Abstract: The present invention is generally related to systems and methods for providing an improved authentication and verification system through the use of compiled user data and user location or traffic data from multiple channels of input. Multiple devices may be utilized by the system in order to receive and process data to authenticate user identities and verify the validity of account activity.

Abstract: A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication via a backchannel to reduce the potential for malicious third-party impersonation of the client prior to transfer of the call to the customer call center. Pre-authorized customer support calls may be intelligently and efficiently routed directly to call center agents, without incurring further delay. During call handling, call center agents may initiate further client authentication processes, including contactless card authentication requests, over one or more different communication channels for authorizing access to sensitive information or to allay suspicion.

Abstract: In a method of registering a smart key for construction machinery, a first password is generated in a smart key module mounted in a construction machine. A user setting graphic interface through which a user can input a password, in the smart key module or a user terminal, is provided to the user. The password inputted by the user is compared with the first password in the smart key module to authenticate. An authentication code of a near smart key that is recognized by the smart key module is registered as a new registration authentication code when the inputted password is authenticated.

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

Abstract: Systems and methods for linking a screen capture to a user support session are disclosed. The system may receive a screen capture initiation request from a user device. The system may capture a first data object indicative of a first graphical user interface associated with the user device. The system may provide, to the user device, the first graphical user interface for a predetermined period of time. The system may track, by the one or more processors, one or more inputs from the user device that indicate the presence of one or more articles of sensitive information within the graphical user interface. The system may mask the one or more articles of sensitive information within the graphical user interface, generate a second data object indicative of the graphical user interface having the masked articles of sensitive information, and store the second data object in a data repository.

Abstract: Systems and methods are provided to utilize information from a directory service to determine, at a layer-one network policy server, the appropriate layer-two network policy server to which an authentication request should be routed. For example, a first directory service group may be created that includes all users using a first authentication type, a second directory service group may be created that includes all users using a second authentication type, etc. The layer-one network policy server may periodically synchronize with the directory service to download information about users in the different directory service groups, update a markup language document with that information, and use the markup language document to help route incoming authentication requests to the correct layer-two network policy server for a particular authentication type. In addition, a priority may be set (and changed) by an administrator favoring one or more authentication types in a network.

Abstract: The present invention discloses a method of processing a data transfer request securely over a network, the method comprising the steps of obtaining, by a first entity, a first token associated with sensitive data received from a user; associating the first token with a token reference and storing the token reference; sending the token reference to a second entity; requesting a second token from a second entity upon receiving a data transfer request from a third entity, wherein the second token is derived from the first token using an ad hoc logic; and processing the data transfer request using the second token.

Abstract: Embodiments of the invention relate to systems, methods, and computer program products for resource origination tracking, the invention including: electronically receiving, from a first user device associated with a first user, a digital resource and a set of distribution rules associated with the digital resource; creating an NFT associated with the digital resource; predicting, via a machine learning engine, a value of the NFT; electronically receiving, from a second user device associated with a second user, a request to complete a resource transfer; transferring ownership of the NFT associated with the digital resource from the current owner to the second user; and transmitting, to a managing entity system, instructions to transfer, from an account associated with the second user, a first amount of financial resources to an account associated with the current owner and a second amount of financial resources to an account associated with the first user.

Abstract: Disclosed are an apparatus and a method for estimating a system state. Accordingly, it is possible to perform Resilient State Estimation (RSE) that is robust to disturbance and is autonomously restored from sensor attack/failure.

Abstract: Methods and systems are disclosed herein for authenticating a user. A security device may use an object associated with a user and a device of the user to authenticate the user, for example, if the user has forgotten a password. A user may insert the object (e.g., a card, or other object) into the security device and may select an option to authenticate via a device that is trusted by both the security device and the user, rather than authenticating by entering a password at the security device.

Abstract: A biometrics hub may establish a session with a first biometric device, receive first biometric data of a user from the first biometric device, establish a session with a second biometric device, receive second biometric data of the user from the second biometric device, and store the first biometric data and the second biometric data at the biometrics hub. The biometrics hub may further detect a power event associated with at least one of the first biometric device or the second biometric device, and change, in response to detecting the power event, a schedule for processing at least one of the first biometric data or the second biometric data.

Abstract: Auditing data containing sensitive data are stored in a data structure comprising data objects. Each data object comprises one or more pairs of a name and a value. Pairs that are flagged or identified as containing sensitive data are partially encrypted; the value is encrypted using an asymmetric key and the name corresponding to the encrypted value remains unencrypted. Some pairs that are not flagged or identified as containing sensitive data are left unencrypted. Unencrypted data may be stored in the partially encrypted auditing data as plain text. The auditing data may be analyzed to generate business metrics and identify application errors. The auditing data may also be queried, and data objects containing unencrypted pairs and/or partially encrypted pairs may be returned based on matching unencrypted names and/or values to the data query.

Abstract: A gate open/close control device (face authentication machine) includes a face image acquirer (camera) that captures a user before passing through a gate device (external device) and acquires a face image for authentication of the user; a transmitter (communicator) that transmits a processing request for face authentication to the face collation server based on the face image for authentication; a receiver (communicator) that receives the authentication result returned from the face collation server; and a controller that reflects the authentication result on an open/close control signal of the gate device.

Abstract: Case management systems and techniques are disclosed. In various embodiments, a hierarchical document permission model is received, the model describing a document hierarchy comprising a plurality of hierarchically related document nodes and defining for each of at least a subset of said document nodes one or more document roles and for each such role one or more document permissions with respect to that document node. The hierarchical document permission model is used to determine and enforce permissions with respect to case management instances to which the hierarchical document permission model applies.

Abstract: Methods and systems of data de-tokenization are described herein to provide solutions to utilizing tokenized data files. A de-tokenization service controller may extract instances of tokenized data by determining a schema associated with a tokenized file, wherein the schema identifies which fields contain tokenized data. A decryption system may decrypt the tokens and send decrypted sensitive values to the de-tokenization service controller. The de-tokenization service controller may then generate a de-tokenized data file comprising a plurality of records corresponding to the plurality of original tokenized records, using the decrypted sensitive values in place of the instances of tokenized data. In some embodiments, the methods may further comprise generating a validated file by adding one or more fields indicating the results of validation based on a set of validation rules.

Abstract: A method at a first domain for obtaining at least one insight from a second domain, the method including registering an application with an anchor in the first domain; providing, from the anchor to the application, a first message signed by the anchor; sending, from the first domain to a network domain, the signed message; receiving, from the network domain, at least one signed token, each of the at least one signed token being for a synthetic sensor on the second domain, where the synthetic sensor provides an insight; sending a request message to the second domain, the request message requesting the insight and including the at least one token; and receiving the insight from a synthetic sensor associated with the at least one token.

Abstract: A system protects personally identifiable information (PII) by implementing an unconventional key management scheme. In this scheme, the system uses a set of keys rather than an individual key for encrypting PII. Different portions of the PII are encrypted using different keys from the set of keys. In this manner, even if a malicious user were to access a key, that key would not give the malicious user the ability to decrypt all of the PII. Additionally, the system generates a new set of keys periodically (e.g., once a month). The system also deletes sets of keys that are too old (e.g., six months old). As a result, even if a malicious user were to access a key, the usefulness of that key would be time limited.

Abstract: Systems and methods are provided for persistent login. Such persistent login may be based on linking user identity across accounts of different entities to allow each entity to maintain control over their respective sets of user data, while providing a streamlined user experience that avoids much of the repetitive need to login to different services with different login credentials (e.g., during periods of heavy use). Such persistent login may utilize a set of tokens issued and exchanged between devices of the partnering entities. Such tokens may include an access token, refresh token, and identity token. When a user associated with a first entity requests access to information secured by a second entity, such request may be associated with the access token. If the access token is determined to be expired, the refresh token may be used to refresh the access token, which may also trigger issuance of a new refresh token.

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

Abstract: A method by a management node for managing a device operable to join a network includes receiving from the device a request to join the network, the request including a device specific parameter and a token, and generating an authentication parameter from the device specific parameters and the token. The method further includes authorising the device to join the network if the authentication parameter fulfils a validity criterion. Generating an authentication parameter from the device specific parameters and the token includes generating an input including the device specific parameters and the token, computing a cryptographic function of the generated input, and setting an output of the cryptographic function as the authentication parameter. Also disclosed are a method for operating a device, a management node, a device and a computer program.