Abstract: Methods, apparatus, and processor-readable storage media for automated delivery of cloud native application updates using one or more user-connection gateways are provided herein.

Abstract: Disclosed is a method for cross-authenticating non-credentialed devices and trusted blockchain enabled applications using multiple communications modalities and gathering information upon request for a blockchain network.

Abstract: Systems and methods for enhanced mobile device authentication are disclosed. Systems and methods for enhanced mobile authentication are disclosed. In one embodiment, method for electronic device authentication may include (1) a server comprising at least one computer processor communicating a one-time passcode to an electronic device over a first communication channel; (2) the server receiving, from the electronic device over a second communication channel the one-time passcode encrypted with a private key associated with the electronic device; (3) the server decrypting the one-time passcode using a public key; (4) the server validating the one-time passcode; (5) the server generating a device identifier for the electronic device; and (6) the server persisting an association between the device identifier and the electronic device.

Abstract: An illustrative computing system for securely managing security information receives a request for security information. The computing system acquires the security information associated with the user and embeds the security information in a user selected image. The computing system modifies the image based on a user selected identifier to scramble the location of pixels. The computing system encrypts and transmits the image. The computing system decrypts the image at the user interface. The computing system modifies the image based on the user selected identifier to descramble the pixels. The computing system displays the image at the user interface with a plurality of images for user selection. Based on the image selected by the user, the computing system extracts security information from the image. The computing system displays the requested security information at the user interface.

Abstract: In an example, there is disclosed a computing apparatus having: a network interface to communicate with a second device; a contextual data interface to receive and store contextual data; and one or more logic elements comprising a contextual security agent, operable to: receive a contextual data packet via the network interface; compare the contextual data packet to stored contextual data; and act on the comparing. The contextual data packet may optionally be provided out of band, and may be used to authenticate a substantive data packet, such as a patch or update.

Abstract: In a subscription profile downloading method when an application in a device triggers subscription profile downloading, an operator server sends, to a subscription management server, authentication information of an application allowed to initiate subscription profile downloading; and when receiving an authentication request sent by the device, the subscription management server uses the authentication information to attempt to authenticate the application initiating subscription profile downloading in the device, and provides subscription profile downloading for the device after the authentication succeeds. The subscription management server may add the authentication information to a subscription profile downloaded last time and send the subscription profile to the device, and when the device downloads a different subscription profile next time, the device may use the authentication information in the subscription profile downloaded last time to attempt to authenticate the application.

Abstract: A security system for a network may be configured to detect one or more failed authentication attempts to access the network by at least one user device and determine the number of the failed authentication attempts. The system may determine a first risk score based on the number of failed authentication attempts and determine whether the first risk score is greater than or equal to a first risk score threshold and generate a first notification indicating that the user device is attempting to gain unauthorized access onto the network. The system may transmit the first notification to an administrator of the network, determine the user device is successfully authenticated to access the network after the number of failed authentication attempts has been detected, and apply a first set of network activity restrictions to the user device.

Abstract: A terminal device may obtain a third public key of a communication device, in a case where the third public key is obtained, send a third authentication request in which the third public key is used to the communication device, receive a third authentication response from the communication device, and send third connection information to the communication device. The third connection information may include a first identifier and a second identifier, the first identifier for identifying a first wireless network in which a first access point operates as a parent station, and the second identifier for identifying a second wireless network in which a second access point operates as a parent station.

Abstract: Disclosed are various embodiments for chaining of authorizations in an authorization framework. In one embodiment, a service receives an authorization request for access by a relying party service operated by a first entity to obtain information associated with a user account. The service determines that the authorization request requires a consent of a second entity. The service then obtains a first authorization token representing the consent of the second entity. The service generates a second authorization token based at least in part on the first authorization token. The service sends the second authorization token to the relying party service.

Abstract: Embodiments of the invention are directed to techniques that include receiving a query intended for a targeted database and determining that the query is from an unauthorized user. A response is returned to the unauthorized user generated by a model, the response being dynamically generated to fulfill the query. The model is configured to generate responses consistent with any previous responses returned to the unauthorized user.

Abstract: The disclosed systems and methods may receive a first salted password having a first password, a first user device identifier, and a first browser identifier, extract the first password, the first user device identifier, and the first browser identifier from the first salted password, and determine whether the first password, the first user device identifier, and the first browser identifier respectively match a stored first password, a stored first user device identifier, and a stored first browser identifier. The systems may grant the request to access the one or more resources for the first user device or perform other actions depending on whether the first password, the first user device identifier, and the first browser identifier respectively match the stored first password, the stored first user device identifier, and the stored first browser identifier.

Abstract: Systems, computer program products, and methods are described herein for generating responsive actions based on unauthorized access events associated with imitation networks. The present invention is configured to retrieve information associated with unauthorized access attempts associated with an imitation dataset; generate penetration test scenarios based on at least the types of unauthorized access attempts; initiate the penetration test scenarios on real datasets stored in data repositories within a network environment; determine automated network security responses to the penetration test scenarios; determine the unauthorized access attempts that were not successfully blocked and/or reported; determine actions to be executed in response to the unauthorized access attempts that were not successfully blocked and/or reported; and update the network security features with the actions.

Abstract: A method for disabling a device associated with a virtual identity may include receiving, from the device, a request to use the virtual identity, where the request that may include a passcode guess and a device identifier. The method may also include determining that the passcode guess does not authorize use of the virtual identity and incrementing a number of incorrect passcode guesses received within a time interval. The method may additionally include determining that the number of incorrect passcode guesses received within the time interval is greater than or equal to a threshold. The method may further include storing an indication that subsequent requests associated with the device identifier should not authorize use of the virtual identity.

Abstract: The subject matter of this specification can be implemented in, among other things, a method that includes storing, in a collaboration platform, a first geographic location and a first time of a first authentication request for an account at the collaboration platform responsive to successful authentication of the first authentication request. The method includes receiving a second authentication request for the account at the collaboration platform. The method includes identifying a second geographic location and a second time of the second authentication request. The method includes providing access to the account responsive to a determination that a difference in time between the first time and the second time is large enough that a user of the account is able to travel a difference in distance between the first geographic location and the second geographic location within the difference in time.

Abstract: A system and method for electronic signature validation is provided. Embodiments may include analyzing at least one government identification document, wherein analyzing includes authenticating the at least one government identification document. Embodiments may further include extracting personally identifiable information pertaining to a user from the at least one government identification document and displaying a digital copy of a document to be signed to the user. Embodiments may also include capturing an electronic signature of the document by the user and receiving personally identifiable information, wherein the personally identifiable information pertains to the user and enables the user to be uniquely identified. Embodiments may further transmitting a document signing transaction session.

Abstract: Presented herein are systems and methods for processing tokens in identity assertions for access control to resources. A server may receive, via an interface from a gateway, a request to permit a customer device to access a resource associated with the server. The request may include an identifier for the customer device and a first token used to authenticate the customer device at the gateway. The server may generate, responsive to validating the first token, a second token to be used to authorize the customer device at the server for access to the resource. The server may store, on a database, an association identifying the identifier, the first token, and the second token. The server may perform the server, an action to permit the customer device access to the resource associated with the server based on the association maintained on the database.

Abstract: A security authentication method and device are provided. The method includes performing, based on a transmitted password authentication message, password authentication with a server and acquiring a result of the password authentication; sending a request authentication message to the server in a case that the result of the password authentication is determined to indicate that the password authentication is successful; performing security authentication through digitally signing by the server all intercommunicated messages and verifying the digital signature by the client, or through encrypting a local random number and all intercommunicated messages by the client using a public key and verifying a random number returned by the server.

Abstract: An automated method executed by circuitry is provided for monitoring a software platform including multiple pods that manage, deploy, and execute micro services. The method uses monitoring pods at locations of interest in the software platform to label transactions that pass through the monitoring pods. The labels applied to the transactions are sent to a security program for review.

Abstract: In an aspect, the present disclosure provides an electronic device for OTP authentication of a present location, comprising: a power source, a processor, and a memory in a housing; a strap comprising first and second ends, and a first wire extending from the first end to the second end of the strap and forming an external loop, wherein the first wire establishes a first electrical connection between the power source and the processor; and a second electrical connection operatively connected to the processor and the memory, the processor configured to generate an OTP, only when the processor is connected to the power source by the first electrical connection without interruption once the first electrical connection is established. The OTP authentication may be time-based one-time password (TOTP) authentication, and the generated OTP may be a time-based one-time password (TOTP).

Abstract: A method including transmitting, by a network device to a security device, an initial security instruction set including a plurality of initial security instructions associated with operation of the security device; transmitting, by the network device to the security device, an event signal associated with the security device carrying out the network-facing operation; receiving, by the network device from the security device based on transmitting the event signal, a security instruction associated with the security device carrying out the network-facing operation, the security instruction being from among the plurality of initial security instructions; translating, by the network device, the security instruction into a host instruction to be executed by the network device; and transmitting, by the network device to the security device based on executing the translated host instruction, communication information to enable the security device to carry out the network-facing operation is disclosed.