Abstract: Methods, computer-readable media, software, and apparatuses are provided to assist a user and vendor in completing an online trusted transaction. Trusted vendor websites are verified and user identities are confirmed through a cyber-security safe logon credentialing system. The vendor can be confident that the user identity has been verified to be who they say they are and the user can be confident that they are using a trusted verified vendor website.

Abstract: Described are various embodiments of a digital data comparison filter, system and method, and applications therefor. In one embodiment, a digital data comparator system comprises two or more transformation engines each having securely stored in association therewith a common key, a common designated comparator threshold number, and a respective identifier; and a reconstitution engine operable to access partial encryption information from each transformation engine and, only upon relating to identical digital data, process each partial encryption information to successfully release the identical digital data.

Abstract: Systems and methods are described herein for computer user authentication using machine learning. Authentication for a user is initiated based on an identification confidence score of the user. The identification confidence score is based on one or more characteristics of the user. Using a machine learning model for the user, user activity of the user is monitored for anomalous activity to generate first data. Based on the monitoring, differences between the first data and historical utilization data for the user determine whether the user's utilization of the one or more resources is anomalous. When the user's utilization of the one or more resource is anomalous, the user's access to the one or more resource is removed.

Abstract: Technology for setting a first password based on a password precursor or setting a second password (in a multi-factor authentication system). The password precursor (for example, a number or alphanumeric string) can be converted to the first password by a set of operation(s). Similarly, the first password can be converted into a second password by a set of operations. The set of operations may include mathematical operations and/or alphanumeric string operations.

Abstract: Disclosed embodiments include identity verification and management services in which users authenticate their identities during an enrollment process, and may access and modify their identity information via a secure portal. The enrollment process includes collecting various identifying data and biometric data of a user. A live interview portion during the enrollment process is used to check the liveness and verify the collected identifying data and biometric data. Once the user is enrolled, the user's identity can be verified for multiple entities using the same enrolled identity, and the user can manage the specific data used to verify their identity with different entities. This provides users with the ability to use their authenticated/verified identity across various industries, markets, locations, and the like, while keeping their identifying data private. Other embodiments may be described and/or claimed.

Abstract: The present application discloses a method and apparatus for updating a password of an electronic device, a device, and a storage medium, and relates to intelligent transportation, vehicle-road collaboration, and device security technologies in the field of data processing. The specific implementation solution is: in response to detecting a trigger condition of a password update, the electronic device randomly generates a first password, and updates a login password of the electronic device to the first password; then the electronic device sends a password updating message to a server, and the password updating message is configured to indicate an identification of the electronic device and the first password. The server updates the database for storing login passwords of different electronic devices according to the password updating message. Through the above process, the safety of the electronic device is improved.

Abstract: The application provides an example user interface switching method and an example terminal. The method includes, after the terminal triggers a trusted user interface (TUI) display request of a client application (CA) according to a first operation on a CA interface by a user, the terminal switches a display environment of the CA from a rich execution environment (REE) to a trusted execution environment (TEE) according to the TUI display request, and then displays a trusted application (TA) interface that is of the CA and that is in the TEE. The method also includes performing, by the user, an operation of inputting sensitive information on the TA interface.

Abstract: Techniques for encrypting content in a content distribution network are disclosed. The content distribution network may comprise a number of national and local sites, and a number of hubs at each local sites. A content segment encrypting device may be operative at a local site to encrypt and cache segments of content. The segment encrypting device may provide the segments to streaming devices that encode content for delivery downstream to network or user devices.

Abstract: Apparatuses, methods, systems, and program products are disclosed for data aggregation using a limited-use code. An apparatus includes a message module configured to intercept a message comprising a limited-use code. A message may be sent from a third-party server and intended for a user of a hardware device. A limited-use code may be used to verify an identity of a user for access to a third-party server. An apparatus includes a parse module configured to parse a message to determine a limited-use code. An apparatus includes a submission module configured to provide a limited-use code to a third-party server without user input. An apparatus includes an authorization module configured to prompt a user for authorization prior to intercepting a message, parsing the message for a limited-use code, and providing the limited-use code to a third-party server without user input.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for connecting to an independent software vendor (ISV). The method includes receiving, at an integrated platform, a request to initiate a data connection with the ISV. The request may include a web address of the ISV. The method also includes associating, through the integrated platform, the data connection with a unique identifier. The method also includes issuing an authorization code based on authentication of an authorization request for the data connection. The method also includes exchanging, with a connector service, the authorization code for tokens utilized for establishing the data connection with the ISV. The method also includes receiving access to the ISV through the integrated platform.

Abstract: Various embodiments are generally directed to provide a semi-local authentication scheme. A server can transmit one or more encryption mechanisms to a user device, which in turn can transmit the encrypted mechanisms to one or more secondary devices associated with the user device, where the user device and the secondary devices share a local connection. The secondary devices can transmit the one or more encrypted mechanism utilizing one or more one or more decryption mechanisms supplied by the server, and then transmit the result of the decryption, e.g. decrypted codes, back to the user device, which in turn can then transmit a final decrypted code or codes to the server. Upon confirming receipt of the decryption from the user device, the server can authorize access (via the user device) to one or more devices, networks, applications, and/or components.

Abstract: Techniques and mechanisms described herein facilitate the management of digital rights for media content item presentation. According to various embodiments, a request for a content decryption key may be received at a media application implemented at a computing device. The request may be transmitted by a media content player implemented at the computing device. The request may be transmitted in accordance with a designated key exchange protocol. A license for an encrypted media content item corresponding with the requested content decryption key may be identified at the media application. Based on information included in the license, encrypted key material may be decrypted to create the requested content decryption key via a processor at the computing device. The requested content decryption key may be provided to the media content player.

Abstract: A communication apparatus includes a first notification unit, a second notification unit, a reception unit, and a sharing unit. The first notification unit provides first information containing information unique to the communication apparatus and information on a predetermined channel for use in sharing a communication parameter for wireless communication with a different communication apparatus. The second notification unit provides second information containing the information unique to the communication apparatus but not containing information on the predetermined channel. When the first information is provided, the reception unit waits to receive a predetermined signal containing information corresponding to the information unique to the communication apparatus without shifting to another channel. When the second information is provided, the reception unit waits to receive the predetermined signal using a plurality of channels.

Abstract: This disclosure describes techniques for implementing a Single-sign-On Domain-Agnostic Proof-of-Possession (SODA-POP) token (or access token) to solve generation of multiple POPs for authentication of multiple domains that may belong to a single mobile network operator (MNO). The access token may be implemented by a JSON Web Token (JWT) that includes a map of key-value pairs as confirmation claims. The key-value pairs may include multiple domains/sub-domains and their corresponding public keys. These key-value pairs may be registered and added in the confirmation claims to automatically authenticate each one of the domains to access a corresponding service provider. To register a new domain, the new domain redirects a request back to an already registered domain, which updates the access token and then redirects the request back to the new domain. After registration, the updated access token may be used to access services at all registered domains without further reauthentication.

Abstract: Systems and methods for inter-service authentication are disclosed. In one embodiment, a system may include a plurality of services and a cloud platform. The first service may generate a token comprising a first service identifier for communicating with a second service, and may request, from the cloud platform, a private key for the first service. The cloud platform may provide the private key to the first service. The first service may sign the token with the private key and may communicate a request to the second service with the signed token. The second service may retrieve the first service identifier and may request, from the cloud platform, a public key for the first service identifier. The cloud platform may provide the public key to the second service. The second service may validate the token using the public key, and may grant the request in response to the validation.

Abstract: A method including encrypting, by a user device, a file based at least in part on utilizing a file symmetric key and a first encryption algorithm to determine a first-encrypted file; storing, by the user device, the first-encrypted file in a local memory; encrypting, by the user device, the file based at least in part on utilizing a synchronization key and a second encryption algorithm to determine a second-encrypted file, the second encryption algorithm being different from the first encryption algorithm; encrypting, by the user device, metadata associated with the file based at least in part on utilizing a metadata key to determine encrypted metadata; and transmitting, by the user device to a storage device, the second-encrypted file in association with the encrypted metadata is disclosed. Various other aspects are contemplated.

Abstract: A first message is received from a first communication device. The first message comprises an authentication token. For example, the authentication token may be a username/password. A determination is made if the first message also comprises a valid temporary password. The temporary password is used to prevent a Denial-of-Service (DOS) attack. In response to the first message comprising the valid temporary password, a determination is made if the authentication token is valid. In response to the authentication token being valid, the first message is responded to in a normal manner. If the first message does not contain the temporary password, the first message is handled based on a DOS message handling process.

Abstract: Systems and methods for securely accessing a legacy system are disclosed herein. In an embodiment, a method for securely accessing a legacy system via an enterprise system includes requesting issuance of a security token by an STS server of a security token service, causing, by an enterprise server of an enterprise system, association of a first user account with the security token upon reception of the security token, communicating the security token to an access server of a legacy access provider for authentication of the security token, enabling creation of a second user account after the legacy access provider authenticates the security token, accessing a legacy server of a legacy system via the first user account and the second user account, and causing at least the second user account to be deleted after a single use of the legacy system.

Abstract: A method performed by a CMS and an edge node of a CDN is provided, including: sharing a server secret between the CMS and the edge node; using, by the CMS, the server secret to generate a signing key, the signing key being transmitted to a client system, wherein the client system receives a request for a content item from a user device, and wherein the client system uses the signing key to generate a signed URL for the content item, the user device being redirected to the signed URL; responsive to receiving the signed URL from the user device, then validating the signed URL by the edge node, wherein validating the signed URL uses the server secret to rederive the signing key based on the signed URL; responsive to successful validation of the signed URL, then providing the content item from the edge node to the user device.

Abstract: A determination method includes determining an attack type of an attack code included in an attack request on a server, carrying out emulation of an attack by the attack code on the server in accordance with the determined attack type, extracting a feature related to a backdoor operation appearing in an attack code on the server in a case of succeeding in an attack on the server as a result of the emulation, and determining that an attack by the attack code has succeeded in a case where a communication log of the server has the extracted feature, by a processor.