Abstract: A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence.

Abstract: A detection device includes a data-propagation tracking unit that gives communication data a tag including attribute information associated with communication destination information of the communication data and tracks propagation of communication data on which the tag including the attribute information is given, and a falsification detection unit that detects falsification on the communication data when, in the communication data, there is a tag including attribute information different from attribute information corresponding to a transmission destination or a transmission source of the communication data.

Abstract: Method and system for programming a power tool from an external device. The method includes establishing a first communication link with a server. The server includes a profile bank that includes mode profiles generated by a plurality of users. The method further includes receiving, over the first communication link, a list of mode profiles representing a subset of the mode profiles of the profile bank. The method further includes receiving, in response to user input from a first user on the external device, a selection of a mode profile. The method further includes transmitting, over the first communication link, the selection of the mode profile. The method further includes receiving, over the first communication link, the mode profile, the mode profile having been generated by a second user. The method further includes transmitting wirelessly, to the power tool, the mode profile to configure the power tool.

Abstract: A command and control server identifying apparatus provides data received by malware upon execution of the malware with a tag that allows to uniquely identify communication destination information of a source of the data, and tracks propagation of the data provided with the tag. Then, the command and control server identifying apparatus obtains a tag of data referred to by a branch instruction executed by the malware among tracked data. Then, the command and control server identifying apparatus identifies communication destination information of a command and control server that issues a command to the malware, based on communication destination information of a source associated with the obtained tag.

Abstract: Storing and retrieving ciphertext in data storage can include determining a first ciphertext value for a first data chunk to be saved to a client-server data storage system using an encrypted chunk hash value associated with the first data chunk as an initial value, and storing the first data chunk on a server in the client-server data storage system in response to determining that the first ciphertext value is a unique ciphertext value. Also, storing and retrieving ciphertext in data storage can include decrypting a ciphertext value for a second data chunk received from a client in the client-server data storage system and based on an encrypted chunk hash value associated with the second data chunk, and sending the second data chunk to the client in response to determining that the decrypted ciphertext value corresponds to an original data chunk saved to the server by the client.

Abstract: A digital certificate of a user is collected. A digest computation of a collecting result of the digital certificate is performed to generate a digital certificate digest of the user. The digital certificate digest is cached. In response to an operation of the user, a service request containing the cached digital certificate digest is transmitted to a service server such that when a service corresponding to the service request is a service for which the digital certificate needs to be verified, the service server executes the service when the verification passes through verification of the digital certificate digest. The techniques of the present disclosure execute the verification operation of the digital certificate along with specific service operations, which reduce the number of certificate verifications and the number of requests for executing the specific service.

Abstract: Aspects of the present invention provide an approach for user authentication during a user session which potentially requires multiple user authentications. A library of authentication methods is provided for preforming the user authentications. For authentication, a threshold contribution value is set which needs to be exceeded for authentication to occur. To carry out the authentication, a chain of authentication methods is constructed at run time, selected from the library in order to provide an aggregate contribution value which exceeds the threshold. During run time, the contribution value of each authentication method is dynamically adjusted, so that construction of the chain uses current amounts for the contribution values of each authentication method. This allows the chain to be reconstructed at run time taking into account changing circumstances. Specifically, not yet executed authentication methods may be unlinked from the chain and replaced with one or more new ones.

Abstract: A system and method for providing secure access to electronic records. A processor receives, from a first client, a first request to access the electronic records, authenticates the first client, and provides access to the electronic records in response to determining that the first client is authenticated. The processor receives user input data from the first client and stores the user input data in association with the electronic records. The processor further receives from a second client a second request to access the electronic records, retrieves the user input data associated with the electronic records in response to the second request, and transmits a prompt to the second client in response to the retrieved user input data. The processor also receives an answer to the prompt and provides access to the electronic records in response to the answer.

Abstract: A method for providing a user system access to a resource includes obtaining configuration data identifying devices at the user system; receiving a request from the user system for access to a resource; applying a function to the configuration data to generate a current fingerprint; comparing the current fingerprint to a reference fingerprint associated with the resource; determining a degree of similarity between the current fingerprint and the reference fingerprint; and granting access to the resource in response to the degree of similarity between the current fingerprint and the reference fingerprint.

Abstract: Systems and methods are disclosed for securely identifying a computing device via a web browser utilizing a customized digital font. In particular, in one or more embodiments, the disclosed systems and methods generate a customized digital font and install the customized digital font on a computing device. Moreover, the disclosed systems and methods utilize the customized digital font to identify the computing device. In particular, one or more embodiments include systems and methods that identify an element of a webpage rendered by the computing device utilizing the customized digital font and identify the client device based on the rendered element of the webpage.

Abstract: A method of creating, at a permissions management resource, access permissions relating to a subject device for at least one data processing device, the method comprising: obtaining, at the permissions management resource, input data; generating, at the permissions management resource, at least one permission relating to accessing the subject device in response to the input data; transmitting, from the permissions management resource to the subject device and/or the at least one processing device, a communication comprising the at least one permission.

Abstract: A method for creating a secure connection between a remote client computing device and an enterprise asset platform includes a server receiving from a client computing device (CCD) a request being either a registration request or to access the asset platform, including a CCD unique identifier, determining if the CCD is previously blocked from accessing the asset platform, if so then terminating the method. If the request is a registration request, then generating a disambiguation query in accordance with predefined policy, receiving a response to the disambiguation inquiry from the CCD, verifying the contents of the disambiguation query response in relation to a predefined criteria. If the disambiguation query response does meet the predefined policy, associating the CCD to the predefined policy. A system configured to implement the method and a non-transitory computer-readable medium containing instructions for a processor to perform the method are also disclosed.

Abstract: A computing device with a graphical authentication interface in which the device displays a base image and authenticates a user when a pre-selected element in a secondary image overlying the base image is aligned with a pre-selected element in the base image.

Abstract: Embodiments of the present invention provide a multi-level authentication system to provide an additional level of authentication using phone application level data. The system extracts application level data and generates a questionnaire based on the extracted application level data. This questionnaire is transmitted to the device of the user by the system to receive an input related to the questionnaire. The system authorizes a request to execute an action upon validating the input received.

Abstract: Systems, apparatuses, services, platforms, and methods are discussed herein that provide digital security services and enhance digital security certificate issuance for communication systems. In one example, a digital security platform is presented that includes a client interface service configured to receive requests for digital security certificates from one or more requesting entities. The digital security platform includes a certificate service configured to process the requests against evaluation criteria to select certificate authorities to handle the requests, and handler processes configured to interface with associated ones of the selected certificate authorities for issuance and delivery of the digital security certificates.

Abstract: A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

Abstract: Role based access control (RBAC) identity management tools, computing systems, computer products and methods of abstracting individual users from the role assignment and revalidation process of traditional RBAC. The RBAC tools, products and systems of the present disclosure organize and manage multi-tenanted networks and cloud computing environments by organizing individual users by service providers having a single or unified identity, which are separately managed by the service provider owners. The service provider identities are treated as a single service provider entity applying for one or more roles in the multi-tenant system, allowing for a simplified role revalidation that no longer requires managers of tenants in a multi-tenant network to approve the role assignment of each individual user, because the tenants and tenant managers are unaware of the users identities that make up the service provider identity.

Abstract: A system for using an encrypted version of a password or access code which is stored in the open on a computer or other device, which utilizes a hardware token to decrypt the password or access code utilizing a secure secret which is stored inside the device, and which never leaves the device, to allow the owner of the device to have access to the Secure System. The system also provides means whereby the holder of a Master token and the holder of a Grand Master token may also have access to the Secure System as long as the user token was previously registered to the Master token and the Master Token was previously registered to the Grand master token before the secured resource was locked by the user token.

Abstract: A computer-implemented method for verifying authentication requests using IP addresses may include (i) collecting, by a computing system, data on IP address changes from a set of endpoint devices, (ii) creating, by the computing system using the data on IP address changes, a virtual IP address distance map based on a likelihood of change from at least one origin IP address to at least one destination IP address, (iii) automatically detecting, by the computing system, a change in an IP address of a client device, (iv) determining, by the computing system and based on the virtual IP address distance map, that the change in the IP address of the client device indicates that an authentication request from the client device is suspicious, and (v) performing, by the computing system, a security action to secure the client device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A digital marking module in a first computer memory receives a data file including original media content. The digital marking module accesses, from a second computer memory, identifying information corresponding to a recipient of the data file. The digital marking module generates altered media content to include the identifying information and substantially include the original media content. The data file with the altered media content is transmitted to a recipient device. The altered media content is received by a digital mark reader. The identifying information corresponding to the recipient of the data file is read from the altered media content.