Abstract: An automated teller machine comprising a sensor, a network interface, and a processor configured to receive, during a transaction at the automated teller machine, user data from the sensor configured to monitor user movement information during the transaction, receive, via the network interface, user data from a mobile device, determine a risk of a fraudulent transaction based on a comparison of the user movement information from the sensor and the user data from the mobile device to expected parameters, determine that the risk of a fraudulent transaction is below a threshold, and allow access to a secure resource at the automated teller machine.

Abstract: A resource server system granting to users access to a resource based on the very fact that the users' computing systems can demonstrate that they heard an audio signal. Specifically, the resource server system detects receipt of a message from a client computing system, and interprets the message as representing that the client computing system heard an audio signal. In response, the resource server system grants a user of the client computing system access to the resource. This may be performed for multiple client computing systems that each demonstrate that they heard the audio signal. Thus, the principles described herein allow for the granting of access to resources to other computing systems within the audible proximity of a computing system that transmitted the audio signal.

Abstract: The innovation disclosed and claimed herein, in one aspect thereof, comprises systems and methods of authenticating customers and service agents. The innovation receives a connection request to connect a customer and a service agent. The customer is authenticated for the service agent by matching biometric data of the customer to previously stored biometric data using a biometric recognition algorithm. The service agent is authenticated for the customer by matching a unique identifier to a previously stored unique identifier. A confirmation notification is generated and sent to the service agent and the customer to confirm the authentications. A connection is established between the customer and the service agent according to the authentications and the connection request.

Abstract: Implementations of the present disclosure relate to method and device for managing a storage system. The method comprises in response to receiving a write request at a storage system, determining whether storage units allocated to a logic storage unit of the storage system are sufficient for data associated with the write request. The method also comprises in response to determining that the allocated storage units are insufficient, allocating a new storage unit to the logic storage unit. The method further comprises updating metadata associated with allocation of the storage units of the storage system, the metadata indicating a mapping between the logic storage unit and the storage units. The method also comprises encrypting the updated metadata. Other implementations of the present disclosure also involve corresponding method, device and computer-readable medium for decryption metadata and recovering the logic storage unit using the decrypted metadata.

Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

Abstract: Network access is provided to a networking device. In one approach, a method includes: obtaining, by a gateway, access rules for a networking device; providing, by the gateway, one or more dedicated networking tunnels between the gateway and respective remote gateways to one or more respective network segments, wherein the networking device is authorized to access the one or more network segments by the access rules; and routing, by the gateway, networking packets from the networking device based on source address information in the networking packets to the one or more dedicated networking tunnels, and based on destination address information in the networking packets, routing the networking packets to a selection of the one or more dedicated networking tunnels.

Abstract: At least one aspect of the present disclosure is directed to a system for verifying the identity of a user of a nicotine dispenser. The system can include a nicotine dispenser configured to remain locked until the receipt of a signal, and a personal communication device configured to communicate with the nicotine dispenser via a wireless communication link. The personal communication device can execute an application configured to scan identification data of the user, verify the identification data of the user, and communicate the identification signal to the user. Another aspect of the present disclosure is directed to a system for monitoring and controlling use of a nicotine dispenser. The system can include a nicotine dispenser, a processor, and a nicotine-containing unit. The processor can be configured to monitor use of the nicotine dispenser, determine an amount of nicotine dispensed is greater than a threshold, and lock the nicotine dispenser.

Abstract: A virtual delivery appliance may communicate with a client device over a network to provide the client device with a virtualized session for a user. A processor may be configured to communicate with the client device over the network to perform a registration operation with a relying party. An application within the virtualized session may perform an authentication operation with the relying party to access a resource. The processor may be configured to forward an authentication challenge message to the client device in response to the application receiving the authentication challenge message from the relying party for the user to access the resource, and receive an authentication answer message in response to the authentication challenge message from the client device.

Abstract: A method is disclosed and includes receiving, by a first communication device, a first local authentication model, the first local authentication model being derived from a master authentication model at a remote server computer, and receiving a request to perform an interaction with a second communication device, the interaction being performed in an offline manner. The method may further include applying, by the first communication device, the first local authentication model to the interaction to determine a first authentication result and determining whether or not to allow the interaction to proceed based upon the first authentication result. The method may also include updating the first local authentication model using the master authentication model when the first communication device is online.

Abstract: A method is disclosed. The method includes receiving, at a computing system, from a user, a request for an access code and one or more constraints on a use of the access code, and identifying a portable device to be associated with the access code. The method also includes obtaining, using the portable device, authorization for one or more potential interactions using the access code. Upon obtaining authorization for the one or more interactions, the method includes generating the access code, which includes an identifier that causes an access request that includes the access code be routed to the computing system. The method also includes receiving, from an access device, an access request comprising the access code in an interaction. Upon determining that the interaction complies with the one or more transaction constraints, the computing system provides an indication to the access device that the interaction is authorized.

Abstract: Methods, apparatus, and processor-readable storage media for automated delivery of cloud native application updates using one or more user-connection gateways are provided herein.

Abstract: A request to modify a set of permissions (e.g., delete the permissions, replace the set of permissions with a different set of permissions) is received at a computing device. A set of services are prevented from using the set of permissions to access resources. The set of permissions are changed while the set of services are prevented from using the set of permissions to access resources.

Abstract: Systems and methods for enhanced mobile device authentication are disclosed. Systems and methods for enhanced mobile authentication are disclosed. In one embodiment, method for electronic device authentication may include (1) a server comprising at least one computer processor communicating a one-time passcode to an electronic device over a first communication channel; (2) the server receiving, from the electronic device over a second communication channel the one-time passcode encrypted with a private key associated with the electronic device; (3) the server decrypting the one-time passcode using a public key; (4) the server validating the one-time passcode; (5) the server generating a device identifier for the electronic device; and (6) the server persisting an association between the device identifier and the electronic device.

Abstract: A security system for a network may be configured to detect one or more failed authentication attempts to access the network by at least one user device and determine the number of the failed authentication attempts. The system may determine a first risk score based on the number of failed authentication attempts and determine whether the first risk score is greater than or equal to a first risk score threshold and generate a first notification indicating that the user device is attempting to gain unauthorized access onto the network. The system may transmit the first notification to an administrator of the network, determine the user device is successfully authenticated to access the network after the number of failed authentication attempts has been detected, and apply a first set of network activity restrictions to the user device.

Abstract: In an example, there is disclosed a computing apparatus having: a network interface to communicate with a second device; a contextual data interface to receive and store contextual data; and one or more logic elements comprising a contextual security agent, operable to: receive a contextual data packet via the network interface; compare the contextual data packet to stored contextual data; and act on the comparing. The contextual data packet may optionally be provided out of band, and may be used to authenticate a substantive data packet, such as a patch or update.

Abstract: Methods, computer-readable media, software, and apparatuses may retrieve, from an industry standard setting scoring system and for a vulnerability, a temporal score based on a pre-revision version of a scoring system, and predict, based on a machine learning model and based on the temporal score for the vulnerability, an updated temporal score based on a post-revision version of the scoring system. A mitigating factor score, indicative of a mitigation applied to the vulnerability by an enterprise organization, may be determined. A risk score may be generated for each vulnerability, as a composite of the updated temporal score and the mitigating factor score. The risk scores for vulnerabilities in a collection of vulnerabilities may be aggregated to determine an enterprise risk score for the enterprise organization. In some instances, the enterprise risk score may be displayed via a graphical user interface.

Abstract: A method for accessing a data source is described. A communication for the data source is received from a proxy at a sidecar. The proxy mirrors the communication so that the communication is provided to the data source and the sidecar. The sidecar includes a dispatcher and service(s). The dispatcher receives the communication, is data agnostic, and provides the communication to the data source and service(s). The service(s) inspect the communication. In some embodiments, the dispatcher is an open systems interconnection (OSI) Layer 4 dispatcher and the service(s) include OSI Layer 7 service(s). The service(s) perform function(s) based on the communication.

Abstract: This application provides a message processing method and system, and a user plane function UPF device. The method includes: receiving user equipment (UE) authentication information sent by a session management function (SMF) device; matching a received uplink message of the UE with the UE authentication information, and if the matching succeeds, sending the uplink message that includes the UE authentication information to a first application (APP); and performing authentication by the first APP on the UE according to the UE authentication information. In the foregoing process, authentication on the UE does not need to be performed by a remote APP. This simplifies the authentication process, reduces network resource overhead, speeds up authentication on UEs, reduces the latency of UE authentication, and further increases the application switching speed.

Abstract: Systems and methods relating to alerting users as to user information to be exchanged during transactions. A user information system (UIS) information circuit and an associated user information database populates an account with user information received from at least one of the user and a plurality of entities. A user information request relating to a transaction is received from an entity computing system associated with an entity over a network via a network interface circuit. A security circuit sends an alert comprising an approval request containing an identification of user information requested in the user information request to a user computing device associated with the user over the network. The security circuit receives an approval of the approval request from the user computing device, and the UIS information circuit provides the approved information to the entity to complete the transaction.

Abstract: A device is described that includes a first microprocessor configured for interfacing with a digital access control backend, and a second microprocessor configured for dedicated communications with an access control manager device backend. The first microprocessor is a master device that controls the operation of the second microprocessor as a secondary device. The proposed device is configured for operation of the first microprocessor and the second microprocessor at low clock speeds and to maintain a hash segregation between locally received data sets and data sets transmitted to an external authentication system.