Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device.

Abstract: Systems, methods, and apparatuses for providing a central location to manage permissions provided to third-parties and devices to access and use user data and to manage accounts at multiple entities. A central portal may allow a user to manage all access to account data and personal information as well as usability and functionality of accounts. The user need not log into multiple third-party systems or customer devices to manage previously provided access to the information, provision new access to the information, and to manage financial or other accounts. A user is able to have user data and third-party accounts of the user deleted from devices, applications, and third-party systems via a central portal. The user is able to impose restrictions on how user data is used by devices, applications, and third-party systems, and control such features as recurring payments and use of rewards, via a central portal.

Abstract: This disclosure relates to systems, methods, and apparatuses for determining access models for applications. The access models can be determined using various techniques described herein. The access models can enable the applications to be onboarded into the enterprise system and, in some cases, can be utilized by an identity and access management (IdAM) system and/or identity and governance administration (IGA) system to facilitate ongoing identity management and access control functions for the applications in the enterprise system.

Abstract: Systems and methods include providing a user with wireless control of electronic devices associated with a multi-tenant structure to enable a user to engage in wireless control of the electronic devices associated with permissions granted to the user. Embodiments of the present disclosure relate to receiving associated permissions granting wireless control of partitioned electronic devices to the user from a central aggregation control system. The partitioned electronic devices are associated with the multi-tenant structure that are under wireless control and have the associated permissions granting wireless control to the user. The electronic devices to provide the user with wireless control of the partitioned electronic devices are determined based on the associated permissions granted to the user. Wireless control of the partitioned electronic devices is automatically activated when the associated permissions for the user grant the user with the wireless control of the partitioned electronic devices.

Abstract: A system and method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated.

Abstract: A computer implemented method is used for changing a password in a multi-domain environment. The method includes obtaining a private key and a public key from a security card at a user device in a user domain, transferring the public key to a controller in a secure domain, requesting a password change, receiving a public key encrypted new password from the secure domain, and decrypting the new password using the private key.

Abstract: Methods and apparatuses for automatic determination of a content security policy for a network resource are described. A proxy server receives from a first authenticated client device a first request for a first network resource, retrieves the first network resource and transmits a first response to the first client device that includes a content tracker that causes the client device to report information on additional network resources identified when the first client device interprets the first network resource. A content security policy is determined based on the reported information. The proxy server receives, from a second client device, a second request for the first network resource. The proxy server transmits, to the second client device, a second response that includes the content security policy that is determined based on the information on the additional network resources.

Abstract: The present disclosure relates to a system, method, and apparatus for securing electronic personal identifying information. The system enhances data privacy, by minimizing the amount of authentic personal identifying information that is shared with a third party. Namely, the system includes a database of known websites, apps, etc. that require personal identifying information to sign up—and then classifies whether any given type of information is strictly necessary to the functioning of the website. The system then generates placeholder “dummy” data for any fields that are required for signup, but are not strictly necessary for the website to function. The system allows for creation of several user profiles that vary the amount of authentic personal identifying information to be shared, based on the user's preferences. The system therefore helps to secure personal information in the event that, for example, the website later has a data breach.

Abstract: A block generation unit 13 generates, in a predetermined case, a block including an ID of a user in a blockchain. The block generation unit 13 generates a new block including information indicating a service provider and service contents, when face data of the user and the service contents are received from a terminal of the service provider and face authentication is successful based on the face data and face authentication data, or when the ID of the user and the service contents are received from the terminal of the service provider, and adds the new block to the blockchain.

Abstract: A computing device receives an IP address and a port number related to a transport protocol and an application protocol version and other attributes related to an application protocol extracted from an encrypted client hello (ECH) enabled transport layer security (TLS) connection request from a client computing device and extracts, from the database, a set of all known hostnames matching the IP address. The device generates a reduced list of the set of all hostnames matching the IP address, and assigns a confidence score to each hostname of the reduced list based on an alias count and/or a popularity ranking of the hostname. Finally, a prioritized list of one or more hostnames is generated based on the confidence score, the prioritized list indicating the one or more hostnames in the order of descending probability of being requested in the ECH enabled TLS connection request.

Abstract: Systems and methods implemented by a mobile device include establishing a plurality of tunnels to a gateway, wherein each of the plurality of tunnels is on one of a plurality of link layer channels at the mobile device; intercepting network traffic on the mobile device; forwarding the network traffic to one of the plurality of tunnels based on a set of traffic forwarding rules; and responsive to a network change for the mobile device, managing the plurality of tunnels and continuing the forwarding based on the managing. The systems and methods can further include determining characteristics including bandwidth of each of the plurality of link layer channels; and utilizing the characteristics with the set of traffic forwarding rules for the forwarding.

Abstract: A system configured to execute instructions to perform steps of a method for preventing unauthorized network access is disclosed. The system may receive an authorization request from a first user device and determine a device fingerprint. The system may store the device fingerprint as an authorization fingerprint. The system may receive a login request from a second user device. When the authorization fingerprint matches the device fingerprint, the system may authorize the login request from the second user device. In some embodiments, the system may determine a device state and temporal identifier and create a first device hash to be stored as an authorization hash. The system may receive a login request and cause the first user device to create one or more second device hashes. If at least one second device hash is a match, the system may authorize the login request from the second user device.

Abstract: A system for managing custom code within a data computing platform determines that a request for one or more uniform resource identifiers external to the platform is being made by custom code executing in the platform. In response to the determination, the system checks a whitelist of allowable external URIs against the requested one or more URIs and allows access to the requested one or more URIs if a match is detected with the whitelist, otherwise access by the custom code to the requested one or more URIs is denied. In addition, or alternatively, the system checks a blacklist of disallowed external URIs against the requested one or more URIs and denies access to the requested one or more URIs if a match is detected with the blacklist, otherwise access by the custom code to the requested one or more URIs is allowed. The blacklist can override the whitelist.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, devices, apparatuses, and processes that maintain data confidentiality in communications involving voice-enabled devices in a distributed computing environment using homomorphic encryption. By way of example, an apparatus may receive encrypted command data from a computing system, decrypt the encrypted command data using a homomorphic private key, and perform operations that associate the decrypted command data with a request for an element of data. Using a public cryptographic key associated with a device, the apparatus generate an encrypted response that includes the requested data element, and transmit the encrypted response to the device. The device may decrypt the encrypted response using a private cryptographic key and to perform operations that present first audio content representative of the requested data element through an acoustic interface.

Abstract: A method for configuring access to an Internet service, the method being implemented by a server known as a web server following at least one successful authentication request by a user to access the service, the at least one authentication request being initiated by a terminal of the user. The method includes: a first step of obtaining at least one identifier of the terminal and at least one authentication datum that are present in the at least one authentication request; a second step of obtaining, on the basis of the at least one obtained authentication datum, at least one identifier of the user; a third step of obtaining, on the basis of the at least one identifier of the user and of the at least one identifier of the terminal, at least one access parameter; and a step of configuring the service for the user on the basis of the at least one access parameter.

Abstract: Several data breaches are occurring in organizations due to insecure handling security-sensitive data. Conventional methods utilize static analysis tools and fail to capture all security vulnerabilities. The present disclosure identifies a security vulnerability by analyzing a source code. Initially, a System Dependence Graph (SDG) associated with the source code is received. Forward slicing is performed on the SDG and a plurality of forward function nodes are obtained. A plurality of security parameters associated with the security-sensitive variable are obtained. A backward slicing is performed based on a plurality of security parameters to obtain a plurality of backward function nodes. Further, a plurality of common function nodes is obtained from the plurality of forward and the backward function nodes and utilized to generate a plurality of enumerated paths. The enumerated paths are evaluated to obtain a plurality of feasible paths and are further analyzed to identify security vulnerability.

Abstract: A method at a remote proxy on a first node, the method including receiving, at the remote proxy, a first message from a first module on the first node, the first message being directed to a second module on a second node; verifying the first message at the remote proxy utilizing operating system verification; determining, based on a manifest at the remote proxy, the second node; signing, using a private key for the first node, the first message; and sending the first message to the second node.

Abstract: Systems and methods for authenticating data transmissions are provided, such as e.g., analog radio streams received at a vehicle. In one aspect, the vehicle includes features that allow for detection and decryption of an encrypted source identifier embedded or introduced into a data transmission transmitted to the vehicle. The source identifier may be used to determine whether the source is authorized to transmit data transmissions to the vehicle and the data transmission may be authenticated accordingly. In another aspect, the vehicle includes features that determine the location of the transmitting device used to transmit the data transmission to the vehicle. The location is then used to determine whether the data transmission should be authenticated.

Abstract: A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.