Abstract: An electronic device according to various embodiments of the present invention comprises: a housing; at least one camera disposed inside the housing; at least one door unit disposed between the housing and a lens of the at least one camera and a driving unit configured to slide the door unit such that the lens of the at least one camera can open/close, wherein the driving unit can comprise a linear actuator moving linearly according to an application of voltage. Other embodiments in addition to the various embodiments of the present invention are possible.

Abstract: Disclosed herein are systems and method for performing failover during a cyberattack. In one exemplary aspect, a method comprises monitoring a computing device for the cyberattack and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method comprises identifying a failover device that corresponds to the computing device, hardening the failover device to prevent the cyberattack from affecting the failover device, and performing failover by switching from the computing device to the failover device.

Abstract: A method for recovering a network key, a method for transmitting a network key, and a method for managing recovery of a network key. The method for recovering a network key from a point of access to a network is implemented by a terminal, with the network key allowing the terminal to be associated with the point of access during the first connection of the terminal to the point of access. The recovery method includes receiving, by a terminal, a network key transmitted via a mediation server by a point of access, the terminal having been identified by the mediation server by using an association, prior to the first connection, of an identifier of the terminal and an identifier of the point of access. Thus, the key cannot be easily recovered by a third party and limits intrusions into the private network managed by the point of access.

Abstract: Embodiments of the present disclosure provide systems, methods, and apparatuses for addressing the above problems through the use of access rules that involve analyzing historical access request result data for various data elements individually and in combination over a predefined time interval. An automated determination can be made for whether a transaction can be authenticated based upon the historical access request result data (e.g., ultimately, deciding whether the data element or set of data elements are associated with a valid access request).

Abstract: In some examples, with respect to asymmetric-man-in-the-middle capture based application sharing protocol traffic recordation, a dynamic-link library that alters application programming interface calls with respect to communication between an application sharing protocol client and an application sharing protocol server may be injected into the application sharing protocol client. Based on the injected dynamic-link library, data from the communication between the application sharing protocol client and the application sharing protocol server may be ascertained. Further, based on the ascertained data, a test script may be generated to test operation of an application associated with the communication between the application sharing protocol client and the application sharing protocol server.

Abstract: Embodiments are disclosed for a method. The method includes generating a correction datastore indicating shifts in magnitude representing corresponding characters that uniquely identify hardware comprising a computer processing chip. The method further includes generating security masks based on a correction file. Additionally, the method includes using a correction process for the computer processing chip. The generated security masks include corresponding overlays representing the shifts in magnitude with respect to corresponding product masks for the computer processing chip. The method also includes generating the computer processing chip using the security masks and the product masks.

Abstract: A computer implemented method for executing a first set of computer executable instructions by using a third memory portion (123) of a first computer device (100), the method comprising the steps of executing the first set of computer executable instructions and executing a third set of computer executable instructions. The first set of computer executable instructions comprises instructions which, when the first set of computer executable instructions is executed, cause the first computing device (100) to generate at least a first data item comprising first information.

Abstract: Disclosed are various approaches for providing touchless visitor management. A visitor can complete a visitor registration process using a client device of the visitor and obtain a virtual badge credential to a visitor's device. A physical access control system credential as well as a visitor badge can also be obtained to the visitor's device.

Abstract: Methods, systems, and computer programs are presented for enabling automated secure data sharing from a private cloud region to a public cloud region and vice versa. A cloud data platform confirms a relationship establishment procedure between a provider and a consumer is recorded with a cloud data platform, the provider being associated with a private cloud deployment and the consumer being associated with a public cloud deployment in a public region. The cloud data platform enables disabling of a firewall policy that is preventing data traffic between the private cloud deployment and the public cloud deployment and enables data sharing between the private cloud deployment and the public cloud deployment. The cloud data platform enables data sharing in a database of the cloud data platform.

Abstract: A client device accesses content and performs actions at a remote application server via a user-agent application. The application server directs the user-agent application to a security verification system to retrieve and perform security tests. The security verification system receives information from the user-agent application describing characteristics of the user-agent application, and the security verification system selects a set of security tests to be performed by a security module executing in the user-agent application to verify that the user-agent application is accessing the application server consistent with the described user-agent application. The security verification system compares a set of test results with other user-agent applications and provides a token to the user-agent application to access the application server. The security module may also monitor and actions on the user-agent application to permit the security verification system to revise or revoke the token.

Abstract: In some embodiments, a method can include identifying detection coverage of a set of adversarial techniques based on telemetry data and a detection instance of an environment. The method can further include determining a subset of detection coverage that has a metric value below a metric value threshold and among the detection coverage for the set of adversarial techniques. The method may further include identifying at least one detection instance associated with the subset of detection coverage. The method can further include presenting, via a graphical user interface, a representation of at least one of the subset of detection coverage or the at least one detection instance associated with the subset of detection coverage. The method can further include updating the subset of detection coverage based on the telemetry data, the detection instance, or the at least one detection instance to improve the metric value.

Abstract: A method for securely connecting and providing access to an onboard web service, between an item of client equipment, including a screen, and a mobile device, equipped with a camera. The method, is implemented by the mobile device and includes: establishing a wireless connection with the item of client equipment; transmitting a unique pictogram onto the screen of the item of client equipment; reading the pictogram, displayed on the screen of the item of client equipment, using the camera of the mobile device; authenticating the item of client equipment, by comparing data from the transmitted pictogram with the data from the pictogram that was read by the camera; and opening a secure connection and access to an onboard web service on the mobile device, for the item of client equipment.

Abstract: A method for processing video data is performed by a data processing unit (DPU). The method includes obtaining, by a data processing unit (DPU) of an edge device, video data; processing the video data to obtain video data chunks and video processing engine outcomes; generating authentication and authorization (AA) metadata based on the video data chunks and the video processing engine outcomes; associating the AA metadata with the video data chunks based on the video processing outcomes; and storing the AA metadata and the video data chunks.

Abstract: A method including receiving, by a second user device, an authentication message indicating that the second user device is to authenticate a first user device with a service provider that provides a service to the first user device; determining, by the second user device, one or more authentication factors associated with authenticating the first user device with the service provider; encrypting, by the second user device, the one or more authentication factors based at least in part on utilizing an encryption key associated with a trusted device included in the first user device; and transmitting, by the second user device, one or more encrypted authentication factors to enable authentication of the first user device with the service provider is disclosed. Various other aspects are contemplated.

Abstract: A communication device may receive from a server authentication information, and may register the authentication information in a memory. The communication device may send first location information in the communication device to the server. The communication device may register a first password in the memory in a case where the authentication information is received from the server and a registration request is received from the terminal device. The communication device may send the authentication information and second location information in the communication device to the server in a case where a first change instruction is obtained after the authentication information and the first password have been registered in the memory. The communication device may change the first password in the memory to a second password in a case where a change request is received from the terminal device.

Abstract: A WCD system is configured to monitor various characteristics of the WCD system including about the patient. The information collected by the WCD is generally referred to as “patient information.” The WCD system is further configured to transmit certain of the patient information to different recipients based on predetermined profiles with which one or more of the recipients is associated. In various embodiments, different sets or subsets of the patient information may be sent to different recipients.

Abstract: A network node may determine parameters of an authenticated client session for a client device, wherein the parameters comprise a network address of the client device. The network node may determine inactivity of the client device in the authenticated client session. The network node may generate, based on determining the inactivity of the client device, an address resolution protocol (ARP) message or a neighbor solicitation (NS) message to send to the client device, wherein the ARP message or the NS message is to trigger a response from the client device to indicate that the network address of the client device is in use. The network node may provide, toward the client device, the ARP message or the NS message. The network node may perform one or more actions based on receiving or not receiving the response, from the client device, to the ARP message or the NS message.

Abstract: A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.

Abstract: In some implementations, a server device may receive, from a first device, a credential and a request to access a resource. The server device may transmit, to a second device associated with the credential, an image that includes a first symbol composed of a set of elements. The server device may receive, from the first device, information associated with a second symbol formed via user interaction with a user interface of the first device. The second symbol may be formed by dragging elements, presented via the user interface, to an area of the user interface in which the second symbol is to be formed, or drawing elements in the area of the user interface in which the second symbol is to be formed. The server device may grant or denying access to the resource based on the first symbol and the information associated with the second symbol.

Abstract: This disclosure relates to using trust tokens to verify the integrity of devices and applications from which data is received. In one aspects, a method includes receiving, from a client device, a request for one or more trust tokens. The request includes at least one of one or more device-level fraud detection signals obtained from the client device or data representing code of an application that initiated the request. The request also includes a respective nonce for each of the one or more trust tokens. A determination is made, based on at least one of the one or more device-level fraud signals or the data representing the code of the application, to issue the one or more trust tokens to the client device. Each trust token is generated using the nonce for the trust token. The one or more trust tokens are provided to the client device.

Abstract: A service providing system includes an information processing system including an information processing apparatus including a memory and a processor; and a terminal device configured to receive execution of an application. The information processing system and the terminal device communicate with each other. The processor of the information processing apparatus is configured to execute storing information on the application of which a user has a license, and controlling a function of a first application depending on whether the user who requested execution of the first application via the terminal device, has a license of a second application.

Abstract: A multi-tenant system sends jobs for execution on a secondary platform such as a cloud based platform. The multi-tenant system sends tenant data for multiple tenants to the secondary platform. The multi-tenant system obtains job-level credentials from the secondary platform, for example, security tokens that provide access to tenant data for a fixed length of time. The multi-tenant system uses the job-level credentials for enforcing tenant level data isolation for jobs executed on the secondary platform. This ensures that the jobs executing on the secondary platform do not access, modify, or delete data of tenants not related to the job.

Abstract: Techniques are described for managing authentication tokens associated with a secure account maintained by a business or organization. In one example, this disclosure describes a method that includes storing interaction information associated with an account maintained by an organization, wherein the interaction information includes information about authentication tokens used during a plurality of prior authentication procedures performed for the account, receiving, over a network, a request to authenticate a user to access the account, determining, based on the stored interaction information, an authentication token to be used to authenticate the user, wherein the authentication token is different than a prior authentication token used during the plurality of prior authentication procedures performed for the account, presenting a prompt for the authentication token; and determining, based on information received in response to the prompt, whether the user is authorized to access the account.

Abstract: There is disclosed in an example a gateway device, including a hardware computing platform, and a secure domain name system (DNS) engine having circuitry and stored instructions to-program the circuitry, the secure DNS engine to communicatively couple to an endpoint via a local network, begin a secure DNS transaction with the endpoint, determine whether the endpoint supports delegated credentials, and after determining that the endpoint supports delegated credentials, establish a secure DNS session with the endpoint using a delegated credential.

Abstract: Embodiments are disclosed of systems and/or techniques for rate-limiting query-type requests, such as including content-type requests, to computing and/or networking devices, such as, for example, servers, capable of communicating over a computing and/or communications network.

Abstract: A method and/or system for processing an application for launch to determine whether it might be legitimate or non-legitimate, and if non-legitimate taking security action.

Abstract: In an embodiment, a database platform maintains a first account and a second account, where the second account has stored therein an attachable-and-detachable database session. The database platform receives, from a second-account user in the second account, a request to grant, to a first-account user in the first account, access to the attachable-and-detachable database session, and responsively grants the requested access. The database platform receives, from the first-account user, an attachment request requesting that the first-account user attach to the attachable-and-detachable database session, and responsively sets the attachable-and-detachable database session as a current database session for the first-account user. The database platform executes at least one command received from the first-account user with respect to the attachable-and-detachable database session.

Abstract: Disclosed herein is a method of facilitating policy-compliant end-to-end encryption for individuals between organizations. Accordingly, the method may include a step of receiving, using a communication device, a first recipient indication associated with a first recipient of a first tenant from a sender device associated with a sender of a second tenant. Further, the method may include a step of retrieving, using a storage device, a predefined policy definition associated with the first tenant. Further, the method may include a step of identifying, using a processing device, a recipient certificate associated with the first recipient based on the predefined policy definition. Further, the method may include a step of retrieving, using the storage device, the recipient certificate associated with the first recipient based on the identifying. Further, the method may include a step of transmitting, using the communication device, the recipient certificate to the sender device.

Abstract: A system for providing an application includes an interface and a processor. The interface is configured to receive an indication to provide an application to a device. The processor is configured to provide the application to the device. The application is configured to receive a request for credentialed information associated with a user from a requesting server; determine whether a stored credential satisfies the request for the credentialed information; and in response to a determination that the stored credential satisfies the request for the credentialed information: determine a response credential for responding to the request; determine that the user approves sharing the credentialed information indicated by the response credential; and provide the response credential to the requesting server.

Abstract: A system of smart edge sensors, wherein security and encryption is pushed to the edge of the network. In one example, an electronic device includes several sensors. The device is operated by a microprocessor. A plurality of smart edge devices are each interposed between a respective sensor and the microprocessor and intercepts communication between the sensor and the microprocessor. The smart edge device encrypt any data output by the sensor, and decrypt any data received from the microprocessor. A JTAG access is connected to a co-processor where executes a JTAG dongle to authenticate the sensor and an interface with the sensor.

Abstract: Systems and methods that provide access to users of a network system via a unique identity key that controls access and permission rights of outside entities as controlled by the entity itself. The system assigns unique identity to a unique entity. The key is responsible for facilitating preferred access types and information accessed by outside entities, and acts as a signal for action, interaction and experience within the System as well as third party platforms. Each interaction within the system includes a requesting entity's proxy (‘REP’) sending an information access request (‘IAR’) to the deciding entity's proxy (‘DEP’) via a network. This IAR is routed to the correct DEP via the unique identifier. The DEP applies access preferences to allow or deny the IAR, in part or completely. If allowed or partially allowed, the DEP returns information to the REP.

Abstract: The present disclosure comprises systems and methods to mine association rules from a dataset provided in the input. This comprises methodologies for optimizing the dataset for efficient computation of association rules, other than methodologies for handling partially true data. Moreover, it includes methodologies for evaluating the mining process automatically and removing uninteresting rules. In addition, it includes methodologies for integrating experts in the evaluation of the rules. Finally, methodologies to automatically detect outliers, correct outliers, update truth values and complete missing data in the original dataset. The overall methodology is completely automated and provides numerous tuning parameters to fit most of the use cases, including a default value for each of the tuning parameters to simplify its usage.

Abstract: As part of a factory provisioning of an Information Handling System (IHS), a signed replaceable hardware certificate is stored that identifies any replaceable hardware components coupled to the IHS during the factory provisioning. Upon a transfer of control or ownership of the IHS, replaceable hardware components that are coupled to the IHS are detected, and the replaceable hardware certificate is utilized to validate that the identified replaceable hardware components detected as coupled to the IHS are the same replaceable hardware components coupled to the IHS during the factory provisioning. A security processor of the IHS may support boot code operations for generating additional replaceable hardware certificates that can be used to validate the integrity of any changes the replaceable hardware of the IHS, such as upon its next power cycle.

Abstract: An electronic device and an authentication method in the electronic device are provided. The electronic device includes a communication circuit; and at least one processor operatively connected to the communication circuit.

Abstract: A system and method for identifying relevant content from other documents and presenting candidate documents in a document authoring application is described. The system identifies a pattern of events from the document authoring application. The system receives a request to identify candidate documents pertinent to a document present in the document authoring application. A set of candidate documents is identified from a document library based on the pattern of events, a reuse score for each candidate document, a similarity score for each candidate document, and content in the document present in the document authoring application. The set of candidate documents is provided in a user interface element of the document authoring application.

Abstract: Techniques are disclosed relating to methods that include an authentication management process, executing on a computer system, authorizing a plurality of applications to access a database, and sending one or more passcodes to the authorized applications. In response to an authentication update request, the method further includes selecting a new passcode for accessing the database, and sending, to a plurality of applications authorized to access the database, a notification that the new passcode is available. In response to a request from a particular application, the method also includes sending the new passcode to the particular application. The method further includes determining that each of the plurality of applications has retrieved the new passcode. In response to the determining, the method also includes enabling the new passcode for use by the plurality of applications for accessing the database.

Abstract: A system and method for generating and provisioning payment credentials to a mobile device lacking a secure element includes receiving and storing by the mobile device a card profile from a remote system. The card profile may include payment credentials corresponding to a payment account and a profile identifier. The mobile device may receive a mobile personal identification number (PIN) input by a user of the mobile device and transmit a key request to the remote system. The mobile device may receive a single use key which may include an application transaction counter and a generating key from the remote system. The mobile device may generate a payment cryptogram valid for a single financial transaction based on the received single use key and the mobile PIN and transmit the payment credentials and the generated payment cryptogram to a point-of-sale terminal for use in a financial transaction.

Abstract: The technology disclosed herein enables packet handling based on user information included in packet headers. In a particular embodiment, a method provides, in a gateway to a network environment, establishing a first connection with a first connection endpoint outside of the network environment. The first connection is established based on authentication of user information received from the first connection endpoint. The method further provides adding the user information to a packet header of one or more first packets carrying a request to establish a second connection between the gateway and a second connection endpoint within the network environment. Also, the method provides transferring the one or more first packets towards the second connection endpoint.

Abstract: Embodiments of the present disclosure are directed to dynamic shadow operations configured to dynamically shadow data-plane resources in a network device. In some embodiments, the dynamic resource shadow operations are used to locally maintain a shadow copy of data plane resources to avoid having to read them through a bus interconnect. In other embodiments, the dynamic shadow framework is used to provide memory protection for hardware resources against SEU failures. The dynamic shadow framework may operate in conjunction with adaptive memory scrubbing operations. In other embodiments, the dynamic shadow infrastructure is used to facilitate fast boot-up and fast upgrade operations.

Abstract: Technologies are shown for secure token refresh where a client receives a first access token from an authentication service, generates an asymmetric key pair, stores the first access token in association with a private key, and sends a public key to the authentication service. The service stores the public key in association with the first access token. The client sends a refresh token request to the service with the first access token. The service responds with a verification request with proof data. The client signs the proof data with the private key and sends the signed proof data to the service. The service verifies the signed proof data using the public key associated with the first access token, creates a second access token that is stored in association with the public key, and sends the second access token to the client, which stores it in association with the private key.

Abstract: Various systems and methods for discovery and onboarding in an interconnected network framework of Internet of Things (IoT) devices are described. In an example, a technique for onboarding and provisioning a device onto an interconnected network framework includes operations to: receive a unique temporary device identifier from a device instance, the device instance indicating availability for onboarding onto a network; onboard the device instance onto the network; establish a secure session with the device instance via the network; receive, in the secure session, a secure device identifier; and initiate provisioning of the device instance in a secure directory based on the secure device identifier. In a further example, techniques are provided to securely identify and provision a second device instance (a doppelganger device instance) operating on a physical device that hosts both the first device instance and the second device instance.

Abstract: There are provided systems and methods for targeted authentication queries based on detected user actions. A user may perform various actions during a day, including online, electronic, or digital actions, such as social networking, messaging, and media consumption, as well as real-life actions, such as exercise, travel, and purchases. The actions may be used to determine a user history for the user by a service provider. When the user wishes to login to an account or otherwise authenticate the identity of the user, the user may provide login or authentication credentials. The credentials may be used to look up the user history and cause the service provider to generate an authentication—query for the user based on events associated with the user in the user history. The query may be utilized to further authenticate the user by requiring the user to respond with the event associated with the user.

Abstract: A system and a method are provided for collaborative data entry and integration. An operation performed by the system and the method include causing a collaborative interface for input to a spreadsheet to be provided via a user interface, receiving a data entry to the spreadsheet via the collaborative interface, validating the received data entry based on one or more validity rules associated with the spreadsheet, capturing a snapshot of the spreadsheet including the validated data entry, and causing at least the validated data entry of the spreadsheet to be integrated into datasets for one or more applications, at least based on the captured snapshot of the spreadsheet.

Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.

Abstract: Methods and systems for providing temporary and secure authenticated access to content from a content provider, such as data, software, services, streaming content, entertainment, and/or other information. In one embodiment, the present invention contemplates using location specific automatic authentication. The present invention contemplates a system, computer program, and associated processes and methods to provide temporary and private authentication including secure temporary authorization to data, content, software, services, and/or information based on a verification of a user's proximity to a venue.

Abstract: Example implementations relate to method and controller for secure management of a rack. The method includes generating a first unique identifier corresponding to a rack profile of the rack hosting rack devices including physical devices and logical devices, in accordance with a rack topology, wherein the rack profile is based on configuration of the rack devices and the rack topology. Further, the method includes receiving information corresponding to the rack profile of the rack from peripheral devices disposed in the rack, wherein the information is based on monitored condition of the rack devices and the rack topology. The method further includes generating a second unique identifier based on the information, and determining variation in the rack profile based on comparison of the first and second unique identifiers. Further, the method includes generating an alert signal in the rack, in response to determination of the variation in the rack profile.

Abstract: There are provided a forward relay unit (31) configured to distribute a request from a radius client (1) which is a facing node of a microservice to the microservice to one of servers (5a and 5b) accommodating the microservice; and a backward relay unit (34) configured to perform NAPT on a request from the microservice to an address band of the facing node, and return a response from the facing node to the request to the microservice in a reverse order of a path along which the request has passed. Accordingly, in a microservice infrastructure on which an NFV application requiring IP authentication is mounted, it is possible to satisfy a requirement of an application of a request transmitted from a microservice to a facing node.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for hotword trigger suppression are disclosed. In one aspect, a method includes the actions of receiving, by a microphone of a computing device, audio corresponding to playback of an item of media content, the audio including an utterance of a predefined hotword that is associated with performing an operation on the computing device. The actions further include processing the audio. The actions further include in response to processing the audio, suppressing performance of the operation on the computing device.

Abstract: A device for identification and authentication of a remote user connecting to a service over a network includes a cryptographic processor and at least one cryptographic key and storage means, additional processing means and interface means to generate and transmit a unique authentication code as emulated keystrokes through a standard input, means of a client terminal. The code may be transmitted only by an explicit command of the user.

Abstract: A method of starting an electronic device includes: receiving a first wireless signal carrying a first identification data by a wireless receiver before the electronic device enters a normal operating state; comparing the first identification data with a valid data; obtaining an account name and a password according to the first identification data if the first identification data matches the valid data and logging in to an operating system with the account name and the password so as to allow the electronic device to enter the normal operating state; and not logging in to the operating system if the first identification data does not match the valid data.