Abstract: Examples are disclosed for detecting synthetic online entities that may be used for fraudulent purposes or other purposes. In some aspects, a computing system can generate a data structure that includes nodes and links between the nodes. The nodes can represent online entities and the links can represent geographic associations or transactional associations between pairs of online entities. These associations can be identified from electronic transactions involving the online entities. The computing system can determine, from the links between the nodes, that a degree of connectivity among a subset of the nodes exceeds a threshold connectivity. The degree of connectivity indicates electronic communications involving online entities represented by the subset of the nodes. The computing system can transmit, based on the degree of connectivity exceeding the threshold connectivity, an alert indicating a potential synthetic entity (e.g., potentially fraudulent activity) within the subset of the nodes.

Abstract: A device configured to receive a connection request that includes device authentication credentials and to determine the user device passes authentication in response to identifying a device profile associated with the device authentication credentials. The device is further configured to receive user credentials for a first user and identify a first user identity that corresponds with the user credentials. The device is further configured to establish a first network connection with the user device, to send a token request to the user device, and to receive a token via the first network connection. The device is further configured to identify a second user identity based on the token, to determine the first user identifier matches the second user identifier, and to establish a second network connection for the user device, wherein the network connection enables the user device to access the network.

Abstract: [Problem] Provided is an authorization system capable of reducing a load on a host regarding an invitation procedure in a case where there is a large number of guests or guests are frequently invited, and preventing identity theft or invitation of an unwanted third party.

Abstract: A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources i

Abstract: A user requests to join a meeting is detected. The meeting includes a meeting audio stream of one or more participant audio streams that include participant timestamps that correspond to when one or more other users are in the meeting. The user is prompted for an authentication credential based on the detecting the request to join the meeting. A participant profile of the user is determined based the authentication credential. The user is authorized access to the meeting and a first timestamp is saved. A first audio stream of the user is recorded. The user is identified as having left the meeting and a second timestamp is saved. A transcript of the meeting audio stream is generated based on the first audio stream and the one or more participant audio streams. The first timestamp, the second timestamp, and the meeting are associated with the participant profile.

Abstract: An application for dynamic, granular access permissions can include a database interface, a user interface, a login process, an administrator, an event handler and an authorization process. The database interface can be an interface to an access control permissions database that stores roles, actions, or policies for users of the application. The login process can authenticate a user and determine a default set of access control permissions for that user when they are using the user interface. The administrator can provide access control permissions for a user by using the database interface. The event handler can dynamically modify access to functionality in the user interface based on an event. The authorization process can determine whether a request from the user interface is authorized before process the request. The authorization process can use access control permissions from the administrator and either a scope limited or a temporally limited access permission.

Abstract: Systems and methods authenticate an end user of an enterprise with an external service provider. The enterprise comprises an identity provider and an entitlements data store that communicate via web services calls. The identity provider makes a determination of whether an end user is authorized to access the external service provider based on: (i) authentication of the end user by the identity provider; and (ii) data from the entitlements data store for the end user with respect to the external service provider. Upon a determination by the identity provider that the end user is authorized to access the external service provider, the identity provider send a SAML token to the end user. The SAML token comprises an XML representation of entitlement information for the end user for the external service provider.

Abstract: Disclosed herein is a method of facilitating policy-compliant end-to-end encryption for individuals between organizations. Accordingly, the method may include a step of receiving, using a communication device, a first recipient indication associated with a first recipient of a first tenant from a sender device associated with a sender of a second tenant. Further, the method may include a step of retrieving, using a storage device, a predefined policy definition associated with the first tenant. Further, the method may include a step of identifying, using a processing device, a recipient certificate associated with the first recipient based on the predefined policy definition. Further, the method may include a step of retrieving, using the storage device, the recipient certificate associated with the first recipient based on the identifying. Further, the method may include a step of transmitting, using the communication device, the recipient certificate to the sender device.

Abstract: In a subscription profile downloading method when an application in a device triggers subscription profile downloading, an operator server sends, to a subscription management server, authentication information of an application allowed to initiate subscription profile downloading; and when receiving an authentication request sent by the device, the subscription management server uses the authentication information to attempt to authenticate the application initiating subscription profile downloading in the device, and provides subscription profile downloading for the device after the authentication succeeds. The subscription management server may add the authentication information to a subscription profile downloaded last time and send the subscription profile to the device, and when the device downloads a different subscription profile next time, the device may use the authentication information in the subscription profile downloaded last time to attempt to authenticate the application.

Abstract: Presented herein are systems and methods for processing tokens in identity assertions for access control to resources. A server may receive, via an interface from a gateway, a request to permit a customer device to access a resource associated with the server. The request may include an identifier for the customer device and a first token used to authenticate the customer device at the gateway. The server may generate, responsive to validating the first token, a second token to be used to authorize the customer device at the server for access to the resource. The server may store, on a database, an association identifying the identifier, the first token, and the second token. The server may perform the server, an action to permit the customer device access to the resource associated with the server based on the association maintained on the database.

Abstract: A method including transmitting, by a network device to a security device, an initial security instruction set including a plurality of initial security instructions associated with operation of the security device; transmitting, by the network device to the security device, an event signal associated with the security device carrying out the network-facing operation; receiving, by the network device from the security device based on transmitting the event signal, a security instruction associated with the security device carrying out the network-facing operation, the security instruction being from among the plurality of initial security instructions; translating, by the network device, the security instruction into a host instruction to be executed by the network device; and transmitting, by the network device to the security device based on executing the translated host instruction, communication information to enable the security device to carry out the network-facing operation is disclosed.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: establishing a relationship graph for a certain user, the relationship graph having a primary node that specifies the certain user and a plurality of lower order nodes, wherein the primary node and at least one lower order node of the plurality of lower order nodes is connected to at least one other node by an edge so that there are defined a plurality of edges; generating a prioritized list of individuals to provide assistance to the certain user in respect to the certain task based on populated edge weight scores for edges of the relationship graph; and providing one or more output based on the prioritized list.

Abstract: Network infrastructure can be automatically detected. A network sensor detects a new network message. A source-address of the new network message is extracted. A plurality of addresses are assembled based on the source-address. These are recursed, using each of the unique similar-addresses as current addresses. Metadata is assembled for each of the addresses in the plurality of addresses. For each particular address in the plurality of addresses, a risk-label is assigned out of a plurality of possible risk-labels, by weighing a plurality of factors; and performing a network security action with the risk-label.

Abstract: Disclosed in some examples are methods, systems and machine-readable mediums which allow for more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in well-distributed positions determined by the user. These systems secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the well-distributed noise symbols from legitimate credential symbols.

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract: Methods, systems, and computer storage media for providing access to computing environments based on a multi-environment policy are provided. The a multi-environment policy is configurable to define rules that have provider-controlled and customer-controlled computing environment parameters for approving access to provider-controlled computing environments and customer-controlled computing environments. In operation, a request associated a computing environment are received. The computing environment is associated with a multi-environment policy. The multi-environment policy is configurable to define the rules based on access vectors having grouped computing environment aspects for control and visibility associated with accessing computing environments. Based on the request, a determination whether the request is for a provider-controlled or a customer-controlled computing environment is made.

Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.

Abstract: Systems and methods detect a potential hacking attack by monitoring the number and timing of DELBA (Delete Block Acknowledgement) action frames. When the number and timing of the DELBA action frames correspond to an unauthorized access pattern, an unauthorized access is detected. The potential unauthorized access may be detected by an access point (AP) or by the AP and a backend system. When a potential unauthorized access is detected, the AP may remain in silent mode for a longer period of time and limit access to the network to only trusted devices. In addition, an alarm or other notification of the potential unauthorized access may be provided to a user or other designated contact.

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: A communication device includes circuitry configured to acquire a digital certificate including information associated with a first attribute from a first device coupled to any of a plurality of devices sharing a distributed ledger having recorded therein a correspondence between an attribute of user information included in the digital certificate and a definition of the attribute, receive a request for information associated with a second attribute from a second device coupled to any of the plurality of devices, acquire a first definition associated with the first attribute, and a second definition associated with the second attribute, from any of the plurality of devices, and transmit a digital certificate including information associated with the first attribute to the second device together with a message notifying that the first attribute and the second attribute have the same definition, when the first definition and the second definition match.