Abstract: A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources i

Abstract: A system and a method of determining persistent presence of an authorized user while performing allowed operations on an allowed resource of the system while satisfying certain context-sensitive restrictions are disclosed. The system receives a request from a user to authenticate him/her. The system authenticates the user using biometric information of the user or any other authentication mechanism in a given context-sensitive restriction. If the user is authenticated, then the system allows the user to perform the allowed operation using the allowed resources in the context-sensitive restriction. If the authentication fails indicating that the user is an unauthorized user, then the system initiates a resolution process to halt or terminate the allowed operation to restrict or obfuscate the allowed operation from being accessed by the unauthorized user. In one embodiment, the system comprises an External Companion Device (ECD) paired with the system to perform the authentication and manage the allowed.

Abstract: Disclosed are various examples for distributed profile and key management. In one example, a client device can include an agent application and a PIV-D application. The agent application can receive a partially populated device profile generated by a management service to configure a setting on the client device. The PIV-D application can generate a derived credential and provide the derived credential to the agent application. The agent application can modify the partially populated device profile to include the credential to create a fully populated device profile and configure the client device in accordance with the fully populated device profile.

Abstract: A method for deploying a device to a local network hosted by a host device includes receiving a message causing the host device to request a piece of information from the device; requesting a determination if the received piece of information comprises data corresponding to an expected data pattern; if the received piece of information comprises data corresponding to the expected data pattern initiating a pairing with the device; and in response to the pairing generating an indication that the device is paired with the host device. A host device, a system and to a computer program product are also disclosed.

Abstract: Method and system for programming a power tool from an external device. The method includes establishing a first communication link with a server. The server includes a profile bank that includes mode profiles generated by a plurality of users. The method further includes receiving, over the first communication link, a list of mode profiles representing a subset of the mode profiles of the profile bank. The method further includes receiving, in response to user input from a first user on the external device, a selection of a mode profile. The method further includes transmitting, over the first communication link, the selection of the mode profile. The method further includes receiving, over the first communication link, the mode profile, the mode profile having been generated by a second user. The method further includes transmitting wirelessly, to the power tool, the mode profile to configure the power tool.

Abstract: The present disclosure relates to systems, devices and methods for device security and trust score determinations. In one embodiment, a method includes requesting, by a first device, trust score data for a second device, wherein the first device requests trust score data from a trust score management server, and receiving, by the first device, trust score data from the trust score management server. The method also includes generating a first trust score for the second device and transmitting the first trust score for the second device with a trust score management server. The method also includes configuring, by the first device, at least one control parameter for operation of the first device with the second device based on the first trust score, wherein configuring adjusts a previous control parameter to restrict operation of the first device relative to the second device. Device and systems are provided to enhance network security.

Abstract: Disclosed is a system for notifying hacking to a user thereby ensuring verified connection of a client machine with a server intended to be connected is disclosed. The system acquires a server certificate comprising data structure. The data structure may be acquired upon receipt of a response to a request initiated by the client machine. In one aspect, the data structure may be referred to as a tree site to verifier pertaining to the request. The system further receives a validation acknowledgement indicating validity of the server certificate. The system further performs a reverse certificate look up verification process upon receipt of the acknowledgment.

Abstract: A method for authenticating an individual for login to a server computer includes receiving at the server computer data for a first authentication image from an electronic computing device. First attributes are identified of one or more similar geometrical shapes from the data for the first authentication image. A determination is made as to whether the first attributes of the one or more similar geometrical shapes from the data for the first authentication image correspond to second attributes from a second authentication image accessible on or by the server computer. When the first attributes correspond to the second attributes, the individual is authenticated on the server computer.

Abstract: A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification.

Abstract: Technologies are generally described for methods and devices for generating a final signature. The methods may comprise receiving a message by a processor. The methods may comprise generating a random number by a random number generator. The methods may comprise forwarding, by the processor, the random number to a cloaking element generator. The methods may comprise forwarding, by the processor, a private key to the cloaking element generator. The methods may comprise forwarding, by the processor, a group to the cloaking element generator. The methods may comprise forwarding, by the processor, a homomorphism to the cloaking element generator. The methods may comprise processing, by the cloaking element generator, the random number, the group, the private key, and the homomorphism to produce a cloaking element. The methods may comprise applying the cloaking element to transform the message into the final signature.

Abstract: Automated registration of one or more IoT devices seeking connection to one or more IoT platforms using a secure provisioning service. The secured provisioning service verifies and administers connection credentials to each IoT device, ensuring legitimate devices cannot be impersonated or controlled by unauthorized personnel. The provisioning service matches the IoT devices and metadata of each IoT device to the provisioning rules. Connection credentials and/or rules defining each IoT device's access to IoT platforms are based on the provisioning rules of the rules registry. Matching each IoT device to one or more provisioning rules offers flexibility to dynamically add, delete or amend one or more rules in a complex rules-based system, allowing for automatic updates to the connection credentials of each IoT device, wherein each IoT device can be provisioned or re-provisioned using the most up to date set of new or amended rules.

Abstract: A single Internet of Things (IoT) gateway flow computer (either on a gateway machine or a non-gateway machine) that controls flow through both of the following types of gateways: (i) cloud gateways; and (ii) edge gateways. Both overall configuration and sub-configuration are automatically and dynamically controlled by the single, system-wide IoT gateway flow computer.

Abstract: A Confidence Broker System is disclosed. One embodiment of the present invention includes a confidence broker (10) which communicates with a plurality of confidence producers (12A, 12B, 12C) and a plurality of confidence consumers (14A, 14B, 14C). Communications between these elements is conducted via a communications infrastructure (16). The confidence broker (10) also includes a communications interface (42) which is connected to a protocol converter (44). The protocol converter (44) is connected to a confidence normalizer (46). The confidence normalizer (46) is connected to a confidence mediator (48). The confidence mediator (48) is connected to a confidence mapper (50). The confidence mapper (50) is connected to the protocol converter (44). Each of the protocol converter (44), the confidence normalizer (46), the confidence mediator (48) and the confidence mapper (50) is connected to a storage device (52).

Abstract: The system and method disclosed performs entity authentication through identification proofing. A relying party such as a corporation or other type of entity having a secure website, computer network and secure facility working a risk engine can determine the authenticity, validation and verification during registration of a user entity. The identification proofing is integrated with a risk engine. The risk engine is capable of using bio-behavior based information which may be continuously monitored.

Abstract: A method of operating a mobile device includes displaying a user interface as an image, the user interface being composed of a plurality of widgets, storing a privacy policy identifying at least one of the widgets, capturing a screenshot image corresponding to the screenshot image, excluding the at least one of the widgets from the screenshot image to create a modified screenshot image, and transmitting the modified screenshot image over a network to a monitoring server.

Abstract: Methods and systems for ensuring security of in-car systems in vehicles, particularly, user data privacy and protection of in-car systems from cyber attacks, hacking etc. is provided. After a two-level authentication process, wherein user identification data, token and passwords are used and matched to authenticate the user, a secure OS container is created for use for the user accessing the IVI system of the vehicle. This container is created on the host root file system such that the environments of the container and the host root file system of the IVI system are sandboxed from each other.

Abstract: The invention relates to a method for linking a terminal (1) into a region (4a) of an interconnectable computer infrastructure (2) which is designed for a plurality of users (6, 6a), said region being allocated to a user (6a). A user certificate (12a) is generated for the region (4a) allocated to the user (6a) and is provided to the user (6a) and/or the interconnectable computer infrastructure (2). A terminal certificate (16a) which is compatible with the user certificate (12a) is generated, and the terminal certificate (16a) is entered into the terminal (1). The terminal (1) is registered in the interconnectable computer infrastructure (2) via a data connection (20), wherein the terminal certificate (16a) and/or a password which is encrypted using the terminal certificate (16a) is transmitted from the terminal (1) to the interconnectable computer infrastructure (2) via the data connection (20) for the registration process.

Abstract: One embodiment provides a method, including: providing, using a light source operatively coupled to an information handling device, illumination on an object; capturing, using a sensor operatively coupled to the information handling device, illumination reflectance from the object; determining, using a processor and based on the illumination reflectance, whether the object is associated with a human user and whether the human user is an authorized user; and authenticating, responsive to determining that the object is associated with the human user and that the human user is an authorized user, the human user. Other aspects are described and claimed.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a data request is received. The request is associated with a network service. A single sign-on (SSO) token is received. The SSO token represents a user account authenticated with an identity manager. Authentication data for the network service is identified based on the SSO token. The authentication data can specify an authentication site of the network service. A navigation action is automatically performed on the authentication site. The requested data is received. A command to present on a client device the data is transmitted to the client device.

Abstract: Distributed systems and methods for encrypting data on a blockchain network are disclosed. One system comprises at least one injector coupled to a node on the blockchain, a controller coupled to the injector, and a generator coupled to the controller. The injector intercepts messages bound for the blockchain and encrypts data in the messages using encryption information received from the controller. The controller acquires encryption information from the generator, which generates encryption keys and derives encryption information from those encryption keys. The encryption information may be divided into multiple parts and distributed between a plurality of injectors. As a result, to assemble an encryption key for encrypting or decrypting data, an injector may have to cooperate with other injectors to acquire sufficient encryption information to re-assemble the encryption key.