Abstract: Methods, systems and computer program products for providing video-based authentication are provided. Aspects include receiving a master video comprising a recording of a first plurality of objects. Aspects also include identifying each of the first plurality of objects using image recognition techniques. Aspects also include receiving a user selection of a plurality of authentication objects, where the plurality of authentication objects are a subset of the first plurality of objects. Aspects also include receiving a user authentication request comprising an authentication video. The authentication video is a recording of a second plurality of objects. Aspects also include identifying each of the second plurality of objects using image recognition techniques.

Abstract: A computer-implemented method, computer program product and computing system for: defining a threat mitigation platform for a client, wherein the threat mitigation platform includes a plurality of threat detection capability modules; defining a rollout schedule for at least a portion of the plurality of threat detection capability modules; and presenting the rollout schedule to the client.

Abstract: Video conferencing in a controlled environment facility entails significant security concerns. These concerns are even more prevalent in a system that permits residents of such facilities to communicate via their own personal devices. Therefore, in order to alleviate these concerns and provide a secure system in which a resident is able to make video calls using their personal device, a kiosk unit is provided to which the personal device must be linked for completing a video call. When making the video call, the camera and display on the personal device are disabled, and all video data is captured and displayed by the kiosk unit. The link between the kiosk unit and the personal device facilitates the exchange of the image information for transmission to the outside party, or display to the user. By providing a fixed camera, and disabling the personal device camera, security can be maintained while permitting video calling services.

Abstract: The SOCIAL MATCH PLATFORM APPARATUSES, METHODS AND SYSTEMS (“SMP”) transforms platform join requests, social network info, and SMP network info inputs via SMP components NJ, JIP, CIP, OP, CN-SGU and CN-UPSOG into job info, candidate info, offer info, and social meetup info outputs. A job information request for a candidate may be obtained. Social data associated with the candidate may be determined. A social job relevancy rating for various jobs may be calculated using the social data. A job may be selected using the social job relevancy rating for the job, and information regarding the selected job may be provided.

Abstract: A removable card-enabled BPID Security Device integrates a removable card reader with a biometric authentication component to provide secured access to electronic systems. The device allows for an individual to insert a removable card into an aperture in the physical enclosure of the BPID Security Device, allowing the removable card and the BPID Security Device to electronically communicate with each other. The BPID Security Device is based on a custom application specific integrated circuit that incorporates removable card terminals, such that the BPID Security Device can communicate directly with an inserted removable card. In an alternative embodiment of the invention, the BPID Security Device is based on a commercial off-the-shelf microprocessor, and may communicate with a commercial off-the-shelf microprocessor removable card receiver using a serial, USB, or other type of communication protocol.

Abstract: A server transmits to a third-party application a request for a resource that is received from a client. The server receives an authentication request from the client device that has been generated by the third-party application. The server transmits an identity provider selection page to the client device that allows the client device to select an identity provider. The server causes the client device to transmit a second authentication request to a selected identity provider. The server receives an authentication response that was generated by the identity provider that includes the identity of the user. The server enforces access rule(s) including identity-based rule(s) and/or non-identity based rule(s). If the user is permitted to access the third-party application, the server causes an authentication response to be transmitted from the client device to the third-party application that indicates the user has successfully authenticated.

Abstract: Some methods enable a first device to assist a second device in becoming authenticated with a content management system. The content management system can receive user credentials or an elevated access token from the first device. The content management system can respond to the first device with an access token for use by the second device. Alternatively, the content management system can send the access token directly to the second device. The second device can then use the access token for authenticated communications with the content management system.

Abstract: A method prompts a user to provide first credentials, receives the first credentials, and using an initial verification process including at least one of validity, a uniqueness, a suspicious contextual detection, or statistical recurrence verification, to verify the first credentials based on stored data. Based on a negative result of the initial verification process, the method prompts the user to provide second credentials, receives the second credentials, and validates the second credentials based on the stored data. The method registers the user for a service based on a positive result of the initial verification process or a positive result of the second strong validation process, refusing to register the user for the service based on a negative result of the initial verification process and the negative result of the second strong validation process, and blacklisting the verified second credentials upon registering the user.

Abstract: Implementations are directed to detecting bypass of an authentication system of a web application with actions including receiving one or more webpage logs including web traffic associated with a web application during a defined time period, receiving one or more authentication logs associated with one or more authentication appliances providing authentication services for the web application, determining, based on the one or more webpage logs, one or more webpage log entries corresponding to a user and the defined time period, determining, based on the one or more authentication logs, a total number of correct authentication factors provided by the user during the defined time period, and determining, based on the one or more webpage log entries corresponding to the user and the defined time period and the total number of correct authentication factors provided by the user, that the user bypassed an authentication system of the web application.

Abstract: Some examples include establishing a secure communication session between a mobile device and a card reader. For instance, a trusted, remote validation server may be used to validate security information of a software module executing on the mobile device prior to the card reader and the software module establishing a secure communication session with each other. In some cases, the software module sends the security information of the software module to the validation server. The secure communication session between the software module and the card reader may be established based on a validation result of a validation process indicating that the security related information of the software module has been determined to be valid by the validation server.

Abstract: According to a yet further aspect of the embodiments of the present invention a server 1020 configured to bind a device application to a web service is provided. The server comprises WebRTC functionality. The server is configured to receive a request for the web service from the device application, wherein communication between the server and the device application is done via https and WebRTC and the device application is configured to generate WebRTC credentials comprising a private key, certificate of the private key and a fingerprint of the certificate. The server is configured to receive the fingerprint and fingerprint generation algorithm of the certificate, store the fingerprint and fingerprint generation algorithm and associating the fingerprint with the device application, and use DTLS, providing the certificate of the device application, in combination with the stored fingerprint to identify the device application to bind the device application to the web service.

Abstract: A computer-implemented method may be provided for identifying a user device. An identification server in communication with the user device may receive a request from a browser of the user device to access, from a destination uniform resource locator (URL), an asset from the identification server. The request from the browser may be received from a website server. The asset is configured to be presented on a webpage hosted by the website server. The request from the browser may be modified to associate a new identity attribute of the user device with the request.

Abstract: Systems and methods are provided for use in provisioning accounts to applications included in mobile devices. One exemplary method includes receiving, at a mobile device, a request to provision an account to a mobile device; prompting a user associated with the account for authentication at a wireless device associated with the account; receiving an account credential from the wireless device, via a local wireless communication between the mobile device and the wireless device, when the user is authenticated at the wireless device; transmitting the account credential toward a first party associated with the account, whereby the account credential is indicative of the authentication of the user; and provisioning the account to the mobile device, in response to an approval received from the first party.

Abstract: A request for a transaction between a client system and a server system may be processed. The transaction may be associated with transmission of data between the client system and the server system. The data may be encrypted using a transient encryption key to form encrypted data. The transient encryption key may be a synced-clock random number configured to automatically change when a designated time interval elapses. The encrypted data may be transmitted between the client system and the server system.

Abstract: A proxy server enforces security rules on data accesses. Network traffic between a client application and a cloud application is routed to the proxy. The proxy tags data that is stored in the cloud applications in order to track the data. When a data request is received by the proxy, the proxy uses a set of rules to decide whether the requesting user is allowed access to the data from the cloud application.

Abstract: There is provided a method and system for securely coupling and transferring data between devices. In a preferred embodiment, the devices may comprise two devices, a transferring device and a receiving device, and both devices are mobile devices. Embodiments of the present invention allow the wireless transfer of data such as contacts, photo images, video files, or other data from one device to another device, without need for special hardware or cabling.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to identify a first domain name associated with a website that served a login form to a web browser. The at least one processor is further configured to identify a one-time password (OTP) entry request served from the website in response to transmitting user credentials to the website. The at least one processor is further configured to identify a second domain name associated with an OTP server that provided an OTP. The at least one processor is further configured to perform a security action in response to determining that the first domain name differs from the second domain name. The security action may include blocking a response to the OTP request from the website, providing a warning, and/or obtaining confirmation for the response to the OTP entry request.

Abstract: Methods, systems, and computer readable media for authenticating to a computer system. In some examples, a method includes receiving a request from a user device for authentication, the request specifying a username. The method includes determining grid information associated with the username by accessing a repository of grid information for usernames, the grid information specifying a color set. The method includes sending the color set to the user device, causing the user device to display a grid of colored tiles, each colored tile having a color specified by the color set. The method includes receiving a sequence of tile selections from the user device, each tile selection specifying a user selection of one of the colored tiles. The method includes granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username.

Abstract: Systems and methods are provided for use in verifying network identities. One exemplary method includes receiving, at a computing device, data associated with multiple user devices of a user and relating to one or more identity attributes of the user. The method then includes, in response to a request for authentication of the user, generating an aggregate score based on multiple of a reliability sub score, a length of relationship sub score, and a historical consistency sub score for each of the multiple user devices taking into account at least some of the received data. The aggregate score may then be transmitted to a relying party in response to the request, thereby permitting the relying party to authenticate the user based at least in part on the aggregate score.

Abstract: A database system processes database queries that process external tables representing data obtained from an external systems. The database system generates an execution plan to execute the database query. The database system sends a request for data of the external table to an external system. The request provides connection information to the external system. The external system sends a request to connect to the database system and provides data of the external table as a data stream. If the database system reaches an operator that processes the data of the external table, the database system waits for data from the external system. The database system processes the database query using the data of the data stream. The database system provides the result of the database query to a requestor, for example, a client device.

Abstract: A system includes Internet of things (IOT) devices that are paired with corresponding edge computers. Smart contracts are generated for edge computers, and deployed in a blockchain. Upon receipt of a message, a smart contract compares a sender of the message to a designated owner of the smart contract. The smart contract has a privilege checker that allows a message from the owner of the smart contract to initiate execution of a function that modifies a variable of the smart contract, but prevents messages from non-owners from initiating execution of the function.

Abstract: A method including actions of pairing with a mobile device and receiving a user name, a password encrypted with a connector password key, and a public key of the mobile device. Additional actions include providing the password encrypted with the connector password key, receiving the password in a decrypted form, obtaining a pairing key, encrypting the pairing key using the public key, encrypting the password with a local password key, providing the pairing key encrypted using the public key and the password encrypted with the local password key, disconnecting from the mobile device, after disconnecting form the mobile device, reconnecting with mobile device, providing a workstation identification, receiving the user name and the password encrypted with the local password key, decrypting the password encrypted with the local password key, and logging in the user using the user name and the password decrypted with the local password key.

Abstract: A method for controlling third-party access of a protected resource is disclosed.

Abstract: Identifier dependent operation processing of packet based data communication is provided. A natural language processor component can parse an input audio signal to identify a request and a trigger keyword. A content selector component can select, based on the request or trigger keyword, a content item. A link generation component can determine whether the client computing device has an account or a record in a database associated with the service provider device. In the absence of the record or account, the link generation device generates and sends a virtual identifier to the service provider device with instructions to generate an account in the database using the virtual identifier. Once the account is created, the service provider device can communicate with the client computing device.

Abstract: A computer-implemented method for incentivizing user behavior including identifying an action for a user to perform, providing the number of credits that can be earned by the user for performing the action, verifying that the user has carried out the action and awarding the credits to the user.

Abstract: It is provided a method for controlling access to an access object. The method is performed in an electronic key device and comprises the steps of: communicating with an access control device to obtain an identity of the access control device; sending an access request to a server, the access request comprising an identity of the electronic key device and the identity of the access control device; receiving a response from the server, the response comprising a key delegation to the electronic key device; and sending a grant access request to the access control device, the grant access request comprising the key delegation, to allow the access control device to evaluate whether to grant access to the access object based on a plurality of delegations comprising a sequence of delegations.

Abstract: A method for monitoring access to a user account comprises receiving a user account login status from a target service in response to a user login request, comparing the user account login status with an expected status value at a user apparatus, and on the basis of the comparison, performing at least one of: synchronising the status value at the user apparatus with the user account login status from the target service, and executing a user login update process at the user apparatus.

Abstract: A cloud-based server and a port monitor on a device provide authentication of a user to access print jobs on the server. An application may print or perform other operations from the cloud-based server to a printing device. The port monitor uploads data for a document to the cloud-based server. Once the data for the document is uploaded, a claim code is generated by the cloud-based server. The port monitor receives the claim code. The port monitor initiates the launch of a browser having a uniform resource locator (URL) address for the server along with the claim code. The user is authenticated using a login page and the claim code associated to the user to allow access to the document on the server.

Abstract: Hypervisor-independent reference copies of virtual machine payload data based on block-level pseudo-mount infrastructure and techniques are generated and stored in an illustrative data storage management system. An illustrative hypervisor-independent reference copy comprises one or more virtual-machine payload data files that originated from a first virtual machine. The hypervisor-independent virtual-machine-payload reference copy is governed by a distinct reference copy policy that controls retention, storage, tiering, scheduling, etc. for the reference copy, independently of how the illustrative system treats other virtual machine payload data files originating from the same virtual machine.

Abstract: Disclosed is an authentication management system including a custom credential provider installed on a computing device to support OS account authentication through an alternate authentication method that replaces an OS account authentication method supported by an operating system of the computing device, and an authentication management server communicably connected to the custom credential provider via a communication network to perform user authentication related to a user who attempts to OS account authentication using the alternate authentication information when the OS account authentication based on the alternate authentication information used in the alternate authentication method is attempted and transfer, to the custom credential provider, account authentication information necessary to perform OS account authentication according to the OS account authentication method supporting by the operating system or a seed value that is based on generation of the account authentication information when the

Abstract: Methods for commissioning a domestic appliance, as provided herein, may include the transmission and receiving of signals between the domestic appliance, a previously-commissioned appliance, a remote user-interface device, and a remote server such that a network credential for a local wireless network is transmitted from the previously-commissioned appliance to the domestic appliance.

Abstract: A method and apparatus for mixed-mode cloud/on-premise secure communication. The method includes commissioning an on-premise device, and connecting to web address via a client web browser using a name and a log in credential of a user; and verifying a login credential of a user at a cloud-based service and establishing communication with the client web browser if the login credential is authenticated, then permitting communication between the client web browser and the cloud based service.

Abstract: This application relates to a message processing method and apparatus, a storage medium, and a computer device. The method includes: receiving a session message associated with an interactive session of a social application; while rendering the session message in a session interface corresponding to the interactive session of the social application: identifying a child application identifier in the session message; invoking plug-in code corresponding to the child application identifier in the social application; obtaining, from the social application, shared data corresponding to the child application identifier using the plug-in code; and dynamically presenting the shared data in the session message.

Abstract: According to one aspect disclosed herein, a provider device can receive, from a requester device, a network access request requesting, on behalf of the requester device, access to a Wi-Fi network associated with a network provider and provided, at least in part, by a network device. In response, the provider device can prompt the network provider to accept or deny the requester device access to the Wi-Fi network. The provider device can receive input indicating that the network provider accepts the network access request, and in response to the input, can create a network access package that includes a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi. The provider device can encrypt the network access package to create an encrypted network access package.

Abstract: Methods and systems are provided for blockchain-based credential vault system (CVS). In one novel aspect, the CVS identifies a set of credential of a trustor, verifies each credential, and stores the verified credentials to a CVS blockchain database such that the authorized beneficiary can obtain the trustor credentials from the CVS. In one embodiment, the CVS authenticates a trustor request from a trustor, wherein a trustor record in the CVS is uniquely identified by a trustor identification in a blockchain-based database of the CVS, processes submission from the authenticated trustor to generate a set of canonical credentials using a recurrent neural network (RNN) model, performs credential verification for each generated canonical credential in the authenticated trustor submission, and appends each verified canonical credential to the trustor record in the blockchain-based database of the CVS.

Abstract: The invention relates to alternate user communication routing for a one-time credential. When a user is determined to be an unauthorized user, the unauthorized user may be provided with an alternative one-time credential (e.g., one-time password, or the like) in response to the user trying to take an action (e.g., to access the organization systems in order to access information). When the unauthorized user tries to utilize the alternative one-time credential, the organization may identify the user as unauthorized and determine how to respond to the unauthorized user. In addition to the alternative one-time credential, one or more additional alternate treatments may be presented to the unauthorized user in order to identify, track, and/or prevent access by the unauthorized user.

Abstract: An interactive library system comprised of a Processing Engine phase, a Presentation Engine phase, a Content Management phase, and a Content Editing/Reading pages phase, which work together in real time. The system, by providing a set of structures within an overarching database, provides the flexibility to build any data set (library) within an overarching data schema. The system proactively presents information to a user in real time as the system constantly scans to finds library matches to user text, saving the user from having to actively search and confirm information and greatly enhancing data handling capability. Further, each user has the flexibility to create a library most relevant to a user's particular position and needs, and select information for retrieval most useful to them.

Abstract: A system and method for translating and matching attributes in data records that describe travel items is provided. In an embodiment, a plurality of records is received from a plurality of data sources. Record parsing logic is used divide strings in the records into individual words and match single words in the plurality of records to attributes. Using the matched attributes, record comparison logic creates a confidence score that describes the likelihood that two records describe the same listing or inventory item. If the confidence score exceeds a given threshold, the records are determined to match. A consolidated record is then created from the two matched records.

Abstract: A method for changing a security credential, such as a password, for secure user authentication with respect to user access to an application is provided. The method includes: receiving, from a vault that is configured to periodically generate and change a credential for accessing the application, a current credential and a first future credential that is designated as a next credential; transmitting, to a user that has access to the vault, the current credential; when a first interval that corresponds to a periodicity of a changing of the credential elapses, receiving, from the vault, a message indicating that the current credential has expired and that the next credential has been redesignated as the current credential, and providing a newly designated next credential, and transmitting, to the user, a message indicating that the previous current credential has expired and providing the redesignated current credential.

Abstract: An industrial automation device with a token to be used as authentication information in information exchange between a first cloud service and the industrial automation device, a mobile device is connected to the industrial automation device and to a cloud service that is the first cloud service or a second cloud service. After authenticating the user of the mobile device to the cloud service, a token is generated by the cloud service to the first cloud service, and forwarded via the mobile device to the industrial automation device. If the cloud service that generated the token is the second cloud service, the token is forwarded via the mobile device, after the mobile has been authenticated in the first cloud service, the first cloud service. Thereafter the industrial automation device and the first cloud service may communicate directly with each other using the token for authentication.

Abstract: A method includes with a computing system, receiving an attribute within a managed configuration model, the attribute referencing a credential store and associated with a resource, with the computing system, in response to determining that the attribute includes both an alias and a clear-text password, determining whether there is a matching entry within the credential store, and in response to determining that the credential store does not contain a matching entry: creating a new entry for the credential store, wherein the new entry includes the clear-text password and is uniquely identifiable using the alias, and removing the clear-text password from the managed configuration model.

Abstract: Disclosed herein are system, method, and apparatus for assisted third-party password authentication. The method performed at a client device includes creating a secure connection from an inline frame associated with a first application on the client device to an authorization server for accessing a second application. The method includes identifying, by the inline frame, one or more events that represent inputs for a user authorization credential, and proxying, by the inline frame, the identified one or more events to the authorization server using the secure connection. The method includes receiving an authorization code from the authorization server in response to the proxying. The method includes redirecting, by the inline frame, the authorization code to the application on the client device. The method includes transmitting, from the client device to the authorization server, the authorization code to receive an access token for accessing the second application.

Abstract: An embodiment method includes: obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element.

Abstract: The present disclosure pertains to validation of runtime objects for a software deployment using a certificate. After creating the runtime objects during a build process, a certificate may be generated based on the runtime objects. The certificate may include a fingerprint of the runtime objects that may be used before deployment to determine whether the runtime objects have been changed. Before deployment, the runtime objects and the certificate may be obtained and the certificate may be validated. In addition, the runtime objects may be validated using the fingerprint included in the certificate. For instance, the fingerprint may be re-generating based on the runtime objects for deployment. The runtime objects may be validated by comparing the re-generated fingerprint to the fingerprint in the certificate. The runtime objects may be deployed if the certificate and the runtime objects are valid.

Abstract: Aspects of the present disclosure involve a system comprising a computer-readable storage medium storing a program and method for password protecting selected message content. The program and method provide for receiving selection of a content item shared between a first user and a second user, in association with a messaging application; receiving input indicating that access to the content item requires user authentication by the first user or the second user; and providing for access to the content item based on the user selection and the input.

Abstract: A symbol input method performed by a symbol input device having a display unit, a selector, and a determiner includes: displaying, by the display unit, a correspondence table indicating correspondences between input target symbols and selection target symbols and indicating that each of the input target symbols corresponds to one or more selection target symbols; ending the displaying by the display unit; prompting, by the selector, after the ending, a user to select one of the selection target symbols included in the displayed correspondence table; and determining, by the determiner, one input target symbol as a symbol to be input. The input target symbol is indicated in the displayed correspondence table and corresponds to the selection target symbol selected by the user in the prompting.

Abstract: The present disclosure describes methods and systems for establishing a Session Initiation Protocol Session. One method includes transmitting a first message requesting authentication configuration information; in response to the first message, receiving a second message that includes the authentication configuration information; transmitting a third message that includes authentication information based upon the received authentication configuration information; receiving an authentication challenge request that is formatted according to the second protocol; and in response to receiving the authentication challenge request, transmitting an authentication response to the second network node.

Abstract: Briefly, in accordance with one embodiment, a method and/or system for mobile identity authentication is disclosed. For example, mobile identity authentication may be employed in a variety of situations, including purchases, financial transactions, granted access to accounts, granting access to content, etc.

Abstract: Granting guest devices access to a network using out-of-band authorization including receiving, over an out-of-band network, a password for an in-band network from a guest device, wherein the password is generated on the guest device; storing the password received over the out-of-band network as an authorized password for the in-band network; receiving, from the guest device using an in-band protocol, a request to join the in-band network, wherein the request to join the in-band network comprises the password previously received from the guest device over the out-of-band network; and granting the guest device access to the in-band network based on a determination that the password received in the request to join the in-band network matches the password previously received from the guest device over the out-of-band network.

Abstract: Systems, methods, and computer-readable storage media configured according to this disclosure provide money services on a money services device such as a kiosk device, tablet device, mobile device, virtual reality device, mixed reality device and the like. An application runs on the money services device and communicates with remote services to perform profile management functions such as facilitating account log-in and allowing users to log-in using mobile messaging. Other services such as verifying the user's ID via an account management service may also be provided.