Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.

Abstract: A network system includes at least one server device and at least one terminal device that accesses any of the at least one server device. The terminal device authenticates a network address between the terminal device and any of the at least one server device and communicates data with any of the at least one server device. When the server device receives a request from the terminal device, it provides a service in accordance with the authenticated network address held by the terminal device that has issued the request.

Abstract: A trusted session is to be established between a smart speaker and a computer server. The computer server may receive an instruction to initiate a trusted session with the smart speaker. The instruction includes an indication of an account linking token for linking a first and second account associated with the smart speaker and the computer server, respectively. The computer server generates a session token and sends it to the smart speaker for acoustic signalling. The acoustic signal is captured by a mobile device and used to reconstruct the session token. The computer server receives the reconstructed session token along with identifying information from the mobile device. The computer server system uses the identifying information to confirm that the mobile device is associated with the second accord. Upon so confirming, the computer server may establish a trusted session between the first smart speaker and the computer server system.

Abstract: Systems, methods, and computer-readable storage devices to enable virtual API technology embodied in an SDK for use within a mobile application, a mobile payment wallet, or a mobile operating system.

Abstract: An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

Abstract: The present disclosure relates to an authentication method of a first device by a second device, each first, second device having a processor, at least one memory, and an authentication circuit, in which the authentication circuit is configured to prohibit the processor from reading data stored in at least part of said memory. The authenticating includes generating a first datum, and a second datum. The second device verifies that the first and second data match.

Abstract: The disclosed computer-implemented method for securing authentication procedures includes (i) monitoring, by a third-party security application, to detect reception of a second factor authentication token as an input to complete a second factor authentication procedure in connection with a second application that is independent from the third-party security application, (ii) verifying, by the third-party security application, whether or not the second factor authentication token was transmitted by a valid server in coordination with the second application as part of an authentic version of the second factor authentication procedure, and (iii) performing a security action to protect a user account based on a result of verifying whether or not the second factor authentication token was transmitted by the valid server in coordination with the second application as part of the authentic version of the second factor authentication procedure.

Abstract: A first application name is received. For example, the first application name may be the name of the application, a Universal Resource Locator (URL) of a web site (e.g., microfocus.com), and/or the like. The first application name represents a computer application of a plurality of computer applications that the user logs into. A global password is received from the user. The global password is used as a seed to login to the plurality of computer applications. The global password is converted to a phonetic password. A first application password is generated for the first computer application based on the first application name and the phonetic password. For example, the first application name and the phonetic password are used as an input to a key deviation function. The first application password is then displayed to the user. The user can then use the displayed password to login to the first application.

Abstract: A method for accessing a service system includes: receiving fingerprint information of a to-be-verified terminal device and identification information of a to-be-verified user from a login computer system based on a service access instruction to access the service server; verifying, according to the fingerprint information of the to-be-verified terminal device and the identification information of the to-be-verified user, whether the to-be-verified terminal device is a specified device of the to-be-verified user based on a specified device database, the specified device database comprising identification information of each user and fingerprint information of a specified device of each user; determining, according to a result of the verifying, whether to allow the login computer system to access the service server according to the service access instruction; and if yes, sending a notification to the login computer system to enable the login computer system to access the service server.

Abstract: A system for avoiding an access conflict between a plurality of devices that access an IC module. The system includes a first device and a second device that can access an IC module used in an electronic money system. The second device has the function of detecting waves having a predetermined pattern to indicate that the first device is accessing the IC module. These waves may be continuously generated from the first device or may be continuously generated from another device installed near the first device, and when the second device detects the waves having the predetermined pattern, the second device refrains from accessing the IC module. This allows the system to implement autonomous conflict control between a plurality of devices that access the IC module that does not have an adequate conflict control function without providing a special control circuit.

Abstract: Methods and systems for management of subscriber identities associated with user devices are described herein. The user device may enroll the user device to a server and lock a subscriber identity associated with the device by setting a password on the subscriber identity. If a credential entered by a user is verified, the subscriber identity associated with the device may be unlocked. Alternatively, the user device may retrieve one or more identities associated with the user, the user device and/or the subscriber identity. A server may register the one or more identities with a database. If the user device sends a request to connect to the network, the server may verify the one or more identities retrieved by the user device to determine whether to grant access from the user device to the network.

Abstract: Various methods, apparatuses/systems, and media for implementing a smart database driver are disclosed. A receiver receives a request for establishing a connection between an application and a target database. A processor, operatively coupled to the receiver via a communication network, authenticates the application by implementing a java authentication authorization service (jaas). Authentication of the application is performed at runtime with connection properties and configuration details provided via system properties or environment variables. The processor also generates a database connection uniform resource locator (URL), validates the URL; and establishes a connection between the application and the target database based on the validation of the URL and successful authentication of the application.

Abstract: According to one aspect disclosed herein, a provider device can receive, from a requester device, a network access request requesting, on behalf of the requester device, access to a Wi-Fi network associated with a network provider and provided, at least in part, by a network device. In response, the provider device can prompt the network provider to accept or deny the requester device access to the Wi-Fi network. The provider device can receive input indicating that the network provider accepts the network access request, and in response to the input, can create a network access package that includes a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi. The provider device can encrypt the network access package to create an encrypted network access package.

Abstract: A device may receive, from a contactless card, a uniform resource locator (URL) and encrypted data. The device may download a first application from an application server based on the URL. The device may download and execute the first application. The first application may receive the encrypted data.

Abstract: This disclosure is directed to embodiments of systems and methods for containerizing files and managing policy data applied to the resulting containers. In some of the disclosed embodiments, a computing system determines that a file stored in storage medium is to be included in a container to be sent to at least one computing component associated with a device including a user interface. The computing system determines that the file is of a particular type and also determines code that can be used to access files of the particular type. The computing system combines the file and the code into the container such that container is configured to be executed by the at least one computing component so as to cause content of the file to be presented by the user interface. The computing system then sends the container to the at least one computing component.

Abstract: Systems, methods, and media for authentication are provided. In accordance with some implementations, the system comprises: a hardware processor that is programmed to: receive, from a device, a message relating to an authentication status of a user account associated with the device; transmit an authentication request to the device that is transmitted to an authentication server; receive, from the device, a response to the authentication request that includes authentication data relating to a session corresponding to the user account on the authentication server; cause an interface to be presented that requests authorization to authenticate the device with the authentication server using the user account; and transmit the authentication data to the device that causes the device to retrieve a corresponding authentication token from the authentication server, wherein the corresponding authentication token authenticates the user account on the device.

Abstract: A first user device can transmit an interaction request to a remote computer via a long range communication channel. The first user device can receive an authentication request message from the remote computer and can then transmit the authentication request message to a second user device via a short range communication channel. The first user device can then receive an authentication response message comprising a response value from the second user device via the short range communication channel. The first user device can then transmit the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.

Abstract: The present embodiments relate to identifying a user on an external platform as a client of an entity and managing interactions with the user. An input provided by the user on an external platform can be parsed to derive user-specific social media data for the user. The user-specific social media data can be compared with client information maintained in a client database and a harvested social media database to identify the user as a client. A verification message can be sent to the user via a messaging application of the external platform to receive semi-private client data and verify the identity of the user. A response can be generated for the user based on client information. The response to the user can include a link to a secure messaging application to enable secure data communication between the user and the client.

Abstract: In some examples, a headless device that is without an available user interface and that is to be provisioned for access to a network receives information relating to provisioning of the headless device from a network node. The headless device sends, to a mediator device with a user interface, at least a portion of the received information. The headless device receives, from the mediator device, information to proceed with the provisioning of the headless device.

Abstract: A computing system includes a virtual server to provide a virtual computing session, and a client device to access the virtual computing session via a communications network. The virtual computing session includes a remote browser, and the client device includes a local browser to access user credential information. The remote browser is used to navigate to a website requiring user authentication, receive a user credential challenge from the website, and request the user credential information from the client device to satisfy the user credential challenge. The client device provides the user credential information to the remote browser for user authentication via the local browser, so as to satisfy the user credential challenge of the website.

Abstract: Secure access to data within a communications platform is provided on a need-to-know basis. Inputs provided at the communication platform are intercepted and cognitively analyzed to determine context of the interaction and related data requirements. In response, data access rules are generated and/or retrieved and applied at an access gateway. As data requests as received from the called party from within the communications platform, the data access rules are applied to the request to determine if a match exists and, if so, data access rules-based access is provided to the data. In response to determining the context of the interaction, a context access token is generated and communicated to a virtual database assembler, which assembles a virtual database that only contains data responsive to the context of the interaction.

Abstract: A method and apparatus with selective combined authentication performs a single authentication based on a first modality among plural modalities, and in response to the single authentication having failed, determines whether to perform a combined authentication by a combination of two or more of the plural modalities, and selectively, depending on a result of the determining of whether to perform the combined authentication, performs the combined authentication.

Abstract: An information processing device includes a key generation portion that generates a first key associated with an electronic device when a processing request for the electronic device is received, a key transmission portion that transmits the first key to a request source of the processing request, a connection controller that when a second key is received from the request source, connects to the electronic device associated with the first key corresponding to the received second key, and a response notification portion that notifies the request source of response data from the electronic device when the response data is received from the electronic device, the response data including screen data used for controlling the electronic device.

Abstract: A system, method and one or more wireless earpieces for authenticating utilization of one or more wireless earpieces. A request is received through the one or more wireless earpieces. Biometric readings are performed for a user utilizing sensors of the one or more wireless earpieces. The biometric readings are analyzed to determine whether a biometric profile authorizes the one or more wireless earpieces to fulfill the request. The request is authenticated in response to determining the biometric profile authorizes fulfillment of the request.

Abstract: A system for automatic authentication of service requests includes authentication of a remote access device. This authentication may be accomplished automatically prior to text or audio communication between a customer and a service agent. In some embodiments, authentication is accomplished automatically by authentication of the remote access device or accomplished by asking the customer questions. A single authentication of the remote access device may be used to authenticate a service request transferred between service agents. The authentication of the remote device may include, for example, use of a personal identification number, a fingerprint, a photograph, and/or a hardware identifier. Some embodiments include an intelligent pipeline configured for managing queues of customer service requests.

Abstract: It is often necessary to securely transfer data, such as authenticators or authorization tokens, between programs running on the same end-user device. The teachings hereof enable the pairing of two programs executing on a given end-user device and then the transfer of data from one program to the other. In an embodiment, a first program connects to a server and sends encrypted data elements. A second program intercepts the connection and/or the encrypted data elements. The second program tunnels the encrypted data elements (which remain opaque to the second program at this point) to a server, using an encapsulating protocol. This enables the server to receive the data elements sent by the first program, decrypt them, and provide them to the second program via return message using control fields of the encapsulating protocol. Once set up, the tunneling arrangement enables bidirectional data transfer.

Abstract: According to at least one embodiment, an image processing device includes a monitor, a communication interface, and a processor. The monitor is configured to display a login for logging in to a first information processing device. The communication interface is configured to communicate data with a second information processing device. The processor is configured to transmit a request for an authentication code from the first information processing device to the second information processing device via the communication interface and receive a response from the second information processing device via the communication interface. The response includes the authentication code.

Abstract: A navigation method for evacuation in an emergency state includes creating a visualized map image based on an outdoor space and at least one indoor space in an area. A plurality of indoor locators and a plurality of outdoor locators are used to locate a personal mobile device held by a person. The personal mobile device is located when a controlled event, such as a gunshot event or a fire event, occurs. An augmented reality image is used to guide the person to an emergency refuge area. A visualized mag image is used to provide the person with information containing the location of the personal mobile device, the controlled event location, the emergency refuge area, and an evacuation route, thereby assisting the person in rapidly and easily moving away from the controlled event location.

Abstract: A client device accesses content and performs actions at a remote application server via a user-agent application. The application server directs the user-agent application to a security verification system to retrieve and perform security tests. The security verification system receives information from the user-agent application describing characteristics of the user-agent application, and the security verification system selects a set of security tests to be performed by a security module executing in the user-agent application to verify that the user-agent application is accessing the application server consistent with the described user-agent application. The security verification system compares a set of test results with other user-agent applications and provides a token to the user-agent application to access the application server. The security module may also monitor and actions on the user-agent application to permit the security verification system to revise or revoke the token.

Abstract: Disclosed are various approaches for retrieving contacts from a plurality of federated services. In one example, an authentication notification is received from an identity manager. The authentication notification can include an identifier for a user account and a single sign-on token for the user account. A federated service to authenticate on behalf of the user account is identified. The single sign-on token is transmitted to the federated service for authentication. An authentication token and a refresh token are received from the federated service. The authentication token is determined to expire within a threshold time period. A determination is made that the refresh token has not expired. The refresh token is transmitted to the federated service for a replacement authentication token.

Abstract: Embodiments of the present disclosure are directed to dynamic shadow operations configured to dynamically shadow data-plane resources in a network device. In some embodiments, the dynamic resource shadow operations are used to locally maintain a shadow copy of data plane resources to avoid having to read them through a bus interconnect. In other embodiments, the dynamic shadow framework is used to provide memory protection for hardware resources against SEU failures. The dynamic shadow framework may operate in conjunction with adaptive memory scrubbing operations. In other embodiments, the dynamic shadow infrastructure is used to facilitate fast boot-up and fast upgrade operations.

Abstract: An authentication method for a telecommunications system comprising a computer network and a telephone network that includes receiving, at an Authentication System across the computer network, data indicative of an authentication request. The request is typically made by a provider in connection with a user (e.g. by a provider to obtain authentication from a user as the result of an authentication trigger detected by a provider system). A telephone call is establishing by the telephone network between the Authentication System and a telephone device with a telephone number associated with the user. A PIN is received from the user at the Authentication System during the telephone call. It is then determined if the received PIN is valid. The authentication request is authenticated if the PIN is determined to be valid.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for extending application access across devices. In some implementations, an electronic device receives a request to provide access to the electronic device to a particular user that is not registered as a user of the electronic device. The electronic device receives authentication credentials for the particular user. The electronic device provides the authentication credentials to a server system and receives data from the server system that (i) indicates that the providing access to the electronic device in a guest mode is authorized, and (ii) indicates a state of an instance of an application installed on a second device. The electronic device provides access to the electronic device in the guest mode that provides an interface that at least partially recreates the state of the instance of the application installed on the second device.

Abstract: A method may include generating, by a computing device, a first dynamic QR code comprising a plurality of QR code frames, each QR code frame transmitted at a first frequency, the plurality of QR code frames comprising non-viable QR code frame(s) and at least one viable QR code frame. The method may include displaying, by the computing device, the first dynamic QR code, the at least one viable QR code frame displayed at a first time. The method may include transmitting, by the computing device, a first pulse to a user device. The method may include capturing, by the user device at the first time and in response to receiving the first pulse, the at least one viable QR code frame. The method may include generating and displaying, by the user device, a second dynamic QR code, causing the computing device to complete a requested transaction.

Abstract: Communication security is an ongoing problem. Over time, various protocols have been used and then replaced due to insufficient protection. For example, some client/server web communication used to rely on Secure Socket Layers (SSL) to protect communication, but was replaced with a more secure Transport Layer Security (TLS) protocol. TLS itself has undergone several revisions, and TLS 1.0 is now considered not secure. TLS and other protocols provide backwards compatibility, so while a higher security level is desired, communication may fallback to an undesirable level, e.g., TLS 1.0, if required by either communication endpoint. An intermediary to communication with an organization may capture data to facilitate analyzing it to determine what caused a fallback, and to decide if and how to remediate it. Remediation may vary depending on, for example, whether the cause was from within the organization, or external, such as from a client.

Abstract: A portable remote support device comprises a processing unit, a network communication unit configured to communicate with a cloud service, a video capturing unit, at least one video input port and at least one output port. The processing unit is configured to communicate video signals received via the video input port to the cloud service via the network communication unit, and to emulate pointing device signals and/or keyboard signals received via the network communication unit on said at least one output port. The portable remote support device is configured to obtain unique secure tokens.

Abstract: Systems, methods, and apparatuses for implementing super community and community sidechains with consent management for distributed ledger technologies in a cloud based computing environment are described herein.

Abstract: An apparatus includes a processor and a non-transitory computer-readable medium storing instructions that, when executed by the processor, cause the processor to perform operations including receiving a request for object identifiers, the request associated with a unique session, sending an object identifier, the object identifier associated with an object from a list of objects each having a corresponding object identifier, receiving a request for data, the request referencing the object identifier and a data value associated with the object, performing an in-memory retrieval for the data value associated with the object identifier, and transmitting the data value.

Abstract: A control method for controlling terminal state switching includes a terminal obtaining first data of the terminal and second data from a wearable device that is bound to the terminal when receiving an unlocking instruction in a lock screen state. If the first data and the second data meet a preset condition, the terminal performs the operation of unlocking.

Abstract: Disclosed herein are systems and methods for determining learned associations between authentication credentials and network contextual data, such as may be utilized in a network that supports network roving. A mobile device attempts to rove to a visited network using authentication credentials associated with another network, based at least in part on first contextual information associated with the other network and second contextual information associated with the visited network indicating that the visited network is part of a common association of networks that supports roving internetworking between the networks of the common association.

Abstract: A method and processing system for managing user access to one or more resources is disclosed. A central service may receive an access change request message regarding a user. The access change request message may include a user identifier, a user role, and an access action for the user. Example access actions may include adding or removing user access with respect to a resource. The central service may determine which resources are associated with the user role and transmit one or more event messages to the resources to implement the access actions. The resources may send acknowledgement messages to the central service to confirm that the access actions have been completed.

Abstract: Methods, systems, and devices for data processing are described. According to the techniques described herein, an application server may be used for real-time provisioning for features for a user. The application server may validate requests from the user for feature activation or deactivation and after validation, may communicate with a provisioning server, which may be non-local to the user or the application server, to indicate validation and activation or deactivation of a feature for the user.

Abstract: Examples of systems described herein include a file server virtual machine of a virtualized file server configured to manage storage of a plurality of storage items. The file server virtual machine including a file system configured to receive an access request directed to a storage item of the plurality of storage items and associated with a user. The file system is further configured to retrieve an access control list having permissions information associated with the storage item, and to cache a permissions profile for the user including all permissions pertaining to the user for the storage item. The file system is further configured to determine whether the access request is permissible based on the cached permissions profile.

Abstract: A method is provided for remotely and securely accessing a modem is provided that uses an encrypted authentication token with a modem password. The method includes receiving an encrypted authentication token from the modem, the authentication token having a modem password stored in secure memory and being encrypted according to a public key, transmitting the encrypted authentication token to an authentication server. receiving a decrypted authentication token from the authentication server, the decrypted authentication token comprising the modem password, generating an authentication key and a privacy key from the modem password, configuring modem interfaces at least in part using the authentication token, the modem interfaces including a network management protocol interface and communicating with the modem using the network management protocol interface according to at least one of the generated authentication key and the privacy key.

Abstract: A method for creating a customized and redacted credit report may include transmitting a user request to generate a customized credit report, receiving a copy of a stored credit report, analyzing the copy of the stored credit report, displaying one or more information fields and one or more selectable user interface elements, transmitting a credit report redaction list, and receiving a customized credit report. A user device for configuring a customized credit report may include a processor, a display in communication with the processor, and a non-transitory memory storing instructions that, when executed by the processor, cause the processor to perform processing including transmitting a user request to generate a customized credit report, displaying one or more information fields and one or more selectable user interface elements, transmitting a credit report redaction list, and receiving a shareable credit report link associated with a customized credit report.

Abstract: A system and method allows users of a social network system to view different types of information based on rights and privileges associated with the information and attributes and characteristics of each user.

Abstract: Techniques and systems for detecting malicious activity within a network are provided herein. A method for detecting malicious activity within a network may include receiving, by a network-based authentication system, a network transaction. The network-based authentication system may identify a first attribute of the network transaction. The method may also include selecting, by the network-based authentication system, a first learning statistical model and a second learning statistical model from a plurality of models for handling the network transaction. Each of the first learning statistical model and the second learning statistical model may create a likelihood that the network transaction is authentic. The first learning statistical model may calculate a first score and the second learning statistical score may calculate a second score. Based on a comparison of the first score to a first threshold and the second score to a second threshold, the network transaction may be authenticated.

Abstract: An agent of a domain management intermediary service obtains a security key using a client credential indicated in a request for a read-write domain management operation. A registry credential is obtained using the security key, and the read-write domain administration operation is initiated using the registry credential. A separate read-only agent obtains the completion status of the read-write domain administration operation and provides the status to the client.

Abstract: A method for mitigating a 5G roaming attack using a security edge protection proxy (SEPP), includes receiving, at an SEPP, user equipment (UE) registration messages for outbound roaming subscribers. The method further includes creating, in a SEPP security database, UE roaming registration records derived from UE registration messages. The method further includes receiving, at the SEPP, a packet data unit (PDU) session establishment request message. The method further includes performing, using at least one parameter value extracted from the PDU session establishment request message, a lookup in the SEPP security database for a UE roaming registration record. The method further includes determining, by the SEPP and based on results of the lookup, whether to allow or reject the PDU session establishment request message.

Abstract: A method and system for application security. The methods and systems of the present disclosure improve application security and may be used to secure a host application and operating system from malicious fast applications. A request to access resources of the computing device is received from an application adapter of a fast application operating within a host application on the computing device. In response to a determination that the request is associated with resources included in a permission list of the fast application, the unique user identifier (UID) of the application adapter to the UID of the host application is translated by the operating system, which determines whether to allow the request based on the UID of the host application. Otherwise, the operating system determines whether to allow the request based on the UID of the application adapter.