Abstract: Customers at a premises attempting to connect a new wireless device, such as a mobile phone or tablet to an available wireless network (Wi-Fi), receive network login information such as an Wi-Fi SSID (service set identification) and Password through a system generated equivalent QR code that can then be scanned to automatically connect to the Wi-Fi network. The system receives a request for Wi-Fi settings at a premises, identifies customer equipment associated with the premises, identifies an Wi-Fi SSID (Service Set Identification) and password associated with the customer equipment, generates a QR (Quick Response) code representing the Wi-Fi SSID and password, sends the QR code to one or more devices associated with the premises for display and subsequent scanning at the premises.

Abstract: A telecommunications network server system provides a digital identifier to a user device. The digital identifier may include identification data corresponding to a user of the user device. In addition, the telecommunications network server system receives, from one or more third-party systems, requests to authenticate the user for an electronic transaction with the respective third-party system. The telecommunications network server system provides a unique electronic transaction code to each third-party system. Responsive to receiving from the user device one of the unique electronic transaction codes, the telecommunications network server system provides, to the respective third-party system, authentication of the user.

Abstract: The present teaching relates to method, system, medium, and implementations for authenticating a user. A first request is received to set up authentication information with respect to a user, wherein the first request specifies a type of information to be used for future authentication of the user. It is determined whether the type of information related to the user poses risks based on a reverse information search result. The type of information for being used for future authentication of the user is rejected when the type of information is determined to pose risks.

Abstract: Embodiments described herein provide a system for facilitating dynamic content distribution in an enterprise environment. During operation, the system determines a set of logical groups based on a set of grouping criteria. A respective logical group can include one or more devices managed by a controller and a network that provides connections among the one or more devices. The system categorizes the set of logical groups based on exogenous information associated with a respective logical group and determines a corresponding condition of measurement for a respective category of links in the enterprise environment. The system then schedules a link for measurement based on the condition of measurement and the categorization of the set of logical groups.

Abstract: A method for pervasive resource identification includes receiving an authentication request from a first application service. The authentication request requests authentication of a user of a user device. The method includes obtaining device information associated with the user device of the user and generating a unique opaque identifier for the user device based on the device information. The method includes obtaining authentication credentials from the user device. The authentication credentials verify an identity of the user. In response to receiving the authentication credentials from the user device, the method includes generating an authentication token and encoding the unique opaque identifier into the authentication token. The method also includes transmitting the authentication token to the first application service.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: The present disclosure describes systems and methods for augmented reality inventory tracking and analysis that identifies devices based on a combination of features, retrieves a configuration or other characteristics of the selected device and presents the configuration as a rendered overlay on a live image from the camera.

Abstract: Systems and methods for linking an authentication account to a device may include processor(s) to maintain a plurality of authentication profiles, each authentication profile corresponding to a respective user and including at least one profile image, an immutable identifier, and authentication data used to authenticate the respective user. The processor(s) may receive a request including the device key, an immutable identifier, and a biometric image captured by a camera of a client device. The processor(s) may identify a subset of authentication profiles having respective immutable identifiers that match the immutable identifier from the request. The processor(s) may compare feature(s) extracted from the biometric image of the request to features extracted from the a profile image of the subset of authentication profiles, and link the device key of the client device with an authentication profile in a data structure to register the client device with the authentication server.

Abstract: Systems and methods for improved security authentication are disclosed. In some embodiments, an improved system for security authentication may include a plurality of computing devices, and a server system communicatively coupled to the plurality of computing devices. The server system may be configured to receive a request for security authentication, determine an authorization providing computing device from among the plurality of computer devices based on authentication preferences stored in a database communicatively coupled to the server system, generate and transmit authentication information to the determined authorization providing computing device, receive, from an initiating computing device an authentication input, determine whether the received authentication input matches the transmitted authentication information, and complete the request for security authentication when the received authentication input matches the generated and transmitted authentication information.

Abstract: The present disclosure relates to systems and methods to generate user or user group behavior similarities based on computing distances between individual users or user groups and without using demographic data, e.g., based on anonymized data. The methods include creating a multidimensional vector representation for each user in a group by summarizing user's behaviors across various categories. Based on the created vectors, distance calculation and nearest neighbor search are performed to locate users that are most similar to target users. The resulting distance metrics may be used to rank similarities. Additionally, dimensionality reduction may be performed to further distill the behavior information to make the disclosed methods suitable for a variety of analytics and modeling tasks.

Abstract: Example methods, apparatuses, and systems are presented that allows a user to make a secure purchase online, directly through accessing an online advertisement and without being redirected to multiple, cumbersome webpages to process different pieces of information to complete the transaction, while still leveraging existing e-commerce entities, such as existing payment platforms and existing ad/content networks. The present system includes a commerce ads engine (CA engine) that interfaces with the user through an app associated with the CA engine, a tokenization platform for authentication of the user, and a merchant providing relevant offer and check out information about a product being advertised in an online ad.

Abstract: A method for enhanced website navigation comprises receiving a first web page at a web browser, parsing the HTML of the web page to identify a favicon, associating the favicon with a link to a second web page and displaying the first web page in the browser window in a browser tab that includes the favicon. The method further includes listening for a user interface event with respect to the favicon portion of the tab and navigating to the second web page based on the user interface event with respect to the favicon portion of the tab.

Abstract: A printer has a function of restricting a number of printing during a particular period for each user ID. When printing is performed, a computer updates a counter value of the number of printing associated with a user ID corresponding to the printing, and restricts printing corresponding to the user ID when the counter value reaches an upper limit. When an individual operator is operated in an administrator PC, the computer initializes the counter value associated with the user ID corresponding the individual operator.

Abstract: Disclosed herein are methods, devices, and systems for provide a new two-factor or user authentication procedure. In a scenario in which a user is enrolled in the verification system, a method can include receiving, at a network-based server, a unique identifier associated with a user that desires to access a service from an application or a website, identifying a typing profile associated with the unique identifier and presenting a reference text on a user device of the user. The method can include receiving a typing pattern of the user and determining whether there is a match between the typing pattern and one or more previously recorded typing patterns for the user. When the determination indicates that the user is verified, the method includes presenting a one-time password on a display of the user device. The user enters the one-time password into an input field and validating, via the network-based server, the one-time password.

Abstract: Cloud storage systems and methods are described for providing event-based user state synchronization among the various cloud elements. A global user directory is maintained on a remote cloud storage system. The global user directory includes a plurality of global user definitions associated with a plurality of user accounts, where each of the user accounts has access to at least one of a remote file system hosted by the remote cloud storage system and a local file system hosted by a local cloud storage system. As global user definition are altered on the remote cloud storage system, user events are generated and communicated to the local cloud storage system, where they are applied to synchronize the local user definitions with the global user definitions. The invention facilitates centralized control of user definitions, near real-time event delivery to local cloud storage systems, and separation of authentication processes from customers' active directory services.

Abstract: A computer-implemented process, computer program product, and system for dynamic change of a password under a brute force attack. A computer processor determines a quantity of consecutive unsuccessful attempts to access the targeted item protected by a password. Responsive to the quantity of consecutive unsuccessful attempts to access the targeted item exceeding a predefined threshold, the computer processor acquires a new password for access to the targeted item, wherein the new password is based on a more complex set of password generation rules than a current password. The computer processor changing the current password of the targeted item to the new password, and in response to changing the current password of the targeted item to the new password, the computer processor sends an encrypted message regarding the new password to a user associated with the targeted item.

Abstract: A method for determining a behavior of a smart card, which may be implemented by a server. The method includes operations for obtaining a first reference time data corresponding to a time for setting a smart card clock, and a second reference time data corresponding to a time for reading a first time data from the clock, determining a time drift associated with the smart card based on the first reference time data and on the second reference time data, and determining a behavior of the smart card from the time drift.

Abstract: An approach for improving endpoint security. The approach requests security capabilities from endpoints of communications. The approach can analyze the differences between the security capabilities of the endpoints. The approach can negotiate a security capability supported by the endpoints of the communication. The approach can determine if the negotiation succeeded. If the negotiation failed, then the approach can create a report describing capabilities of the endpoints and suggesting changes to improve the endpoint security. The approach can send the report to the appropriate interested personnel.

Abstract: First data indicating performance of authentication that is performed by a first apparatus that performs authentication based on an electronic key acquired from a mobile apparatus is acquired, and second data including an operation command for a second apparatus is generated based on the first data, and the second data is transmitted to the second apparatus.

Abstract: A service processing method, apparatus, and storage medium of a blockchain system are provided. The service processing method includes obtaining authentication information of a service participant; determining whether data in the authentication information of the service participant is updated; generating, based on the data in the authentication information of the service participant being updated, a notification message according to the updated data; and transmitting the notification message to a service processing node subnetwork, the notification message instructing one or more service processing nodes in the service processing node subnetwork to process a service request according to updated authentication information of the service participant.

Abstract: A method for joining an association that includes receiving, by a first cluster, an association access credential and a unique address of an association manager, generating, based on the association access credential, an association access request, sending, to the unique address, the association access request, receiving, in response to the sending, association information, and initiating, based on the association information, a connection to a second cluster in the association.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of synthetic authentication questions by analyzing third party account data. A request for access to a first account associated with a user may be received. The first account may be managed by a first organization. A transactions database might be queried for first account data. Second account data corresponding to a second account associated with the user might be received. That second account may be managed by a second organization different from the first organization. One or more second transactions, unique to the second account, may be identified. A synthetic transaction, configured to be different from transactions in the first account and the one or more second transactions, may be generated. An authentication question may be generated based on the synthetic transaction. Access to the first account might be provided based on a response to the authentication question.

Abstract: Disclosed are embodiments for authentication and authorization in a 5G network between an edge enabler client (EEC) of a UE and an edge configuration server (ECS). The embodiment include performing primary authentication with the 5G network to obtain a KAUSF; generating a Kedge and a Kedge ID using the KAUSF and a subscription permanent identifier (SUPI); providing the Kedge and the Kedge ID to the EEC to cause it to compute a MACEEC using the Kedge and an EEC ID; and sending to the ECS an application registration request, the application registration request including the EEC ID, MACEEC, and Kedge ID.

Abstract: Systems and methods include establishment of a first database session with a first database user, determine first session variable values associated with the first database session, the first session variable values including a first tenant value, determine a first workload class based on the first tenant value and on zero or more of the other first session variable values, the first workload class including first parameter values specifying first resource consumption limits, and manage resource consumption of the first database session based on the first parameter values.

Abstract: A communications device (100) for classifying an instance (110) using Machine Learning (ML) is provided. The communications device is operative to acquire a feature vector representing the instance, classify the instance using a local first ML model, calculate a confidence level, and, if the calculated confidence level is less than a threshold confidence level, acquire information identifying one or more other communications devices, and transmit a classification request message comprising the feature vector to the one or more other communications devices.

Abstract: A memory module includes one or more programmable ECC engines that may be programed by a host processing element with a particular ECC implementation. As used herein, the term “ECC implementation” refers to ECC functionality for performing error detection and subsequent processing, for example using the results of the error detection to perform error correction and to encode corrupted data that cannot be corrected, etc. The approach allows an SoC designer or company to program and reprogram ECC engines in memory modules in a secure manner without having to disclose the particular ECC implementations used by the ECC engines to memory vendors or third parties.

Abstract: A system and a method are disclosed for providing recommendations for sets of security operations for improving security of documents created or executed within an online document system. A supplier entity may select sets of security operations to be performed for a request provided to a signing entity. The online document system computes an aggregate measure of security for the selected sets of security operations and compares it to a threshold measure of security. If the aggregate measure is less than the threshold measure, the online document system uses a machine-learned model to identify additional sets of security operations that when added, results in an updated aggregate measure of security greater than the threshold. The additional sets of security operations are presented to the supplier entity for inclusion within a security operation workflow in combination with the selected sets of security operations.

Abstract: Systems and methods authenticate an end user of an enterprise with an external service provider. The enterprise comprises an identity provider and an entitlements data store that communicate via web services calls. The identity provider makes a determination of whether an end user is authorized to access the external service provider based on: (i) authentication of the end user by the identity provider; and (ii) data from the entitlements data store for the end user with respect to the external service provider. Upon a determination by the identity provider that the end user is authorized to access the external service provider, the identity provider send a SAML token to the end user. The SAML token comprises an XML representation of entitlement information for the end user for the external service provider.

Abstract: Device-side, translator functions may be authenticated by elements of a 5G core network before communications involving such functions are allowed to occur, or continue to occur.

Abstract: Systems and methods are provided for use in responding to attribute queries related to identifying information for a user. One exemplary method includes receiving a request for an identity code for a user associated with identifying information, where the identifying information includes multiple attributes of the user, and generating the identity code and transmitting it to a computing device associated with the user. The method then includes receiving an identity request for the user from a requesting party including the identity code and at least one query related to at least one of the multiple attributes of the user, identifying the user based on the identity code, compiling a response to the at least one query based on the identifying information of the multiple attributes of the user, and transmitting the response to the requesting party.

Abstract: A method including transmitting, based on verifying first biometric information, a first decryption request including an encrypted first cryptographic key in association with a first identifier to indicate that the encrypted first cryptographic key is to be decrypted by utilizing a first master key; decrypting, based on receiving a decrypted first cryptographic key, first factor authentication information to enable determination of a first factor; transmitting the first factor for authentication; transmitting, based on successful authentication of the first factor and on verifying second biometric information, a second decryption request including an encrypted second cryptographic key in association with a second identifier to indicate that the encrypted second cryptographic key is to be decrypted by utilizing a second master key; decrypting, based on receiving a decrypted second cryptographic key, second factor authentication information to enable determination of a second factor; and transmitting the second

Abstract: There is provided mechanisms for handling a subscription profile for a subscriber entity. A method is performed by a subscription management entity. The method comprises obtaining a request from a mobile network operator entity to configure the subscription profile for the subscriber entity. The method comprises configuring the subscription profile with a customized PIN/PUK code for the subscriber entity. The method comprises providing an indication of the customized PIN/PUK code being configured in the subscription profile in a response to the mobile network operator entity.

Abstract: Disclosed are various embodiments for resetting security credentials for an authentication management client on a client device. In one non-limiting example, the authentication management client is configured to receive encrypted account data associated with a user from an authentication management service and decrypt the encrypted account data using a master security credential. The decrypted account data is stored as client account data associated with the client device. The authentication management client is configured to receive a request to reset a plurality of security credentials in the client account data. At least one of the plurality of security credentials in the client account data are reset.

Abstract: A method may include collecting from each of multiple endpoint devices a set of anonymized interactions of the corresponding endpoint device with other endpoint devices. Each anonymized interaction in the set of anonymized interactions may be based on an ephemeral unique identifier of another endpoint device involved in a corresponding anonymized interaction with the corresponding endpoint device. The method may include, for each endpoint device, resolving identities of the other endpoint devices with which the corresponding endpoint device has interacted from the corresponding set of anonymized interactions.

Abstract: A vehicle or a mobile device within or near the vehicle can have multiple sensors to sense biometric features of a user or driver, and electronic circuitry (such as a computing system) can classify the user or driver according to the sensed biometric features. Also, non-biometric factors of the user or driver or of the mobile device of the user or driver can be used to classify the user or driver, e.g., MAC address, RFID, username and password, PIN, etc. Also, factors from interaction with a user interface of the vehicle or the mobile device can be used to classify the user or driver. Such features and factors can be used alone or in combination for the classification, and the classification can use AI (such as an ANN). The vehicle or the mobile device can then selectively enable or disable features of the vehicle based on the classification.

Abstract: There is provided a method that comprises receiving one or more unique passwords for identifying respective one or more user devices of the wireless local area network; associating the one or more unique passwords with the respective one or more user devices and storing the one or more unique passwords to a database; in response to receiving, at an access point of the wireless local area network, a connection request from a user device, requesting, from the user device, a unique password of the user device; and identifying the user device based on the unique password.

Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.

Abstract: Methods, systems, and computer-readable media for single-packet authorization using proof of work are disclosed. An access control service receives, from a client, a single-packet authorization (SPA) request. The (SPA) request comprises output of a proof-of-work task, wherein completion of the proof-of-work task requires computational resources or memory resources of the client. The access control service performs verification of the output of the proof-of-work task using fewer computational or memory resources of the access control service than were used by the client. In response to determining that verification of the output of the proof-of-work task succeeds, the access control service performs authentication of the SPA request. In response to determining that authentication of the SPA request succeeds, the access control service allows access by the client device to a service.

Abstract: A method for rendering results of an audit includes receiving data corresponding to the results of the audit. The data includes an image to be rendered on a display screen of an electronic computing device. The data includes one or more insights derived from the results of the audit. A user of the electronic computing device is identified. The image is rendered on the display screen. One or more insights derived from the results of the audit are rendered on top of the image on the display screen. A content of the one or more insights derived from the results of the audit that are rendered on top of the image on the display screen is dependent upon the identity of the user of the electronic computing device.

Abstract: Systems and methods for encoded communications are disclosed. In some embodiments, a server system may be configured to receive a communication from a user interface at an encoded communication module that includes an artificial intelligence based natural language processing module, determine whether the received communication is an encoded communication, decode the encoded communication to generate a financial query when it is determined that the received communication is an encoded communication, retrieve financial data associated with the user, determine an answer to the financial query based on the retrieved financial data, encode the determined answer to generate an encoded responsive communication, and transmit the generated encoded responsive communication to the user interface for providing to a user of the user interface.

Abstract: Disclosed embodiments relate to providing dynamic and least-privilege access to network resources. Techniques include receiving a request from a network identity to access a network resource, authenticating the network identity using a native client and communication protocol, authorizing the network identity based on one or more access policy, generating a least privilege ephemeral account having ephemeral credentials, accessing the network resource using the ephemeral credentials, and enabling the network identity to access the network resource using the least-privilege ephemeral account using the native client and communication protocol. The techniques may further include matching an existing account to the network identity based on the one or more access policy and enabling the network identity to access the network resource using the matched existing account using the native client and communication protocol.

Abstract: Disclosed herein is an identity network that can provide a universal, digital identity for users that can be used to authenticate the user by an identity provider for relying parties. The identity network receives a request from a relying party that includes deep linking to an identity provider selected by the user. The request specifies the user as well as any other information about the user the relying party is requesting. A service of the identity network launches the application for the identity provider on the user's device using a software development kit. The user can log into the identity provider's application, which validates the user and provides the user authentication/validation and information about the user to the identity network. The identity network can then provide the indication of the user's authentication and the user information to the relying party.

Abstract: Aspects of the disclosure relate to a system and method for securely authenticating a device via token(s) and/or verification computing device(s). A verification computing device may generate a pseudorandom number or sequence. Based on the pseudorandom number or sequence, the verification computing device may select a first plurality of parameters associated with a user of a device to be authenticated. The verification computing device may transmit, to the device, the pseudorandom number or sequence, and the device may select a second plurality of parameters. The device may generate a token based on the second plurality of parameters. The device may send the token to another device, and the other device may send the token to the verification computing device. The verification computing device may authenticate the device based on the token.

Abstract: Methods, systems, and media for recovering identity information in verifiable claims-based systems are provided.

Abstract: A method for providing secure single sign on includes receiving a first data object from an application hosting server, the first data object indicating at least a service provider name and identifying a configuration file corresponding to the service provider name, wherein the configuration file includes at least trusted identity information. The method also includes determining, using the configuration file corresponding to the service provider name, whether the first data object is valid and, in response to a determination that the first data object is valid, generating a response message.

Abstract: A computing device includes a memory and a processor to provide a web application to be accessed by a client device, receive from a camera images of a person at the client device, and analyze the images to determine that security of the web application is being compromised by the person based on the images. The processor provides at least one action to be taken by the client device in response to analysis of the images. The at least one action is to modify access of the client device to the web application.

Abstract: Methods and apparatus are disclosed for the maintenance of a virtual credit card pool for airline passenger vouchers. An example system includes server(s) that are configured to determine a target distribution of virtual credit cards within the virtual card pool for a current date-and-time. The server(s) are configured to, in response to determining that the current date-and-time corresponds with a predefined restocking time, for each card value: identify a current number of virtual credit cards within the virtual card pool; identify a threshold number of virtual credit cards based on the target distribution; compare the current and threshold numbers; in response to determining that the current number is less than the threshold number, transmit a request for virtual credit cards having the card value to an external server; and add the requested virtual credit cards to the virtual card pool upon receipt.

Abstract: A method of monitoring access to a lounge is provided herein. The method includes identifying a user using a device and determining an assigned location associated with the user. The method also includes determining a current location associated with the user and comparing the assigned location and the current location. If the comparison is valid, the method further includes determining a geofence associated with the user and the device, and monitoring whether the device is within the geofence.

Abstract: In some implementations, a first network device may receive an authorization request associated with a user device connecting to a network associated with first network device. The first network device may redirect the authorization request toward a second network device associated with a second service provider. The first network device may determine, based on a response to the authorization request, that the user device is subscribed to a service provided by the second service provider and that the user device is not authorized to connect to the network. The first network device may provide a temporary service to the user device to enable the user device to connect to the network for a limited period based on the user device being subscribed to the service provided by the second service provider and the user device not being authorized to connect to the network.

Abstract: In one aspect, an example methodology implementing the disclosed techniques includes, by a computing device, responsive to a user requesting authorization to access an application, segmenting a string of content into a plurality of substrings of different lengths, the string of content being an input to access the application. The method also includes, responsive to a determination that data in a first data structure represents a first substring of the plurality, identifying a length of another substring and at least one type of character present within that substring based on the data in the first data structure, determining a risk of unauthorized use of the string of content based on the identified length and the at least one type of character present within that substring, and allowing access to the application using the string of content based on the determined risk.