plurality of sub-keys, the number of sub-keys being the same as the number of users; and sending the plurality of sub-keys to a management device, each of the plurality of sub-keys being encrypted with a public key of a user corresponding to a sub-key.

Abstract: There are provided systems and methods for a computational platform using machine learning for integration data sharing platforms. A user may engage in a transaction with another user, such as a purchase of goods, services, or other items from a merchant. A service provider may provide a data feed to the user via integrated computational platforms that allows the user to post data including information regarding the processed transaction. The post may include a share code that links back to the user and their corresponding transaction. Thereafter, the post may be viewed by other users and the share code may be used by the other users in order to perform similar transaction processing, where these later transactions are linked back to the original user. Tracking of these later transactions may be done through application extensions that allow the computational platforms to track user data over different online interactions.

Abstract: Techniques, methods and/or apparatuses are disclosed that enable passive scanning of a network. Through the disclosed techniques, methods and/or apparatuses, endpoint passive scanners are deployed at endpoints of the network to provide more comprehensive view of assets and asset information of the network. Also, this can enable better correlation of network data to location, and also enable improved vulnerability analysis for endpoint products.

Abstract: There is provided an authentication system for validating identity credentials of a user attempting to access a resource provided by a remote resource provision system. The authentication system includes an input configured to receive, from the resource provision system, an authentication request comprising a cryptographic representation of digital identity data of the user and an associated token identifier, where the digital identity data comprises at least one image of an identity credential of the user. The system also includes a processor configured to: determine a pre-stored cryptographic identifier corresponding to the token identifier; and compare the received cryptographic representation with the pre-stored cryptographic identifier.

Abstract: A computer system controls access to network devices. One or more user interface elements associated with one or more network devices that are within a view of a user are displayed to the user via an augmented reality display. Input from the user is received comprising instructions to execute a command at a network device of the one or more network devices. The user is determined, according to a security policy, to be authorized to execute the command at the network device. In response to determining that the user is authorized to execute the command, the command is executed at the network device. Embodiments of the present invention further include a method and program product for controlling access to network devices in substantially the same manner described above.

Abstract: A data analytics system to authenticate and authorize access to multiple sources of data for access to the multiple data sources for one or more requesting devices. The system may duplicate and/or access rule sets included in the metadata of the corresponding data source and read identifiers of authorized users maintained by each of the multiple data sources. The access rule sets and authenticated identifiers may be synchronized or otherwise correlated to requesting device identifiers maintained by the data analytics system such that, as requests to access data obtained from one or more of the multiple data sources are received, the system may control access to or otherwise manage the requesting devices interactions with the data from the multiple data systems, reducing the authorization and authentication actions needed to be taken or executed by the requesting devices and the data sources.

Abstract: Various embodiments relate to a method performed by a first wireless device for announcing operating capabilities to a second wireless device, wherein the first wireless device and second wireless device support a first protocol and a second protocol, including: announcing by the first device original capabilities to the second device; receiving an announcement of capabilities from the second device; receiving frames from the second device in PHY Protocol Data Units (PPDUs) following the first protocol and the second protocol; announcing by the first device a change in its capabilities to the second device; and receiving frames from the second device in PPDUs transmitted using the changed capabilities following the first protocol and the second protocol, wherein the change in the capabilities includes a change in a one of a puncture parameter, bandwidth parameter, mode and coding scheme (MCS) parameter, and a number of simultaneous streams (Nss) parameter.

Abstract: An instruction output device facilitates coping with risks on security by including a first acquisition unit for acquiring, in response to input of risk information indicating contents of a risk related to security of an information processing terminal, one or more instructions corresponding to the risk information; a second acquisition unit for acquiring, for each of the instructions acquired by the first acquisition unit, a message indicating contents of the instruction corresponding to a security-related skill level of a user of the information processing terminal; and an output unit for outputting the message acquired by the second acquisition unit to the user.

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

Abstract: Provided is a device unit, including a module, which can configure the device unit with an operating state from among different operating states during the start-up process and/or during ongoing operation of the device unit, wherein a first protected operating state of the different operating states is designed to allow the execution of at least one operating process which can be predefined and to optionally protect the operating process by means of defined cryptographic means, wherein at least one second operating state of the different operating states is designed to deactivate the first protected operating state and to allow at least one other changeable operating process and to optionally protect the operating process by means of specifiable cryptographic means.

Abstract: A consent system enables a consumer to save consent choices so that the publisher can retrieve the consumer consent choices when the consumer visits the publisher site, without requiring the consumer to make additional selections corresponding to consent choices. The consumer can save consent choices as a consent system first party cookie or in an account at the consent system. The consumer can save consent choices when visiting a publisher site or by accessing the consent system. The publisher can retrieve the consumer consent choices from the consent system first party cookie or from the account at the consent system. Multiple publishers can retrieve the consumer consent choices saved in an account with the consent system, enabling “cross-platform consent.

Abstract: Embodiments herein relate to the field of communications, and more particularly to key matching for extensible authentication protocol over local area network (EAPOL) handshaking using distributed computing. Other embodiments may be described and claimed.

Abstract: A wireless key device including a wireless transceiver and antenna configured to communicate with an access terminal, and a processor configured to execute instructions to implement a method of managing digital credentials for a wireless key device. The method includes authenticating the key device with a server, retrieving a plurality of digital credentials from a server, the plurality of digital credentials associated with a plurality of access terminals within a selected geographic proximity to the key device, polling an access terminal of the plurality of access terminals via the wireless transceiver and antenna for an access terminal identification which uniquely identifies the access terminal, identifying a digital credential of the plurality of digital credentials associated with the access terminal based on the access terminal identification, and transmitting the selected digital credential to the access terminal.

Abstract: Systems and methods of improving AI governance are disclosed. One or more sub-contexts associated with a plurality of users are generated from one or more data sources. The one or more sub-contexts represent one or more changes in data that are relevant to assessing one or more risks associated with the plurality of users. One or more sub-contexts are provided as training data to a plurality of models. Each of the models is associated with a confidence score. A probabilistic assessment of the one or more risks associated with the plurality of users is generated based on an application of the plurality of models to additional data pertaining to the plurality of users received in real time. The probabilistic assessment is presented in a dashboard user interface, the dashboard user interface having user interface elements configured to provide insight into how the probabilistic assessment was generated.

Abstract: A method, apparatus, and server for generating a user score based on social networking information is provided. In the disclosed method, by processing circuitry of an information processing apparatus, default annotation information of a plurality of sampled users, an ith user score and an ith relative user score for each of the sampled users are obtained. A user score model is trained according to the ith user score of the respective sampled user, the ith relative user score of the respective sampled user, and the default annotation information of the respective sampled user. An (i+1)th user score of the respective sampled user is subsequently calculated and a trained user score model, for each of the sampled users, is obtained when the (i+1)th user score for the respective sampled user satisfies a training termination condition, The method provides a solution to evaluate the user score for a use when personal information of the user is missing or incorrect.

Abstract: A method by a security analysis server to generate a traffic monitoring rule. The method includes receiving, from a database agent because of a current configuration of the database agent, counts of an amount of traffic sent over a first set of one or more of the database connections being monitored by the database agent and generating a traffic monitoring rule that indicates database connections for which the database agent is to send counts of an amount of traffic, rather than all the traffic, sent over those database connections to the security analysis server because those database connections have been determined by the security analysis server to be of an application database connection type based on an analysis by the security analysis server of the counts. The method further includes applying the traffic monitoring rule by sending instructions to the database agent to alter the current configuration.

Abstract: Various approaches for securing networks against access from off network devices. In some cases, embodiments discussed relate to systems and methods for identifying potential threats included in a remote network by a network access device prior to requesting access to a known secure network via the remote network.

Abstract: Systems and methods are described for pre-authentication access request screening. A server computer may receive a request for access to a resource comprising access data. The server computer may transmit, to an authentication computer, an authentication request message comprising at least a subset of the access data and receive an authentication response message comprising authentication data. The server computer may determine an access score based on the authentication data. Alternatively, the server computer may determine the access score based on the access data without using/receiving authorization data. The server computer may generate an access indicator based on the access score. The server computer may prepare and transmit an authorization request message comprising the access indicator to an authorization computer. The authorization computer may approve or decline the access to the resource based on the access indicator.

Abstract: A system may include one or more tangible, non-transitory computer-readable media having stored thereon instructions, the instructions when executed to instruct one or more processors to: receive a platform-independent access binding data structure (a PIAB data structure), the PIAB data structure comprising a platform-independent representation of a subject class, a verb, an object, and a binding comprising a permission for the subject class to perform the verb on the object; convert the PIAB data structure to a first platform-specific binding for a first target platform; and cause the first platform-specific binding to be implemented on the first target platform.

Abstract: A computer-implemented method includes: connecting, by a computing device, to a database using an outbound connection, wherein the computing device is an information technology (IT) product in a private network and the database is outside the private network; receiving, by the computing device, a response from the database, the response including a command; executing, by the computing device, the command; and sending, by the computing device, result data to the database, wherein the result data is data that results from executing the command on the computing device.

Abstract: The present disclosure generally relates to systems and methods that provide a network environment that enables reassignment platforms to provide authentic access rights for reassignment to user devices. More specifically, the present disclosure relates to systems and methods in which a reassignment platform can execute a protocol implemented using code (e.g., an Application Programming Interface (API)) to validate the authenticity of access rights made available for reassignment, and once reassigned, reissue the access rights to a new user and transmit those access rights to user devices natively in a mobile application.

Abstract: Implementations of the present disclosure relate to method and device for managing a storage system. The method comprises in response to receiving a write request at a storage system, determining whether storage units allocated to a logic storage unit of the storage system are sufficient for data associated with the write request. The method also comprises in response to determining that the allocated storage units are insufficient, allocating a new storage unit to the logic storage unit. The method further comprises updating metadata associated with allocation of the storage units of the storage system, the metadata indicating a mapping between the logic storage unit and the storage units. The method also comprises encrypting the updated metadata. Other implementations of the present disclosure also involve corresponding method, device and computer-readable medium for decryption metadata and recovering the logic storage unit using the decrypted metadata.

Abstract: Systems and methods are disclosed that provide for secure communications between a user device and an authentication system. The systems and methods create a dynamic identification for the device that is stored in both the device and authentication system.

Abstract: The present disclosure relates to a method, apparatus, system and storage medium for access control policy configuration. The method includes receiving a request for creating a target resource; determining, based on the request, whether an access control policy inheritance attribute is set for the target resource, the access control policy inheritance attribute indicating an inheritance relationship between access control policies of the target resource and its parent resource; and configuring the access control policy of the target resource according to a result of the determination. Thus, the efficiency of configuring an access control policy for a resource is improved.

Abstract: Methods and systems are described for analyzing and attesting physical access to a location. In an example, an administrator can create a survey for users in an organization. The survey can be sent to a user device as a notification. The user can complete the survey, and the user's physical access rights can be determined based on the survey answers. When the user attempts to gain access to a location of the organization, the user can provide a digital access badge. The digital access badge can be mapped to the user's access permissions. The user can be granted or denied access depending on whether the user answered the survey and, if answered, what answers the user provided.

Abstract: According to one embodiment, a computing device executes an application including processing of inputting information from a nonvolatile memory unit and outputting information to the nonvolatile memory unit. The computing device includes a processing unit. The processing unit executes processing of receiving an I/O request to the nonvolatile memory unit from the application and generating one or more control commands for controlling the nonvolatile memory unit based on the I/O request. The processing unit executes processing of acquiring authorization information from a server. The processing unit executes processing of inserting or associating the acquired authorization information into or with the I/O request or the one or more control commands.

Abstract: An initialization geo-locking system includes a chassis housing a location determination subsystem and an initialization management subsystem. During an initialization process that begins in response to receiving initialization power, the initialization management system determines that geo-locking is activated and, in response, causes power to be provided to the location determination subsystem and then subsequently identifies a first current location determined by the location determination subsystem. The initialization management subsystem then determines whether the first current location determined by the location determination subsystem corresponds to an authorized initialization location stored in the initialization management subsystem and, if so, halts the initialization process while, if not, allows the initialization process to complete.

Abstract: The present invention relates to methods and apparatus for dynamically detecting and/or mitigating threats in communications systems. Exemplary methods and apparatus of the present invention allow for a combination of automated and operator controlled responses to threats. While an operator is provided an opportunity to provide input on how to respond to a threat, after one or more threats of a given type are identified, the system will automatically take corrective action without waiting for operator input and/or in the absence of operator input following notification of a threat.

Abstract: Authorization is divided between a control plane and a data plane for sharing database data. A producer database engine can create a shared database via a data plane interface. A producer can then authorize access to the shared database via a control plane interface to a consumer. A consumer can associate the authorization granted to the consumer with a consumer database engine via the control plane interface.

Abstract: Systems and methods for embodiments of a graph based artificial intelligence systems for identity management are disclosed. Embodiments of the identity management systems disclosed herein may utilize a network graph approach to analyzing roles of a distributed networked enterprise computing environment. Specifically, in certain embodiments, an artificial intelligence based identity management systems may utilize role graphs to assess the role structure of a distributed enterprise computing environment.

Abstract: Enterprise applications need to store and evaluate permissions on per User, per Entity and per Action basis for hundreds of Users and thousands of permissions. Most of the times this data takes up to 5 database tables to store the Role Based Access Control (RBAC) permissions. Selecting permissions for user from database consumes time while any User attempts to perform any Action. Sometimes the time taken to check permission is more than time taken to perform the required Action. Thus the current approaches for RBAC are inefficient in all—computation TIME, runtime MEMORY and database STORAGE. Binary arithmetic is known for being vast in scalability, smallest in memory and fastest in speed. This paper describes a new method which uses binary data structure and binary arithmetic to accurately check User permissions. We also claim that this method is the most scalable and fastest possible for Role Based Access Control.

Abstract: Embodiments of this application provide a network security management method and an apparatus. The method includes: receiving, by a first network device, a session request sent by a terminal device, where the session request is used to request establishment of a first session with a first data network, the session request includes first authentication information for the first session, and the first authentication information includes identifier information of the first data network; obtaining, by the first network device, second authentication information for a second session of the terminal device, where the second authentication information includes identifier information of a second data network to which the second session is connected; and if the identifier information of the first data network is the same as the identifier information of the second data network, authorizing the terminal device to establish the first session with the first data network.

Abstract: A method of setting an operational authority for an electric motorcycle is proposed, the method including a product registration step of pre-registering mapping information of an ID of an electric motorcycle and manager information in a management server; a manager registration step of completing manager registration with the electric motorcycle using the mapping information when the management server receives the ID from the electric motorcycle; a driver registration step of performing driver registration in the electric motorcycle through pairing with the electric motorcycle, when the management server receives driver information from a driver terminal; and an operational authority registration step of completing, when the management server receives a registration request for operational authority information from a manager terminal, a registration of the operational authority information for the electric motorcycle through pairing with the electric motorcycle, by the driver terminal, using the operational

Abstract: A service providing system, a login setting method, and an information processing system. The service providing system includes an information processing system that stores a set value indicating whether a login is valid for each of the authentication methods, and transmits the set value for each of the authentication methods to the electronic device in response to a request from the electronic device, and the electronic device receives the set value for each of the authentication methods from the information processing system and changes a set value stored in the electronic device according to the set value of at least one of the authentication methods received from the information processing system.

Abstract: Methods and systems for routing data payloads through a plurality of microservices are disclosed. The method may comprise: receiving a data payload and first data; predicting, by a trained machine learning model based on the first data, a path through a plurality of microservices associated with the data payload; generating a modified data payload by modifying, via the orchestrator service, the data payload to include: a first header, wherein the first header comprises a first microservice destination address associated with a first microservice of the plurality of microservices and a second header nested within the first header, wherein the second header comprises a second microservice destination address associated with a second microservice of the plurality of microservices; forwarding the modified data payload to the first microservice based on the first header for processing; and forwarding the modified data payload to the second microservice based on the second header for processing.

Abstract: A method is disclosed. For example, the method executed by a processor of a shared device includes receiving an identification of a user, connecting to a remote server that stores authentication modules and applications, requesting an authentication module and an application stored on the remote server that is associated with the identification of the user, storing the authentication module and the application temporarily on a non-resident memory of the shared device, and executing the application in response to authentication of the user based on log-in information that was received via the authentication module.

Abstract: A device implementing a system to associate a user account with a content output device includes at least one processor configured to receive an invitation to access content associated with a first user account on another device associated with a second user account, the other device being connected to a local area network. The at least one processor is further configured to send, to a server, a request for authorization to access the content associated with the first user account on the other device associated with the second user account, the request comprising information included with the invitation, and to receive, from the server, the authorization to access the content. The at least one processor is further configured to access, based at least in part on the authorization, the content associated with the first user account on the other device associated with the second user account.

Abstract: Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up.

Abstract: An apparatus, method and computer program product facilitate selective searching of at least a portion of a database. With respect to a method, a query is received that has a query context. In response to the query, the method reviews one or more data source tables including a first data source table that defines each of a plurality of data sources of data stored by the database. In reviewing the one or more data source tables, the method identifies one or more data sources that are accessible in response to the query. The method also searches the database for responsive data that: (i) was provided by the one or more data sources that were identified to be accessible in response to the query and (ii) is responsive to the query. Further, the method responds to the query with a representation of the responsive data.

Abstract: An apparatus and method for temporarily sharing a non-fungible token (NFT), the apparatus includes at least a processor, a memory communicatively connected to the at least processor, wherein the memory containing instructions configuring the at least processor to receive a data collection, wherein the data collection comprises a plurality of data objects associated with at least one NFT, verify the at least one NFT as a function of the data collection, identify an in-force time element as a function of the at least one NFT, determine at least one designated utility of the at least one NFT, and generate a self-executing action protocol for interests to the at least one NFT as a function of the in-force time element and the at least one designated utility of the at least one NFT.