Abstract: A method for facilitating a user to subsequently access, via an application executed by a user device of the user, an account for one or more services provided by a service provider, wherein said access is controlled based on biometric verification of the user performed, at least in part, at the user device, wherein the method comprises: obtaining reference data from a storage device, wherein the storage device stores biometric data for the user suitable for use in the biometric verification of the user, and wherein the reference data is suitable for use in one or both of: (a) subsequent access of the biometric data from the storage device and (b) authentication of the biometric data; and providing the reference data to an access system used by the service provider so that the access system can associate the reference data with an identifier associated with the user.

Abstract: A method in a network node of a communication network configured to manage command messages from at least one Machine Type Communication, MTC, device manager intended for an MTC device, comprises receiving command messages from the at least one MTC device manager, step (201). One or more command messages are merged into an MTC device message that comprises at least one command message, step (203). Originator information is associated with each command message in the MTC device message, step (205). The MTC device message is sent to an MTC device. The network node may further perform the steps of receiving an MTC device message from an MTC device, the MTC device message comprising at least one response message, step (301).

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

Abstract: A voice assistant requests a first terminal among a plurality of terminals to execute an authentication process, receives a result of the authentication process from one of the plurality of terminals, and transmits the result of the authentication to a service providing system as response to the authentication request in a case in which an authentication request is accepted from the service providing system. Each of the plurality of terminals executes a biometric authentication process using user's biometric information read by the biometric information sensor using an authenticator if a request from the voice assistant is received and responds to the voice assistant with a result of the biometric authentication process. The voice assistant requests a second terminal other than the first terminal among the plurality of terminals to execute an authentication process if a predetermined condition is satisfied after requesting the first terminal to execute the authentication process.

Abstract: Embodiments of the present invention disclose a privacy protection method, a mode switching apparatus, and a terminal device. The method includes: receiving an input operation of a user; identifying the input operation and extracting an action feature; performing matching in an instruction library according to the action feature, and when the matching succeeds, generating instruction information corresponding to the action feature; determining a protection mode of the terminal device according to the instruction information, and determining an application that subscribes to the protection mode in the terminal device; and controlling display of the application according to the protection mode of the terminal device.

Abstract: Described is a system for anonymous job allocation and majority voting in a cloud computing environment. The system broadcasts a job to physical nodes, each of the physical nodes having a control operations plane (COP) node and one or more service nodes associated with the COP node. A set of redundant job assignments is distributed to individual COP nodes pursuant to a private job assignment schedule, such that each individual COP node is only aware of its own assignment and corresponding job. The service nodes execute the job assigned to the COP nodes such that the service nodes each complete a task associated with the job and forward an individual result to their associated COP node. A privacy-preserving result checking protocol is performed amongst the COP nodes such that secret shares of a majority result are obtained and the majority result is provided to a client.

Abstract: Systems and methods herein can provide device-specific access to an e-mail server, including an EWS-based e-mail server. In an example, a management server controlled by a system administrator provides device identification information to a user device and to a tunnel server. The management server also provides a custom request identifier to the tunnel server, and provides instructions to the e-mail server to allow access for requests including that custom request identifier. The tunnel server receives a request from the user device, rewrites the request to include the custom request identifier, and passes the request to the e-mail server.

Abstract: In response to a radio link failure between given user equipment and a source access node of a communication system during a data transfer operation over a control plane, a method is provided for recovering the radio link for the given user equipment through a target access node of the communication system. The radio link recovery is enabled via a mobility management node of the communication system using a non-access stratum security context previously established between the given user equipment and the mobility management node.

Abstract: Disclosed herein are systems and methods for generating a request for information on a file to perform an antivirus scan. In one aspect, an exemplary method comprises, intercepting the file, synchronously calculating a first hash of a portion of the file, searching in a verdict cache, when the hash is found, determining whether the hash belongs to a list of malicious files, when it belongs to the list of malicious files, synchronously calculating a second hash, searching for the second hash in the verdict cache, and pronouncing a final decision as to harmfulness of the file, when the first hash does not belong to the list of malicious files, granting access to the file, asynchronously generating a request for information about the file, calculating a second hash, searching for the information in a verdict cache, and pronouncing a decision as to harmfulness of the file.

Abstract: A method for accessing functions of an embedded device, for example a controller programmable from memory, wherein function blocks of the embedded device are assigned to at least two hierarchically superimposed levels, an access to a function block of the embedded device occurs from outside of the embedded device by a data interface, and for access an authentication must occur for the level to which the respective function block is assigned, and again for each individual level above the level to which the function block is assigned, to permit execution of a function of the function block, wherein the functions of the function blocks permit access to a firmware of the embedded device.

Abstract: A tracing mechanism is provided for analyzing session-based attacks. An exemplary method comprises: detecting a potential attack associated with a session from a potential attacker based on predefined anomaly detection criteria; adding a tracing flag identifier to a response packet; sending a notification to a cloud provider of the potential attack, wherein the notification comprises the tracing flag identifier; and sending the response packet to the potential attacker, wherein, in response to receiving the response packet with the tracing flag identifier, the cloud provider: determines a source of the potential attack based on a destination of the response packet; forwards the response packet to the potential attacker based on the destination of the response packet; and monitors the determined source to evaluate the potential attack. The response packet is optionally delayed by a predefined time duration and/or until the cloud provider has acknowledged receipt of the notification.

Abstract: Concepts and technologies are disclosed herein for managing access based on activities of entities. A computing device can collect data that comprises an image. The computing device can identify an entity that is located in a range of a sensor. The computing device can determine an identity that is associated with the entity and an activity associated with the entity. The computing device can obtain a trust indicator associated with the entity. The computing device can determine, based on the trust indicator, if the activity should be allowed. If the computing device determines that the activity should be allowed, the computing device can initiate allowing of the activity. If the computing device determines that the activity should not be allowed, the computing device can initiate blocking of the activity.

Abstract: In an example embodiment, a system for allowing one or more password errors may store a correct password for a user and receive an attempted login from a user device. The attempted login may include (1) an attempted password with one or more errors and (2) metadata. The system may assign a metadata risk score to the metadata, assign a password risk score to the attempted password, aggregate the scores, and grant or deny access to the user based on the aggregated score and a predetermined threshold.

Abstract: Described is a system (and method) for automatically populating login credentials for an application such as a third-party application (or app) installed on a device. These applications are often associated with an entity that may operate or control a website, service, or another application. For example, browsers often store login credentials (e.g. username and password) of previously visited websites. Accordingly, the system may retrieve applicable login credentials for the application in response to verifying the application is authorized to be associated with the website associated with the retrieved password. Accordingly, the system may provide a convenient and safe mechanism to retrieve applicable login credentials even in instances where a developer of the application has not provided an explicit capability of such a feature.

Abstract: The present disclosure relates to a portable electronic device for authenticating a user through a management device and a system and method associated therewith. The portable electronic device includes a collector, an authentication information generator and a communication interface. The collector is configured to collect biometric data of a user. The authentication information generator is configured to generate authentication information according to whether the portable electronic device is within an area pre-set by the management device and based on the biometric data collected by the collector in real time. The communication interface is configured to send the generated authentication information to the management device so as to authenticate whether the user is a registered user of the management device. By collecting relevant data in a distributed manner during the user authentication process, user authentication efficiency is improved, and risk of damage to data collection equipment is reduced.

Abstract: Data security is enhanced by receiving a request that identifies an encrypted data key, an authentication tag, and additional authenticated data that includes at least a nonce. In some cases, the authentication tag is cryptographically derivable from the encrypted data key and the additional authenticated data. A system, in some cases, determines whether the nonce is authentic and decrypts the encrypted data key by using at least a cryptographic key and the nonce, thereby resulting in a plaintext data key that is usable in various contexts.

Abstract: Methods and systems are described for verifying an identity of a user through contextual knowledge-based authentication. The system described uses contextual knowledge-based authentication. By verifying an identity of a user through contextual knowledge-based authentication, the verification is both more secure and more intuitive to the user. For example, by relying on confidential and/or proprietary information, the system may generate verification questions, the answers to which are known only by the user.

Abstract: Methods, systems and programming for classifying network requests. In one example, a network request for content to be fetched by a content server is received from a client device. At least one non-internet protocol (IP) key is obtained based on the network request. Whether to deny or allow the network request is determined based on the at least one non-IP key.

Abstract: Methods of ensuring that the ownership, location, and provenance of a digital asset. The method utilizing a hash value and block chain technology to validate the ownership and provenance. The hash value derived from the digital asset itself. The methods comprising a registry and predetermined formula for generating a hash value from the digital asset, ownership information, storage location, and a description of the asset.

Abstract: Various embodiments relate to a method of auditing a biometric enrollment event journal entry, performed by a processor of an authentication computing system. An example method includes receiving a biometric enrollment event journal entry. The entry includes a tokenized biometric reference sample and a biometric reference template identifier. The tokenized biometric reference sample is generated by tokenizing at least one biometric reference sample captured from a user having a unique user identifier. The biometric reference template identifier uniquely identifies a biometric reference template generated using the at least one biometric reference sample. The tokenized biometric reference sample and biometric reference template associated with the biometric reference template identifier in the biometric enrollment event journal entry is retrieved. It is determined whether the detokenized biometric reference sample matches the biometric reference template.