Abstract: A method for authenticating a mobile device of a user versus a third-party such that instead of a mobile phone number MSISDN of the mobile device, a Universal Unique User Identifier, U3I, assigned to the mobile device is used, in combination with a secure routing service server constructed to communicate with a third-party server and with an MNO server. The secure routing service server and the MNO server interact to translate the Universal Unique User Identifier, U3I, to the mobile phone number MSISDN so as to enable sending the token to the mobile device.

Abstract: In some implementations, an authentication system may receive, from a client device, a credential associated with a user account and a request to access a resource. The authentication system may transmit, to the client device, a request for an image of a customized physical security token associated with the user account. The authentication system may receive, from the client device, a first image. The authentication system may compare the first image with a representation of a second image of the customized physical security token associated with the user account. The authentication system may grant or denying access to the resource based on comparing the first image with the representation of the second image.

Abstract: A system and method for granting access to network resources through access credentials given to an agent process running on each computer or machine where resource requesters reside. The system extends a traditional token-granting authorization system to the agent processes, where each agent has administrative access to machine information. The agent uses that access to acquire detailed information about resource requesters. Requester qualifications defined by the system limit requester access to resources, and are enforced both by the agent and by the central system on the network resource server. Resource requesters ask for a token for resource use from the agent, not the central system. The agent uses its credentials to get a token from the central system and then return the token to qualified requesters.

Abstract: Provided is a door lock. The door lock includes a door lock body installed on a door and having an opening/closing device; a memory to store a door lock identifier including a door recognition code and a door lock ID corresponding to the door recognition code; an antenna to sequentially receive a first RF signal and a second RF signal from a reader; and a control unit configured to transmit the door recognition code to the reader and configured to determine whether the door lock ID provided from the door lock management server through the reader matches the previously assigned door lock ID of the door lock identifier to control the opening/closing device.

Abstract: A target device is associated with a source device. A system includes a target device that enters an association mode, obtains an identification code, and broadcasts the identification code. A source device receives the broadcast, obtains authorization to associate with the target device, and provides a message to an association server. The association server receives the message and associates the target device and the source device in response thereto.

Abstract: A method for remotely bonding a companion device to an implanted medical device to achieve long-term encrypted and authenticated communication channel, that is resilient to companion device failure or compromise and hence mitigates the risk or need for unplanned, revision surgery and/or premature device explanation. Through use of a shared cryptographic key between the two systems, the companion device may request an encrypted challenge number from the implant. Completing the challenge via transmitting an encrypted validation number permits the implanted medical device to bond and perform a new long-term key exchange. The shared cryptographic key can be changed as well, in event of compromise or other adverse event, using a described device firmware update procedure.

Abstract: An authorization entity in a communication system comprising a service-based architecture receives a request from a service consumer in the communication system for access to a given service type. The authorization entity obtains an access token that identifies a plurality of service producers for the given service type and sends the access token to the service consumer.

Abstract: A network-connected device service receives a request to authenticate a network-connected device. The network-connected device service determines, from a digital certificate identified in the request, a set of parameters of the digital certificate. The network-connected device service utilizes the set of parameters to identify, from a set of digital certificate clusters, a digital certificate cluster associated with the set of parameters. Through an audit of the digital certificate clusters, the network-connected device service determines whether the digital certificate cluster is indicative of the digital certificate being anomalous.

Abstract: An attack estimation device includes a storage unit configured to hold an attack tree, an abstract attack tree, and log check management information, and a prediction unit configured to predict, when a detection alert is received, a range of compromise from the attack by referring to the information in the storage unit. The prediction unit is configured to: determine that an attack of an unknown pattern has occurred as the attack when indicators of compromise that correspond to the attack are not successfully identified; identify an abstract attack name by referring to the abstract attack tree; and predict a range of compromise from the attack of an unknown pattern by identifying a device in which indicators of the attack of an unknown pattern are likely to be left, and by identifying a specific place in the log of the identified device, by referring to the log check management information.

Abstract: Systems and methods for verifying an identity of a user. A method includes generating a tokenized biometric sample by tokenizing a biometric sample associated with the user by a computing system. The method further includes generating a digitally-signed tokenized biometric sample by digitally signing the tokenized biometric sample with a private key associated with the user by the computing system. The method further includes, responsive to a biometric reference template matching a signing party biometric sample associated with a signing party and a record, determining that the user matches the signing party by the computing system. The biometric reference template is based on biometric data extracted from the biometric sample. Authenticity and data integrity of the record is determined based on each of the record, the tokenized biometric sample, and a public key of a public/private key pair comprising the private key.

Abstract: A service providing system, a login setting method, and an information processing system. The service providing system includes an information processing system that stores a set value indicating whether a login is valid for each of the authentication methods, and transmits the set value for each of the authentication methods to the electronic device in response to a request from the electronic device, and the electronic device receives the set value for each of the authentication methods from the information processing system and changes a set value stored in the electronic device according to the set value of at least one of the authentication methods received from the information processing system.

Abstract: A processing device initializes a memory device in an unauthenticated state in which the memory device is unable to execute one or more restricted commands. The processing device accesses a security capsule that is digitally signed using a private key. The processing device transitions the memory device to an authenticated state based on verifying that the security capsule is validly signed. The processing device uses a public key corresponding to the private key to verify the security capsule is validly signed. While in the authenticated state, the memory device is able to execute the one or more restricted commands.

Abstract: Techniques are disclosed for mitigating network-based attacks, brute-force attacks, enumeration account takeover type attacks, and generally attacks that might result in unauthorized access to user accounts, denial-of-service, loss of functionality to users, etc. Authenticating a user at an end-point of a network may occur using an activator. In some instances, an authentication module (e.g. on a server) receives and validates a key activator. If the key activator is valid, the authentication module is activated. After the authentication module is activated, the authentication module may receive and authenticate a security credential, such as a password, that is associated with the user. If the authentication module receives the security credential without being activated, the authentication module may not authenticate the security credential, even if the security credential is a valid credential.

Abstract: Secure peer-to-peer connection network and/or protocols for a group-based communication system, in which, a peer-to-peer connection request associated with a first identifier for a first client device and a second identifier for a second client device are received. The first identifier and the second identifier are compared to a group-based communication system validation registry associated with the group-based communication system and, based at least in part on a determination that the peer-to-peer connection request is authorized per the group-based communication system validation registry, a peer-to-peer connection between the second client device and the first client device is established.

Abstract: Methods and systems for resetting a digital credential within a digital credential based authentication system. The method includes logging a first administrative user into the digital credential system, receiving, from the first administrative user, a first portion of authentication credentials for a first customer, validating, by the first administrative user using the digital credential system, the first portion, logging a second administrative user into the digital credential system, receiving, from the second administrative user, a second portion of authentication credentials for the first customer, receiving the second portion by the second administrative user, validating, by the second administrative user using the digital credential system, the second portion; and resetting the authentication credentials based on the validation of the first portion and second portion.

Abstract: In the provided platform framework, participants issue requests for registration as members of namespaces supported by the platform framework, where the namespace is a capability of an IHS (Information Handling System) that will be provided by the participant using hardware of the IHS. The platform framework generates an entry in a manifest in response to a participant's registration, wherein the manifest entry identifies a participant as registered within a particular namespace. The platform framework receives, from an operating system application of the IHS, a request for participants registered within one or more namespaces. The platform framework provides the requesting operating system application with an identity of one or more participants that are registered within the first namespace. The requesting operating system application may then choose from registered participants that provide access to platform framework resources that are available for use within a particular namespace.

Abstract: A computerized-method for enabling a mode of interaction to support specially-abled needs of agents, via a web-app, in a contact-center. The computerized-method is operating an Application Programming Interface (API) client. The API-client includes receiving credentials from a user, upon login of the user to the web-app and then communicating with an authentication-server for an authentication-service and forwarding the credentials thereto. After successful completion, forwarding the credentials to an authorization-service that is retrieving a preassigned disability role-ID, according to the credentials and transmitting a preassigned disability role-ID in an access-token.

Abstract: An example embodiment of the present techniques determines, in response to a byte-serving request to download a portion of a resource, that the resource has previously been determined to comprise malware. Further, the byte-serving request is modified to request downloading all the resource. Additionally, all the resource is requested for downloading using the modified byte-serving request.

Abstract: The invention relates, in general, to the field of computer engineering and, in particular, to arranging and storing information in the form of interlinked transactions in a distributed computer framework. The technology for linking transactions is provided. Transactions include information on public keys, as well as credentials of owners of these public keys. Public keys which belong to one owner are linked into a logical chain at the level of transactions. Each transaction contains information on one public key. Transactions are signed by a digital signature. Transactions are preliminarily placed into a specialized pool, then they are retrieved from the pool, verified, and, upon successful verification, data form the transactions is placed into a public ledger (blockchain). The verification comprises verifying the digital signature and confirming linkability or, in other words, confirming that a transaction belongs to a particular chain.

Abstract: In one aspect, a computer system for vehicle configuration verification, and/or detecting unauthorized vehicle modification may be provided. In some exemplary embodiments, the computer system may include a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (1) receiving a vehicle image, including a vehicle identifier and at least one software module; (2) calculating a configuration hash value of the at least one software module; generating a first data block including the configuration hash value, a first index value, the vehicle identifier, and a digital signature; (3) storing the first data block in a memory; and/or (4) transmitting the first data block to any number of network participants using a distributed network to facilitate vehicle software configuration verification.