Abstract: Systems and methods for authenticating a user may include transmitting a request for a first set of information after validation of authentication information; receiving a response comprising the first set of information; parsing the first set of information using one or more template-based algorithms by scanning one or more websites to determine publicly available information associated with a user; comparing compare one or more results of the parsing with a second set of information to yield compromised information associated with the user; eliminating one or more portions of the second set of information based on the comparison; presenting a third set of information to authenticate the user based on the elimination and by supplementing the first set of information with a fourth set of information; and presenting a fifth set of information to authenticate the user if the third set of information fails to reach a predetermined threshold number.

Abstract: A computer processing system configured to effectuate lower-order masking in a higher-order masked design that includes a DOM Multiplication gate of order M operably configured to receive M+1 data shares for each of a plurality of variables and operably configured to perform a lower order masking of N. As used herein, M is greater than N, by disabling at least one cross-domain computation of the M+1 data shares between N+1 data shares and M?N data shares. To that end, the system and method of effectuating lower-ordered masking in a higher-order masked design beneficially by being operable to disable cross-domain computations to perform the lower-order masked operations.

Abstract: Systems and methods for securing data transmissions using distance measurements are disclosed. A mobile device (such as a smart phone) and a base station can use ultra-wideband technology to determine the distance between the two devices. The distance measurements produced by the mobile device and the base station can be compared, directly or indirectly by the mobile device, the base station, and/or an access device to determine whether the mobile device is present at an access device or if the mobile device is not present at the access device (as expected during a relay attack). If the mobile device is not present at the access device, the access device can prevent or cancel an interaction based on the data transfer (e.g., opening a locked door of a secure building in response to receiving an access credential from the mobile device).

Abstract: Computer-implemented methods and systems are provided for the detection of software presence remotely through the web browser by detecting the presence of webinjects in a web browser that visits a detection webpage. The methods can include delivering a detection webpage to a web browser, in which the detection webpage has detection code configured to detect a presence of the webinject in the detection webpage; and inspecting, by the detection code, rendering of content of the detection webpage in the browser to detect webinject content in the detection webpage by the webinject, the webinject content including one or more Hypertext Markup Language (HTML) components. The method can further include, if webinject content is detected, generating a fingerprint for each of the one or more HTML components; transmitting the one or more fingerprints to an external server; and classifying, by the external server, the webinject based on the one or more fingerprints.

Abstract: Low power devices are able to utilize encryption in communication. Low power devices typically cannot send/receive large amounts of data since sending/receiving more data uses more power. Implementing a key exchange with a small encrypted payload enables secure communication between the devices. A one-way data stream is implemented. The one-way data stream is able to be encrypted.

Abstract: The present application relates to a method for managing and controlling a system permission, a data center, a management and control apparatus, and a storage medium. The method for managing and controlling a system permission includes: obtaining personnel change information, wherein the personnel change information includes personal information of a changed person and information about a position change mode of the changed person; obtaining a current permission interface of the changed person based on the personal information; determining, based on the permission interface, whether the changed person has an operation permission for a current object system; if the changed person has the operation permission for the current object system, determining whether the position change mode of the changed person is transfer; sending a notification message if the position change mode of the changed person is the transfer.

Abstract: Embodiments of the present invention provide a system for establishing a secure session to authenticate DNS requests via dynamically configurable trusted network interface controllers. The system is configured for receiving a DNS request from a first device, wherein the DNS request comprises a unique authentication package, wherein the unique authentication package comprises encrypted data, in response to receiving the DNS request, initiating a handshaking protocol with the first device, establishing a handshaking session with the first device based on the encrypted data using the handshaking protocol, receiving a query associated with the DNS request, wherein the query is generated using a handshaking algorithm associated with the handshaking protocol, and performing at least one action in response to receiving the query.

Abstract: Disclosed are various embodiments for managing voice-driven application. In one embodiment, among others, a system includes a computing device and program instructions. The program instructions can cause the computing device to initiate a management session between a voice application service and a management service based on receiving a first request from the voice application service. The program instructions can cause the computing device to initiate an application session between a voice-driven application and the management service based at least in part on a second request received from the voice application service. The program instructions can cause the computing device to enforce a compliance policy on a data request for the voice-driven application. The data response can be transmitted to the voice application. The voice application service can provide the data response to the client device for playback.

Abstract: In certain embodiments, a physical network access token at a network access terminal may be authenticated for modification of records at a remote server system. In some embodiments, a set of records and counterpart records having the same record identifiers and resource amounts may be stored independently on a physical token or user device and the remote server system. When a connection is established between an access terminal and the physical token (e.g., for authenticating a modification of record(s)), the access terminal may transmit input data to the token, which may use the input data with the records stored on the token to generate authentication data, which may be used by the remote server to authenticate a network action requested via the token.

Abstract: A container image builder determines that a first container image is to be built. The container image builder initiates a build container from a build container image. The build container identifies a first dependency to be incorporated into the first container image. The build container accesses vulnerability data that identifies a plurality of dependencies that have one or more vulnerabilities. Based on the vulnerability data, it is determined that the first dependency is devoid of vulnerabilities. In response to determining that the first dependency is devoid of vulnerabilities, the first container image is generated to include the first dependency.

Abstract: Systems, methods, and devices configured to build and utilize an intelligent cipher transfer object are provided. The. intelligent cipher transfer object includes a set of participants protected by cloaking patterns. A portable dynamic rule set, which includes executable code for managing access to the protected set of participants, is included within the intelligent cipher transfer object. For a given user, the intelligent cipher transfer object may provide access to some of the participants while preventing access to other participants, based on the portable dynamic rule set therein.

Abstract: Systems and methods are described for managing digital rights. A transaction may be generated and may comprise an identifier and a decryption key. The decryption key may be configured to decrypt at least a portion of an encrypted content asset accessible by one or more user devices. The transaction may be caused to be stored in a distributed database.

Abstract: Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a requesting system, a data access request. After authenticating the requesting system, the computing platform may load, using a first data container, first source data from a data track. The computing platform may send the first source data to a second data container. Then, the computing platform may load, using the second data container, second source data from the data track and may produce a first combined dataset. The computing platform may send the first combined dataset to a third data container. Subsequently, the computing platform may load, using the third data container, third source data from the data track and may produce a second combined dataset. Thereafter, the computing platform may send, to the requesting system, the second combined dataset.

Abstract: An image sending apparatus includes a first authentication unit configured to perform processing for first authentication to authenticate a user, a storage unit configured to store authentication information used when the first authentication unit authenticates the user, a sending unit capable of sending image data by a plurality of kinds of sending methods, a destination setting unit configured to set a destination to which the sending unit sends the image data, a second authentication unit configured to perform processing for second authentication required for the sending unit to send the image data to the destination set by the destination setting unit, and a determination unit configured to determine whether to use the authentication information stored in the storage unit when the second authentication unit performs the processing for the second authentication, based on the sending method by which the sending unit sends the image data to the destination.

Abstract: Various embodiments of the present disclosure provide techniques for facilitating a credential-less exchange over a network using a plurality of identifier mapping and member interfaces. The techniques may include initiating the presentation of an enrollment user interface via a client device of a user and receiving selection data indicative of a selection of a service provider instrument from the enrollment user interface. The techniques include generating a matching code for authenticating the user, providing the matching code to a service provider platform, and receiving the matching code from a partner platform. In response to an authentication of the user based on the matching code, the techniques may include generating an UUEK for the user that may be used to replace persistent credentials.

Abstract: Once a new session of data packets is detected, whether to proxy encrypt the data packets, on behalf of a specific headless endpoint device from the plurality of headless endpoint devices for a session, is determined based on analysis of payload data of a data packet from a session. Responsive to a determination to proxy encrypt data packets, encryption attributes are set up between a local data port on the network device and a remote data port on a remote network device as parsed from a header of the data packet. Outbound and inbound data packets of the session secure OSI layers 4 to 7 of the outbound data packets of the session are encrypted, according to the encryption attributes, without interference to OSI layers 1 to 3.

Abstract: Systems and methods are for content security may comprise transmitting a request for authorization to access secured content. A content key for the secured content may be received and stored to a restricted region of a memory. A device security module may have access to the restricted region and may decrypt, based on satisfaction of a use condition and using the content key, the secured content. An encryption key associated with a secure media system authorized to access the secured content may be received. The device security module may encrypt, using the encryption key, the secured content and route the secured content to the secure media system.

Abstract: A system, apparatus, method, and machine-readable medium are described for endorsing authenticators. For example, one embodiment of an apparatus comprises: a first instance of an authenticator associated with a first app to allow a user of the first app to authenticate with a first relying party; a secure key store accessible by the first instance of the authenticator to securely store authentication data related to the first app; and a synchronization processor to share at least a portion of the authentication data with a second instance of the authenticator associated with a second app to be executed on the apparatus.

Abstract: A system and method in accordance with example embodiments may include systems and methods for a cloud-based analytics platform. The cloud-based analytics platform may allow the manual and automatic uploading to and/or downloading from a cloud server. The platform may include single sign-on (SSO) capabilities such that a user may have one set of credentials to access data from the cloud-based analytics and/or data stored locally. The platform may include data validation and processing in order to provide real-time feedback on uploads based on file type, file size, access rights, extracted data, and transformed data.

Abstract: Techniques are disclosed relating to the communication between server systems located in different network regions. For example, in some embodiments, a first server system located in a first network region may receive a request to perform a first operation for a user, where the request includes an alias value for the user. The first server system may determine, based on the alias value, that the user is not associated with the first network region. In response, the first server system may access an alias map that specifies encoded versions of alias values that are in use across multiple different network regions and, using the alias map, determine that the user is associated with a second network region. The first server system may then route a communication corresponding to the request to a second server system that is located in the second network region.