Abstract: Various methods and systems are provided for autonomous orchestration of secrets renewal and distribution. A secrets management service (“SMS”) can be utilized to store, renew and distribute secrets in a distributed computing environment. The secrets are initially deployed, after which, SMS can automatically renew the secrets according to a specified rollover policy, and polling agents can fetch updates from SMS. In various embodiments, SMS can autonomously rollover client certificates for authentication of users who access a security critical service, autonomously rollover storage account keys, track delivery of updated secrets to secrets recipients, deliver secrets using a secure blob, and/or facilitate autonomous rollover using secrets staging. In some embodiments, a service is pinned to the path where the service's secrets are stored. In this manner, secrets can be automatically renewed without any manual orchestration and/or the need to redeploy services.

Abstract: A target authentication device includes an electrode to detect an electrical signal associated with a user of the device. The electrical signal represents an authentication code for the device. An authentication receiver module is coupled to the electrode. The module receives the electrical signal from the electrode and determines whether the electrical signal matches a predetermined criterion to authenticate the identity of the user based on the electrical signal. An authentication module is also disclosed. The authentication module includes one electrode to couple an electrical signal associated with a user to a user of a target authentication device, the electrical signal represents an authentication code for the device. An authentication transmission module is coupled to the electrode. The authentication transmission module transmits the electrical signal from the electrode. A method of authenticating the identity of a user of a target authentication device also is disclosed.

Abstract: Methods and systems are provided to efficiently update account profiles based on a predicted likelihood of use, including by ranking the account profiles according to the likelihood of use. The disclosed system can considerably improve the processing time to update account profiles with the most recent information available, including new access requests. An authentication platform receives a plurality of new access requests, including request data and account identifiers associated with account profiles. The request data is transmitted to a prediction engine that determines a ranking of the account identifiers based on a predicted likelihood of use during a next time interval. A profile batch scheduler retrieves a first set of access requests based on the ranking. The system updates a first set of account profiles based on the ranking, and stores the updated account profiles for use by the authentication platform.

Abstract: A method of distributed authorization of one or more client applications to one or more connected devices. The method comprises: receiving at a connected device, from a browser executing a client application, a client token and an access request.

Abstract: Systems and methods for determining whether a voice biometrics credential provides a reliable mechanism for authenticating a user are provided. The method includes receiving at least one set of voice data from the user; determining, based on the received at least one set of voice data, a value of at least one parameter that corresponds to a user-specific voice biometrics credential; obtaining at least one user-specific item of information; accessing at least one business rule that relates to the user; and determining, based on the at least one set of voice data, the at least one user-specific item of information, and the at least one business rule, whether the user-specific voice biometrics credential is usable for authenticating the user.

Abstract: A device includes two cameras, a front facing camera and a back facing camera. In response to a request to use one camera (e.g., the back facing camera) with particular functionality of an application, the application queries a system to verify whether the user is authenticated and authorized to use the camera with the particular functionality of the application. This authentication and authorization is performed based on an image of the user captured using another camera of the device (e.g., the front facing camera). Depending on whether the user is authenticated and authorized to use the camera with the particular functionality of the application, the particular functionality is performed using the camera, secondary (e.g., lesser) functionality is performed using the camera, or no functionality is performed using the camera.

Abstract: A method for performing data decryption upon data to be displayed on an augmented reality display device is provided. The method includes identifying a user of the augmented reality display device; obtaining access rights information that relates to the user; receiving a set of encrypted information; using the obtained access rights information to determine whether the user is authorized to access the encrypted information; when the user is so authorized, accessing a decryption key that is associated with the encrypted information; decrypting at least a portion of the encrypted information by using the decryption key; and displaying the decrypted portion of the encrypted information on the augmented reality display device.

Abstract: In one embodiment, a computer-implemented method of a data processing (DP) accelerator obtaining a watermark of a watermark-enable artificial intelligence (AI) model includes receiving, by the DP accelerator, input data to the DP accelerator that causes the watermark-enabled AI model to extract the watermark from the watermark-enabled AI model; and providing the watermark of the watermark-enabled AI model to the host device. The DP accelerator can receive the model from the host device. The DP accelerator can further receive a command to digitally sign the watermark and call a security unit of the DP accelerator to digitally sign the watermark.

Abstract: A wireless communication device is described that comprises: a receiver configured to receive wireless local area signals located within a closed area; and a processor configured to: process the received wireless local area signals; calculate a standard deviation, STD, of Amplitude Channel State Information, A CSI, of the received wireless local area signals and, in response thereto, generate at least one transmit wireless local area signal based on the calculated A CSI STD values. A transmitter is coupled to the processor and configured to transmit the at least one transmit wireless local area signal within the closed area to disrupt an attacker located adjacent the closed area from determining a location or movement of at least one of: a moving person, the at least one further wireless communication device within the closed area.

Abstract: Systems and methods for monetizing the reproduction of digital media content for the rights-holders of the digital media content. Embodiments of the present disclosure relate to determining whether a user of a media content item has a license to reproduce the media content item. In one embodiment, the media content item may be reproduced when the user is licensed. The user is prompted to select to acquire a license to reproduce the media content item or to decline the license to reproduce the media content item when the user is not licensed. Further embodiments determine whether a user may receive a license when the user wishes to acquire a license. In an embodiment, the user is declined a license when not approved for the license.

Abstract: Systems and methods for authenticating and/or routing a digital signal are provided. A system may include a central database configured to store a set of signature brain wave responses as part of a profile of a user. The system may include a transaction device, a sensory device, and an EEG device. When a transaction request is received from the user, the system may be configured to present the user with a sensory prompt, detect a response of the user to the first sensory prompt, compare the response to the signature response in the profile associated with the sensory prompt, and, when the response matches the signature response within a predetermined delta, authenticate and/or route the transaction request.

Abstract: An information processing apparatus includes a first verification unit configured to perform hardware verification of the hardware by using a hardware verification unit, and if the hardware verification is successful, performs a software verification of software stored in a storage unit. If both verifications are successful and a particular function is executed, a second verification unit performs software verification of a program stored in the storage unit. And, if one or both of the verifications is unsuccessful, a restriction unit restricts use of the information processing apparatus.

Abstract: Systems and techniques for an adaptive authentication system are described herein. In an example, an adaptive authentication system is adapted to receive a request at a first entity from a second entity for secure data of a user, where the second entity is remote from the first entity. The adaptive authentication system may be further adapted to transmit a prompt to a user device associated with the user for authentication of the user and authentication of the request. The adaptive authentication system may be further adapted to receive a response to the prompt and authenticate the user and the request based on the response. The adaptive authentication system may be further adapted to transmit the secure data of the user to the second entity.

Abstract: One embodiment of the present invention provides a system for facilitating storage encryption and decryption. During operation, the system receives a first request to encrypt data which is to be stored on a remote device, wherein the first request indicates the data. The system updates a key based on a dynamic key refreshment protocol. The system determines a key label for the updated key. The system encrypts the data based on the updated key, and transmits the encrypted data and the key label to the remote device, thereby facilitating secure encryption and decryption of data on the remote device.

Abstract: Generating models usable by data appliances to perform inline malware analysis is disclosed. A set of features, including a plurality of n-grams, extracted from a set of files is received. A reduced set of features is determined that includes at least some of the plurality of n-grams. The reduced set of features is used to generate a model usable by a data appliance to perform inline malware analysis.

Abstract: A system and a method of receiving object data representing one or more discriminating characteristics of a physical object or group of physical objects is described herein. The method includes: processing the object data by means of a machine-learning-based object recognition process to obtain discriminating data representing one or more collision resistant virtual representations of the physical object or group of physical objects; comparing at least one of the discriminating data and an original hash value derived therefrom by application of a pre-determined cryptographic hash function thereto with corresponding reference data stored in one or more data repositories with restricted access; and, if said comparison with the reference data results in a match, outputting digitally signed identification data comprising said hash value.

Abstract: A web of trust in a distributed system is established. A root of trust for at least two components in the distributed system validates information for the distributed system. The validated information is then used to create additional information for the distributed system. Versions of the information are usable to validate subsequent versions of the information such that validation of a version of the information can be performed by using one or more previous versions to verify that the version is a valid successor of a previously validated previous version.

Abstract: Composite biometric authentication is provided to multiple users that share a financial account. The users can enroll the account for composite biometric authentication. The enrollment can include recording multiple biometrics of each user and storing them as a composite to use in authenticating user requests to authorize transactions involving the shared financial account. A unique combination of biometrics can be generated including a biometric of the multiple biometrics of each of the users and stored such that the unique combination must be provided to authenticate a future user request. To proceed with a transaction, a user of the multiple users initiates the transaction and provides their part of the unique combination. The other users provide their part of the unique combination by providing the specific biometric of the multiple biometrics they have previously provided. The transaction proceeds when all shares of the unique combination are provided and authenticated.

Abstract: An account management system establishes an account for a user. The user enters user account information into the account and the account management system establishes a facial template for the user based on an image of the face of the user. The user requests to change user account information at a merchant POS (POS) device. The merchant POS device captures a facial image of the user and transmits the image the account management system, which generates a facial template and compares the generated facial template against the existing facial template associated with user account. If the generated facial template is less than a threshold difference from the existing facial template, the user may update user account information at the merchant POS device, which communicates the updated user account information to the account management system. The account management system associates the updated user account information with the user account.

Abstract: A path is secured from one node to another node of the computing environment. The one node obtains a first encryption key and a second encryption key. A shared key is obtained by the one node from a key server, and the shared key is used to encrypt a message. The encrypted message includes the first encryption key and the second encryption key. The encrypted message and an identifier of the shared key is sent from the one node to the other node, and a response message is received by the one node. The response message at least provides an indication that the other node received the encrypted message and obtained the shared key.